U radu programskog paketa SeaMonkey uočena su dva sigurnosna propusta koje udaljeni napadač može iskoristiti za napad uskraćivanjem usluga, proizvoljno pokretanje programskog koda te zaobilaženje postavljenih ograničenja.
Sigurnosni problemi se javljaju zbog neodgovarajuće obrade dugih RegExp izraza i pogrešaka kod rukovanja memorijom.
Posljedica:
Udaljeni napadač ranjivosti može iskoristiti za zaobilaženje ograničenja u sustavu, DoS (eng. Denial of Service) napad te proizvoljno pokretanje programskog koda.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje nadogradnja.
CentOS Errata and Security Advisory CESA-2011:1344
seamonkey security update for CentOS 4 i386:
https://rhn.redhat.com/errata/RHSA-2011-1344.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
i386:
updates/i386/RPMS/seamonkey-1.0.9-76.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-chat-1.0.9-76.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-devel-1.0.9-76.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-dom-inspector-1.0.9-76.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-js-debugger-1.0.9-76.el4.centos.i386.rpm
updates/i386/RPMS/seamonkey-mail-1.0.9-76.el4.centos.i386.rpm
source:
updates/SRPMS/seamonkey-1.0.9-76.el4.centos.src.rpm
You may update your CentOS-4 i386 installations by running the command:
yum update seamonkey
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
CentOS Errata and Security Advisory CESA-2011:1344
seamonkey security update for CentOS 4 x86_64:
https://rhn.redhat.com/errata/RHSA-2011-1344.html
The following updated file has been uploaded and is currently syncing to
the mirrors:
x86_64:
updates/x86_64/RPMS/seamonkey-1.0.9-76.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-chat-1.0.9-76.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-devel-1.0.9-76.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-dom-inspector-1.0.9-76.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-js-debugger-1.0.9-76.el4.centos.x86_64.rpm
updates/x86_64/RPMS/seamonkey-mail-1.0.9-76.el4.centos.x86_64.rpm
source:
updates/SRPMS/seamonkey-1.0.9-76.el4.centos.src.rpm
You may update your CentOS-4 x86_64 installations by running the command:
yum update seamonkey
Tru
--
Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
Posljednje sigurnosne preporuke