Kod programskog paketa SeaMonkey uočen je nov sigurnosni propust vezan uz upravljanje kompromitiranim certifikatima. Zlonamjerni korisnici mogu ga iskoristiti za stjecanje neovlaštenog pristupa sustavu i povećanje sigurnosnih ovlasti.
Paket:
SeaMonkey 1.x
Operacijski sustavi:
CentOS
Problem:
neodgovarajuća provjera ulaznih podataka
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
CESA-2011:1266
Izvor:
CentOS
Problem:
Uočen nedostatak posljedica je neispravnog rukovanja nepovjerljivim HTTPS certifikatima.
Posljedica:
Udaljeni napadači mogu iskoristiti ovaj nedostatak za stjecanje neovlaštenog pristupa sustavu i povećanje sigurnosnih ovlasti.
Rješenje:
Objavljena je nadogradnja koja ispravlja ovaj propust te se svim korisnicima savjetuje njena primjena.
CentOS Errata and Security Advisory CESA-2011:1266
seamonkey security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2011-1266.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
i386:
updates/i386/RPMS/seamonkey-1.0.9-75.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-chat-1.0.9-75.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-devel-1.0.9-75.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-dom-inspector-1.0.9-75.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-js-debugger-1.0.9-75.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-mail-1.0.9-75.el4.centos.i386.rpm
source:
updates/SRPMS/seamonkey-1.0.9-75.el4.centos.src.rpm
You may update your CentOS-4 i386 installations by running the command:
yum update seamonkey
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
CentOS Errata and Security Advisory CESA-2011:1266
seamonkey security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2011-1266.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
x86_64:
updates/x86_64/RPMS/seamonkey-1.0.9-75.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-chat-1.0.9-75.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-devel-1.0.9-75.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-dom-inspector-1.0.9-75.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-js-debugger-1.0.9-75.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-mail-1.0.9-75.el4.centos.x86_64.rpm
source:
updates/SRPMS/seamonkey-1.0.9-75.el4.centos.src.rpm
You may update your CentOS-4 x86_64 installations by running the command:
yum update seamonkey
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
Posljednje sigurnosne preporuke