U radu programskog paketa tcptrack uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za proizvoljno pokretanje programskog koda.
Paket:
tcptrack 1.x
Operacijski sustavi:
Fedora 16
Kritičnost:
5.1
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2903
Izvorni ID preporuke:
FEDORA-2011-10668
Izvor:
Fedora
Problem:
Sigurnosni problem se javlja zbog neodgovarajuće alokacije memorije za neke strukture podataka u programskim komponentama MDAC (eng. Microsoft Data Access Components) i WDAC (eng. Windows Data Access Components).
Posljedica:
Udaljeni napadač propust može iskoristiti za proizvoljno pokretanje programskog koda.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-10668
2011-08-12 04:18:17
--------------------------------------------------------------------------------
Name : tcptrack
Product : Fedora 16
Version : 1.4.2
Release : 1.fc16
URL : http://www.rhythm.cx/~steve/devel/tcptrack/
Summary : Displays information about tcp connections on a network
interface
Description :
tcptrack is a sniffer which displays information about TCP connections
it sees on a network interface. It passively watches for connections on
the network interface, keeps track of their state and displays a list of
connections in a manner similar to the unix 'top' command. It displays
source and destination addresses and ports, connection state, idle time,
and bandwidth usage
--------------------------------------------------------------------------------
Update Information:
New release which fixed a heap overflow problem
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #729098 - tcptrack: heap overflow in parsing the command line
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=729098
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tcptrack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke