Otklonjen je sigurnosni propust otkriven u radu programskog paketa perl-Data-FormValidator. Udaljeni ga je napadač mogao iskoristiti za zaobilaženje pojedinih sigurnosnih ograničenja.
Paket:
perl-Data-FormValidator 4.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
2.3
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2201
Izvorni ID preporuke:
FEDORA-2011-11756
Izvor:
Fedora
Problem:
Propust je posljedica toga što spomenuti paket postupa s određenim neispravnim poljima kao da su ispravna, kada koristi "untaint_all_constraints".
Posljedica:
Napadaču propust omogućuje obilaženje pojedinih sigurnosnih ograničenja.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11756
2011-08-31 00:49:51
--------------------------------------------------------------------------------
Name : perl-Data-FormValidator
Product : Fedora 15
Version : 4.66
Release : 6.fc15
URL : http://search.cpan.org/dist/Data-FormValidator/
Summary : Validates user input (usually from an HTML form) based on input
profile
Description :
Data::FormValidator's main aim is to make input validation expressible in a
simple format.
--------------------------------------------------------------------------------
Update Information:
This update resolve CVE-2011-2201.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 28 2011 Iain Arnell <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 4.66-6
- add patch to resolve CVE-2011-2201
* Wed Jul 20 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4.66-5
- Perl mass rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712694 - CVE-2011-2201 perl-Data-FormValidator: Reports invalid
field as valid when untaint_all_constraints used
https://bugzilla.redhat.com/show_bug.cgi?id=712694
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Data-FormValidator' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11805
2011-08-31 00:51:57
--------------------------------------------------------------------------------
Name : perl-Data-FormValidator
Product : Fedora 14
Version : 4.66
Release : 6.fc14
URL : http://search.cpan.org/dist/Data-FormValidator/
Summary : Validates user input (usually from an HTML form) based on input
profile
Description :
Data::FormValidator's main aim is to make input validation expressible in a
simple format.
--------------------------------------------------------------------------------
Update Information:
This update resolve CVE-2011-2201.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 28 2011 Iain Arnell <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 4.66-6
- add patch to resolve CVE-2011-2201
* Wed Jul 20 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4.66-5
- Perl mass rebuild
* Tue Feb 8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 4.66-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Dec 16 2010 Marcela Maslanova <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 4.66-3
- 661697 rebuild for fixing problems with vendorach/lib
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #712694 - CVE-2011-2201 perl-Data-FormValidator: Reports invalid
field as valid when untaint_all_constraints used
https://bugzilla.redhat.com/show_bug.cgi?id=712694
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Data-FormValidator' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke