Sigurnosni propust programskog okruženja Erlang

U programskom okruženju Erlang uočena je ranjivost koja udaljenom napadaču olakšava otkrivanje SSH sjedničkih ključeva te računala na kojem se izvršava algoritam DSA.

Paket:
Operacijski sustavi:	Fedora 14, Fedora 15
Kritičnost:	6.8
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	otkrivanje osjetljivih informacija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-0766
Izvorni ID preporuke:	FEDORA-2011-9598
Izvor:	Fedora

Problem:
Sigurnosni nedostatak vezan je uz generator slučajnih brojeva u komponenti "Crypto" koji koristi predvidive početne ulazne parametre temeljene na trenutnom vremenu.
Posljedica:
Otkrivena ranjivost udaljenom napadaču olakšava otkrivanje SSH (eng. Secure Shell) sjedničkih ključeva te računala na kojem se izvršava algoritam DSA (eng. Digital Signature Algorithm).
Rješenje:
Korisnicima se preporučuje nadogradnja na najnoviju inačicu programskog okruženja.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9598
2011-07-23 01:32:11
--------------------------------------------------------------------------------

Name        : erlang
Product     : Fedora 15
Version     : R14B
Release     : 03.2.fc15
URL         : http://www.erlang.org
Summary     : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

- Ver. R14B03
- New module - diameter
- Several new examples directories
- Fixed building on F-15


--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 21 2011 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-03.2
- Fixed building on F-15
* Wed Jul 20 2011 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-03.1
- Ver. R14B03
- New module - diameter
- Several new examples directories
* Fri Apr  1 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-02.2
- Work around fop-1.0-14.fc16 bug (#689930) by using prebuilt docs for
f16/rawhide
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #718085 - Erlang WX Driver failed to start due to C++ type
mismatch.
        https://bugzilla.redhat.com/show_bug.cgi?id=718085
  [ 2 ] Bug #709024 - CVE-2011-0766 erlang: SSH library uses a weak random
number generator [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=709024
  [ 3 ] Bug #707904 - erlang-14B03 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=707904
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update erlang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9657
2011-07-23 01:34:45
--------------------------------------------------------------------------------

Name        : erlang
Product     : Fedora 14
Version     : R14B
Release     : 03.1.fc14
URL         : http://www.erlang.org
Summary     : General-purpose programming language and runtime environment
Description :
Erlang is a general-purpose programming language and runtime
environment. Erlang has built-in support for concurrency, distribution
and fault tolerance. Erlang is used in several large telecommunication
systems from Ericsson.

--------------------------------------------------------------------------------
Update Information:

- Ver. R14B03
- New module - diameter
- Several new examples directories
- Fixed building on F-15


--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 20 2011 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-03.1
- Ver. R14B03
- New module - diameter
- Several new examples directories
* Fri Apr  1 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-02.2
- Work around fop-1.0-14.fc16 bug (#689930) by using prebuilt docs for
f16/rawhide
* Mon Mar 21 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-02.1
- snmp-4.19 (R14B02) ships lib/snmp/bin/snmpc
- inets-5.5.2 puts *.hrl in include/
- install/symlink *.jar into %{_javadir} (#679031)
- Update to upstream maintenance release R14B02
* Sat Feb 12 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-01.5
- erlang-doc does not really require erlang base package (#629723)
- Add %{?_isa} for all explicit "Requires:"
* Tue Feb  8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- R14B-01.4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 31 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-01.4
- Adapt %files: Add wxSystemSettings.3 man page
- Adapt %files for change from run_test to ct_run
- Remove rpaths from lib/ssl-*/bin/esock_ssl
- Update erlang.spec and otp-00*.patch without numbers
- otp-get-patches.sh: Remove patch numbering
* Sun Jan 30 2011 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-01.3
- Add "buffer overflow during build" fix (#663260)
* Wed Dec 15 2010 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-01.2
- Update to rebased patches
* Mon Dec 13 2010 Hans Ulrich Niedermann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-01.1
- Update to upstream release R14B01 (the patches still need work)
* Thu Nov 18 2010 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-0.5
- Fixed building on EL-6
* Mon Nov 15 2010 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-0.4
- No more dependent on erlang-rpm-macros sub-package
* Thu Nov 11 2010 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-0.3
- Remove pre-built stuff
* Fri Nov  5 2010 Peter Lemenkov <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - R14B-0.2
- Fixed doc-files and man-pages instalation for EL-5
- Temporarily (I hope) disabled emacs-related stuff in EL-5
- Disable erlang-rpm-macros subpackage for EL-5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #718085 - Erlang WX Driver failed to start due to C++ type
mismatch.
        https://bugzilla.redhat.com/show_bug.cgi?id=718085
  [ 2 ] Bug #709024 - CVE-2011-0766 erlang: SSH library uses a weak random
number generator [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=709024
  [ 3 ] Bug #707904 - erlang-14B03 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=707904
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update erlang' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Sigurnosni propust programskog okruženja Erlang

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust programskog okruženja Erlang

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti