U radu programskog paketa WeeChat, distribuiranog s operacijskim sustavima Fedora 14 i 15, otkriven je novi propust koji dovodi do izvođenja MITM (eng. Man-In-The-Middle) napada.
Paket:
weechat 0.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
4.2
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1428
Izvorni ID preporuke:
FEDORA-2011-7843
Izvor:
Fedora
Problem:
Do problema dolazi zbog nepravilne provjere X.509 certifikata.
Posljedica:
MITM (eng. Man-In-The-Middle) napadači mogu iskoristiti propust za ometanje rada SSL poslužitelja putem proizvoljnih certifikata.
Rješenje:
Kako do spomenutih problema ne bi došlo, svi se korisnici ranjivog paketa upućuju na primjenu nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7843
2011-06-03 05:03:35
--------------------------------------------------------------------------------
Name : weechat
Product : Fedora 15
Version : 0.3.5
Release : 1.fc15
URL : http://weechat.org
Summary : Portable, fast, light and extensible IRC client
Description :
WeeChat (Wee Enhanced Environment for Chat) is a portable, fast, light and
extensible IRC client. Everything can be done with a keyboard.
It is customizable and extensible with scripts.
--------------------------------------------------------------------------------
Update Information:
Update to most recent + spell->aspell rename.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Paul P. Komkoff Jr <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.3.5-1
- new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #688751 - CVE-2011-1428 weechat: improper verification of X.509
certificates can lead to MITM attacks
https://bugzilla.redhat.com/show_bug.cgi?id=688751
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update weechat' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-7839
2011-06-03 05:03:26
--------------------------------------------------------------------------------
Name : weechat
Product : Fedora 14
Version : 0.3.5
Release : 1.fc14
URL : http://weechat.org
Summary : Portable, fast, light and extensible IRC client
Description :
WeeChat (Wee Enhanced Environment for Chat) is a portable, fast, light and
extensible IRC client. Everything can be done with a keyboard.
It is customizable and extensible with scripts.
--------------------------------------------------------------------------------
Update Information:
Update to most recent + spell->aspell rename.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Paul P. Komkoff Jr <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.3.5-1
- new upstream version
* Mon Feb 7 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 0.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Oct 14 2010 Jesse Keating <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.3.3-2.1
- Rebuild for gcc bug 634757
* Sat Aug 28 2010 Paul P. Komkoff Jr <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.3.3-2
- fixed cmake config to accept python27
* Wed Aug 25 2010 Paul P. Komkoff Jr <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.3.3-1
- new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #688751 - CVE-2011-1428 weechat: improper verification of X.509
certificates can lead to MITM attacks
https://bugzilla.redhat.com/show_bug.cgi?id=688751
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update weechat' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke