Propust u radu paketa VIPS

U radu programskog paketa VIPS, za operacijske sustave Fedora 14 i 15, uočen je sigurnosni propust. Zlonamjerni, lokalni korisnik ga može iskoristiti za dobivanje većih ovlasti.

Paket:	vips 7.x
Operacijski sustavi:	Fedora 14, Fedora 15
Kritičnost:	6
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	lokalno
Posljedica:	dobivanje većih privilegija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2010-3364
Izvorni ID preporuke:	FEDORA-2011-10781
Izvor:	Fedora

Problem:
Propust je uzrokovan nepravilnošću u skripti "vips-7.22" tj. zbog nepravilnosti prilikom učitavanja određenih biblioteka.
Posljedica:
Napadaču nedostatak omogućuje stjecanje većih ovlasti.
Rješenje:
Svim se korisnicima ranjivog paketa savjetuje instalacija nadogradnje.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10781
2011-08-13 01:57:39
--------------------------------------------------------------------------------

Name        : vips
Product     : Fedora 14
Version     : 7.24.7
Release     : 2.fc14
URL         : http://www.vips.ecs.soton.ac.uk/
Summary     : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

7.24 series.

Run-time code generation 
Open via disc mode 
Workspace as Graph mode for nip2 
FITS image format 
VIPS rewrite 
Better nibs in paintbox 
Better TIFF and JPEG load 

--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 12 2011 Adam Goode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.24.7-2
- Clean up Requires and BuildRequires
* Wed Aug 10 2011 Adam Goode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.24.7-1
- New upstream release
* Mon Feb 14 2011 Adam Goode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.24.2-1
- New upstream release
   * Run-time code generation, for 4x speedup in some operations
   * Open via disc mode, saving memory
   * FITS supported
   * Improved TIFF and JPEG load
* Mon Feb  7 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 7.22.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645471 - CVE-2010-3364 vips: insecure library loading
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=645471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update vips' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10808
2011-08-13 01:58:41
--------------------------------------------------------------------------------

Name        : vips
Product     : Fedora 15
Version     : 7.24.7
Release     : 2.fc15
URL         : http://www.vips.ecs.soton.ac.uk/
Summary     : C/C++ library for processing large images
Description :
VIPS is an image processing library. It is good for very large images
(even larger than the amount of RAM in your machine), and for working
with color.

This package should be installed if you want to use a program compiled
against VIPS.

--------------------------------------------------------------------------------
Update Information:

7.24 series.

Run-time code generation 
Open via disc mode 
Workspace as Graph mode for nip2 
FITS image format 
VIPS rewrite 
Better nibs in paintbox 
Better TIFF and JPEG load 

--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 12 2011 Adam Goode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.24.7-2
- Clean up Requires and BuildRequires
* Wed Aug 10 2011 Adam Goode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.24.7-1
- New upstream release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645471 - CVE-2010-3364 vips: insecure library loading
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=645471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update vips' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Propust u radu paketa VIPS

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Propust u radu paketa VIPS

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti