Otkriveno je nekoliko propusta programskog paketa audacious-plugins koje zlonamjerni korisnici mogu iskoristiti za izvođenje DoS napada i pokretanje proizvoljnog programskog koda.
Paket:
audacious-plugins 2.x
Operacijski sustavi:
Fedora 14
Problem:
neodgovarajuće rukovanje memorijom, pogreška u programskoj funkciji, pogreška u programskoj komponenti
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-12370
2011-09-09 04:55:46
--------------------------------------------------------------------------------
Name : audacious-plugins
Product : Fedora 14
Version : 2.4.5
Release : 4.fc14
URL : http://audacious-media-player.org/
Summary : Plugins for the Audacious audio player
Description :
This package provides essential plugins for the Audacious audio player.
Audacious is an advanced audio player. It is free, lightweight, based on
GTK2, runs on Linux and many other *nix platforms and is focused on audio
quality and supporting a wide range of audio codecs. It still features
an alternative skinned user interface (based on Winamp 2.x skins).
Historically, it started as a fork of Beep Media Player (BMP), which
itself forked from XMMS.
--------------------------------------------------------------------------------
Update Information:
Patch to use the system's libmodplug library.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 8 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.5-4
- Patch to use system's libmodplug (BR libmodplug-devel).
* Wed Jun 8 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.5-3
- Fix Ogg metadata save for i686 (#711796).
* Sat Apr 23 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.5-2
- Fix missing newline NULL-ptr crash in m3u loader (#699107).
- Build OSS output plugin according to default.
- Build amidi plugin according to default.
- Only --disable-sse2 for %ix86.
- Add a few more plugins to %check section.
* Sun Apr 17 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.5-1
- Update to 2.4.5 (maintenance release in stable branch, 34k diff).
* Sat Apr 9 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.4-4
- Fix "Import Playlist" in gtkui.
* Sat Mar 26 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.4-3
- Use correct icon name in -amidi/-sid desktop files.
* Thu Mar 24 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.4-2
- Add audio/midi MIME type to audacious-plugins-amidi package.
* Wed Feb 23 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.4-1
- Update to 2.4.4 (maintenance release in stable branch, 170k diff).
- Remove the extra vfs_close() call in adplug's new binio_virtual.h class,
because closing the copied fd there crashes the player later.
- Libnotify 0.7.0 API patch not necessary anymore.
- lyricwiki plugin isn't built [by default] anymore, so enable it.
* Thu Feb 17 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-10
- Move the following exotic decoders into the audacious-plugins-exotic
subpackage: adplug.so, console.so, psf2.so, vtx.so, xsf.so
- In spec file, update list of licenses used by various plugins.
- Update stripped tarball to also remove the .usf plugin source.
* Wed Feb 16 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-9
- Fix C++ static member init mess in adplug plugin (#669889).
* Mon Feb 7 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 2.4.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb 4 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-7
- Enhance the audacious(plugin-api) stuff in the spec file and apply it
to all subpackages.
* Thu Feb 3 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-6
- Merge fix for AUDPLUG-323 (mtp).
* Fri Jan 28 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-5
- Merge fix for AUD-289 (psf).
* Thu Jan 27 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-4
- Require specific audacious(plugin-api) capability.
- Drop Obsoletes for audacious-plugins-arts (last in dist-f11-updates).
* Mon Jan 17 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-3
- F15 devel: Move adplug plugin into a subpackage: audacious-plugins-adplug
- Patch adplug core loaders a bit to prevent stupid crashes when
loading either damaged or incorrectly parsed files into the playlist.
* Sun Jan 16 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-2
- Temporarily --disable-adplug for investigation of bz #669889.
- Require at least Audacious 2.4.3 (for uri_to_filename).
* Fri Jan 14 2011 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.3-1
- Update to 2.4.3 (maintenance release in stable branch, 38k diff).
* Sun Dec 19 2010 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.2-2
- Fix "Jump To" dialog seek (#663621) (AUDPLUG-308).
* Thu Dec 9 2010 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.2-1
- Update to 2.4.2 (maintenance release in stable branch).
- strip-m3u-lines.patch not applied due to rewrite.
* Thu Nov 4 2010 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.0-8
- Patch for libnotify 0.7.0 API change.
* Thu Nov 4 2010 Michael Schwendt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.4.0-7
- Prevent buffer realloc crash in cue.c playlist_load_cue (#649645).
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update audacious-plugins' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke