U radu programskog paketa ldns, za operacijske sustave Fedora 14 i 15, uočen je sigurnosni propust. Moguće ga je iskoristiti udaljeno, za pokretanje proizvoljnog programskog koda.
Paket:
ldns 1.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
5.9
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-3581
Izvorni ID preporuke:
FEDORA-2011-13929
Izvor:
Fedora
Problem:
Propust je posljedica pogreške u funkciji "ldns_rr_new_frm_str_internal()", a očituje se prilikom rukovanja podacima nepoznatih RR tipova.
Posljedica:
Napadaču omogućuje pokretanje proizvoljnog programskog koda.
Rješenje:
Svim se korisnicima preporuča korištenje ispravljenih inačica.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13929
2011-10-07 03:50:20
--------------------------------------------------------------------------------
Name : ldns
Product : Fedora 15
Version : 1.6.11
Release : 2.fc15
URL : http://www.nlnetlabs.nl/ldns/
Summary : Lowlevel DNS(SEC) library with API
Description :
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2011-3581, and other DNSSEC related fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Paul Wouters <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.11-2
- Updated to 1.6.11, fixes rhbz#741026 which is CVE-2011-3581
- Python goes into sitearch, not sitelib
- Fix source link and spelling errors in description
* Wed Jun 8 2011 Paul Wouters <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.10-1
- Updated to 1.6.10
- commented out build dependancies for svn snapshots
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #741026 - ldns: heap overflow flaw in ldns_rr_new_frm_str_internal()
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=741026
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ldns' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-13915
2011-10-07 03:49:47
--------------------------------------------------------------------------------
Name : ldns
Product : Fedora 14
Version : 1.6.11
Release : 2.fc14
URL : http://www.nlnetlabs.nl/ldns/
Summary : Lowlevel DNS(SEC) library with API
Description :
ldns is a library with the aim to simplify DNS programming in C. All
low-level DNS/DNSSEC operations are supported. We also define a higher
level API which allows a programmer to (for instance) create or sign
packets.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2011-3581, and other DNSSEC related fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 5 2011 Paul Wouters <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.11-2
- Updated to 1.6.11, fixes rhbz#741025 which is CVE-2011-3581
- Python goes into sitearch, not sitelib
- Fix source link and spelling errors in description
* Wed Jun 8 2011 Paul Wouters <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.10-1
- Updated to 1.6.10
- commented out build dependancies for svn snapshots
* Mon Jan 24 2011 Paul Wouters <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.6.8-1
- Updated to 1.6.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #741025 - ldns: heap overflow flaw in ldns_rr_new_frm_str_internal()
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=741025
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ldns' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke