Sigurnosni propust paketa Nip2

U radu programskog paketa Nip2 uočen je novi sigurnosni propust. Lokalni napadač propust može iskoristiti za dobivanje većih privilegija u sustavu.

Paket:	nip 2.x
Operacijski sustavi:	Fedora 16
Kritičnost:	6
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	lokalno
Posljedica:	dobivanje većih privilegija
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2010-3364
Izvorni ID preporuke:	FEDORA-2011-10769
Izvor:	Fedora

Problem:
Ranjivost se nalazila unutar skripte vips-7.22 koja je smještala praznu vrijednost unutar varijable okoline LD_LIBRARY_PATH.
Posljedica:
Lokalni napadač ranjivost može iskoristiti za dobivanje većih privilegija u sustavu.
Rješenje:
Rješenje problema sigurnosti je korištenje najnovijih inačica navedenog programa.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10769
2011-08-12 20:34:20
--------------------------------------------------------------------------------

Name        : nip2
Product     : Fedora 16
Version     : 7.24.2
Release     : 1.fc16
URL         : http://www.vips.ecs.soton.ac.uk/
Summary     : Interactive tool for working with large images
Description :
nip2 is a graphical front end to the VIPS package.
With nip2, rather than directly editing images, you build
relationships between objects in a spreadsheet-like fashion. When you
make a change somewhere, nip2 recalculates the objects affected by
that change. Since it is demand-driven this update is very fast, even
for very, very large images. nip2 is very good at creating pipelines
of image manipulation operations. It is not very good for image
editing tasks like touching up photographs. For that, a tool like the
GIMP should be used instead.

--------------------------------------------------------------------------------
Update Information:

7.24 series.

Run-time code generation 
Open via disc mode 
Workspace as Graph mode for nip2 
FITS image format 
VIPS rewrite 
Better nibs in paintbox 
Better TIFF and JPEG load 

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645471 - CVE-2010-3364 vips: insecure library loading
vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=645471
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update nip2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Sigurnosni propust paketa Nip2

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust paketa Nip2

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti