Ispravljene su dvije ranjivosti u alatu chm2pdf. Radi se o jednostavnoj Python skripti namijenjenoj konverziji CHM datoteka u PDF format. Ranjivosti su posljedica nesigurne upotrebe privremenih datoteka u direktorijima "/tmp/chm2pdf/work" i "/tmp/chm2pdf/orig". Ranjivosti mogu iskorištavati lokalni napadači kako bi povećali ovlasti, izveli napad uskraćivanjem usluga (DoS napad) ili kako bi izbrisali proizvoljne datoteke. Svim korisnicima se savjetuje prelazak na najnoviju inačicu kojom su otklonjene obje ranjivosti.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0454
2011-01-17 20:20:37
--------------------------------------------------------------------------------
Name : chm2pdf
Product : Fedora 14
Version : 0.9.1
Release : 9.fc14
URL : http://code.google.com/p/chm2pdf/
Summary : A tool to convert CHM files to PDF files
Description :
A simple Python script that converts CHM files into PDF files.
--------------------------------------------------------------------------------
Update Information:
This update fixes security bugs #474455 and #474457. The security issue is
about unsafe use of fixed temporary directories by chm2pdf.
This update will break --dontextract option. The option will not be shown in
the list of available options.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 9 2011 Lakshmi Narasimhan T V <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.9.1-9
- Applied patch to fix use of fixed temporary directories. Fixes bugs
474455,474457
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #474455 - CVE-2008-5298 chm2pdf insecure temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=474455
[ 2 ] Bug #474457 - CVE-2008-5299 chm2pdf insecure temporary file symlink
flaw
https://bugzilla.redhat.com/show_bug.cgi?id=474457
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update chm2pdf' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0467
2011-01-17 20:21:04
--------------------------------------------------------------------------------
Name : chm2pdf
Product : Fedora 13
Version : 0.9.1
Release : 8.fc13
URL : http://code.google.com/p/chm2pdf/
Summary : A tool to convert CHM files to PDF files
Description :
A simple Python script that converts CHM files into PDF files.
--------------------------------------------------------------------------------
Update Information:
This update fixes security bugs #474455 and #474457. The security issue is
about unsafe use of fixed temporary directories by chm2pdf.
This update will break --dontextract option. The option will not be shown in
the list of available options.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 9 2011 Lakshmi Narasimhan T V <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
0.9.1-8
- Applied patch to fix use of fixed temporary directories. Fixes bugs
474455,474457
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #474455 - CVE-2008-5298 chm2pdf insecure temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=474455
[ 2 ] Bug #474457 - CVE-2008-5299 chm2pdf insecure temporary file symlink
flaw
https://bugzilla.redhat.com/show_bug.cgi?id=474457
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update chm2pdf' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke