U radu programskog paketa xmms (X MultiMedia System) otklonjeno je nekoliko propusta koji mogu dovesti do izvršavanja proizvoljnog programskog koda.
Paket:
xmms 1.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
6.5
Problem:
cjelobrojno prepisivanje, korupcija memorije
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2007-0653
Izvorni ID preporuke:
FEDORA-2011-9413
Izvor:
Fedora
Problem:
Propusti se javljaju zbog pojave cjelobrojnog prepisivanja prilikom obrade ulaznih podataka.
Posljedica:
Napadači mogu iskoristiti propust za pokretanje proizvoljnog programskog koda putem zlonamjerno oblikovanih ulaznih podataka što dovodi do korupcije memorije.
Rješenje:
Kako ne bi došlo do spomenutih posljedica, korisnicima se preporuča dostupna nadogradnja.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9413
2011-07-16 06:48:14
--------------------------------------------------------------------------------
Name : xmms
Product : Fedora 15
Version : 1.2.11
Release : 15.20071117cvs.fc15
URL : http://legacy.xmms2.org/
Summary : The X MultiMedia System, a media player
Description :
XMMS is a multimedia (Ogg Vorbis, CDs) player for the X Window System
with an interface similar to Winamp's. XMMS supports playlists and
streaming content and has a configurable interface.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2007-0653 (better late than never, huh?)
fix alsa output plugin loop
fix desktop file
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 15 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-15.20071117cvs
- fix alsa plugin loop code to, well, stop looping when the track is done
- fix desktop file to enqueue and play files
- add patch from Ubuntu for CVE-2007-0653
* Thu Jul 14 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-14.20071117cvs
- fix url (bz 672011)
* Thu Jul 14 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-13.20071117cvs
- minor spec cleanup and rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #434692 - Xmms doesn't immediately play music file, when I double
click on it
https://bugzilla.redhat.com/show_bug.cgi?id=434692
[ 2 ] Bug #459206 - menu item symlink breakage (XMMS)
https://bugzilla.redhat.com/show_bug.cgi?id=459206
[ 3 ] Bug #701036 - XMMS does not go to the next item in the playlist when
using ALSA output plugin
https://bugzilla.redhat.com/show_bug.cgi?id=701036
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xmms' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9421
2011-07-16 06:48:31
--------------------------------------------------------------------------------
Name : xmms
Product : Fedora 14
Version : 1.2.11
Release : 15.20071117cvs.fc14
URL : http://legacy.xmms2.org/
Summary : The X MultiMedia System, a media player
Description :
XMMS is a multimedia (Ogg Vorbis, CDs) player for the X Window System
with an interface similar to Winamp's. XMMS supports playlists and
streaming content and has a configurable interface.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2007-0653 (better late than never, huh?)
fix alsa output plugin loop
fix desktop file
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 15 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-15.20071117cvs
- fix alsa plugin loop code to, well, stop looping when the track is done
- fix desktop file to enqueue and play files
- add patch from Ubuntu for CVE-2007-0653
* Thu Jul 14 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-14.20071117cvs
- fix url (bz 672011)
* Thu Jul 14 2011 Tom Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:1.2.11-13.20071117cvs
- minor spec cleanup and rebuild
* Mon Feb 7 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1:1.2.11-12.20071117cvs
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #434692 - Xmms doesn't immediately play music file, when I double
click on it
https://bugzilla.redhat.com/show_bug.cgi?id=434692
[ 2 ] Bug #459206 - menu item symlink breakage (XMMS)
https://bugzilla.redhat.com/show_bug.cgi?id=459206
[ 3 ] Bug #701036 - XMMS does not go to the next item in the playlist when
using ALSA output plugin
https://bugzilla.redhat.com/show_bug.cgi?id=701036
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xmms' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke