Otkrivena je i ispravljena ranjivost programske biblioteke xml-security-c, koja udaljenim napadačima omogućuje pokretanje napada uskraćivanja usluga.
Paket:
xml-security-c 1.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
6.8
Problem:
preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2516
Izvorni ID preporuke:
FEDORA-2011-9494
Izvor:
Fedora
Problem:
Uočena ranjivost posljedica je preljeva međuspremnika prilikom stvaranja i/ili provjeravanja XML digitalnog potpisa u kojem se koriste RSA (eng. Rivest, Shamir and Adleman) ključevi veličine veće od 8192 okteta.
Posljedica:
Udaljeni napadač otkriveni propust može iskoristiti za pokretanje napada uskraćivanja usluga.
Rješenje:
Svim korisnicima preporučuje se korištenje nove inačice programske biblioteke.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9494
2011-07-18 21:57:59
--------------------------------------------------------------------------------
Name : xml-security-c
Product : Fedora 15
Version : 1.5.1
Release : 5.fc15
URL : http://santuario.apache.org/c/
Summary : C++ Implementation of W3C security standards for XML
Description :
The xml-security-c library is a C++ implementation of the XML Digital
Signature
specification. The library makes use of the Apache XML project's Xerces-C XML
Parser and Xalan-C XSLT processor. The latter is used for processing XPath and
XSLT transforms.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2011-2516: Apache Santuario XML Security for C++
contains buffer overflows signing or verifying with large keys.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 8 2011 Antti Andreimann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.5.1-5
- Backported a patch to fix CVE-2011-2516 (#719698)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #719698 - CVE-2011-2516 xml-security-c: Stack-based buffer
overflows when creating or verifying XML Signatures with RSA keys of sizes >=
8192 bits
https://bugzilla.redhat.com/show_bug.cgi?id=719698
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xml-security-c' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-9501
2011-07-18 21:58:32
--------------------------------------------------------------------------------
Name : xml-security-c
Product : Fedora 14
Version : 1.5.1
Release : 4.fc14
URL : http://santuario.apache.org/c/
Summary : C++ Implementation of W3C security standards for XML
Description :
The xml-security-c library is a C++ implementation of the XML Digital
Signature
specification. The library makes use of the Apache XML project's Xerces-C XML
Parser and Xalan-C XSLT processor. The latter is used for processing XPath and
XSLT transforms.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2011-2516: Apache Santuario XML Security for C++
contains buffer overflows signing or verifying with large keys.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 8 2011 Antti Andreimann <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.5.1-4
- Backported a patch to fix CVE-2011-2516 (#719698)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #719698 - CVE-2011-2516 xml-security-c: Stack-based buffer
overflows when creating or verifying XML Signatures with RSA keys of sizes >=
8192 bits
https://bugzilla.redhat.com/show_bug.cgi?id=719698
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update xml-security-c' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke