Otkrivena je sigurnosna ranjivost programskog paketa kolourpaint. Tu je ranjivost moguće iskoristiti za podmetanje lažnih certifikata i dobivanje osjetljivih podataka.
Paket:
kolourpaint 4.x
Operacijski sustavi:
Fedora 16
Kritičnost:
5
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3365
Izvorni ID preporuke:
FEDORA-2011-13417
Izvor:
Fedora
Problem:
Nedostatak se javlja u datoteci kio/kio/tcpslavebase.cpp u komponenti KDE KSSL.
Posljedica:
Udaljeni napadač, prikazujući lažni certifikat kao važeći, može doći do osjetljivih informacija.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13417
2011-09-28 18:43:50
--------------------------------------------------------------------------------
Name : kolourpaint
Product : Fedora 16
Version : 4.7.1
Release : 1.fc16
URL : https://projects.kde.org/projects/kde/kdegraphics/kolourpaint
Summary : An easy-to-use paint program
Description :
An easy-to-use paint program.
--------------------------------------------------------------------------------
Update Information:
KDE Workspaces, Applications, and Development Platform 4.7.1 bugfix release,
see also:
http://kde.org/announcements/announce-4.7.1.php
This batch also includes split packaging for kdeedu-related rpms.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #717115 - Use /etc/login.defs to define a 'system' account instead
of hard-coding 500 (kde-settings)
https://bugzilla.redhat.com/show_bug.cgi?id=717115
[ 2 ] Bug #723987 - "The service Printer Configuration does not provide an
interface KCModule...".
https://bugzilla.redhat.com/show_bug.cgi?id=723987
[ 3 ] Bug #732830 - Use /etc/login.defs to define a 'system' account instead
of hard-coding 500 (kdebase-workspace)
https://bugzilla.redhat.com/show_bug.cgi?id=732830
[ 4 ] Bug #739642 - [abrt] kdeutils-printer-applet-4.7.0-1.fc16:
monitor.py:394:get_notifications:KeyError: 'job-originating-user-name'
https://bugzilla.redhat.com/show_bug.cgi?id=739642
[ 5 ] Bug #740676 - Default Plasma desktop is blank, doesn't show liveinst on
live CD
https://bugzilla.redhat.com/show_bug.cgi?id=740676
[ 6 ] Bug #743056 - CVE-2011-3365 kdelibs: input validation failure in KSSL
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=743056
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kolourpaint' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke