U radu programskog paketa ocsinventory uočen je sigurnosni propust kojeg udaljeni napadač može iskoristiti za proizvoljno izvršavanje HTML i skriptnog koda.
Paket:
ocsinventory 1.x
Operacijski sustavi:
Fedora 14, Fedora 15
Kritičnost:
3.6
Problem:
XSS
Iskorištavanje:
udaljeno
Posljedica:
umetanje HTML i skriptnog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4024
Izvorni ID preporuke:
FEDORA-2011-15007
Izvor:
Fedora
Problem:
Sigurnosni propust se javlja zbog XSS (eng. Cross-site scripting) ranjivosti.
Posljedica:
Udaljeni napadač navedenu nepravilnost može iskoristiti za proizvoljno izvršavanje HTML i skriptnog koda.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje korištenje najnovije inačice.
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-15007
2011-10-27 03:29:19
---------------------------------------------------------------------------=
-----
Name : ocsinventory
Product : Fedora 15
Version : 1.3.3
Release : 5.fc15
URL : http://www.ocsinventory-ng.org/
Summary : Open Computer and Software Inventory Next Generation
Description :
Open Computer and Software Inventory Next Generation is an application
designed to help a network or system administrator keep track of the
computers configuration and software that are installed on the network.
OCS Inventory is also able to detect all active devices on your network,
such as switch, router, network printer and unattended devices.
OCS Inventory NG includes package deployment feature on client computers.
ocsinventory is a metapackage that will install the communication server,
the administration console and the database server (MySQL).
---------------------------------------------------------------------------=
-----
Update Information:
Fix a XSS vulnerability
---------------------------------------------------------------------------=
-----
ChangeLog:
* Tue Oct 25 2011 Remi Collet <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
https://bugzilla.redhat.com/show_bug.cgi?id=3D748072
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update ocsinventory' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-14963
2011-10-27 03:27:29
---------------------------------------------------------------------------=
-----
Name : ocsinventory
Product : Fedora 14
Version : 1.3.3
Release : 5.fc14
URL : http://www.ocsinventory-ng.org/
Summary : Open Computer and Software Inventory Next Generation
Description :
Open Computer and Software Inventory Next Generation is an application
designed to help a network or system administrator keep track of the
computers configuration and software that are installed on the network.
OCS Inventory is also able to detect all active devices on your network,
such as switch, router, network printer and unattended devices.
OCS Inventory NG includes package deployment feature on client computers.
ocsinventory is a metapackage that will install the communication server,
the administration console and the database server (MySQL).
---------------------------------------------------------------------------=
-----
Update Information:
Fix a XSS vulnerability
---------------------------------------------------------------------------=
-----
ChangeLog:
* Tue Oct 25 2011 Remi Collet <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.3-5
- fix XSS vulnerabity (Bug #748072, CVE-2011-4024)
- Don't require php-zip for F16 and up.
* Wed Nov 24 2010 Remi Collet <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.3-1
- update to 1.3.3 (bugfix)
- clean applied patches
- requires nbmlookup instead of samba-client, fix #654252
---------------------------------------------------------------------------=
-----
References:
[ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
https://bugzilla.redhat.com/show_bug.cgi?id=3D748072
---------------------------------------------------------------------------=
-----
This update can be installed with the "yum" update program. Use =
su -c 'yum update ocsinventory' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke