Otkrivena su dva sigurnosna propusta vezana uz biblioteku net6 koja udaljeni napadač može iskoristiti za otkrivanje osjetljivih informacija ili preuzimanje kontrole nad konekcijom.
Paket:
net6 1.x
Operacijski sustavi:
Fedora 14, Fedora 15, Fedora 16
Kritičnost:
2.6
Problem:
cjelobrojno prepisivanje, pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
neovlašteni pristup sustavu, otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4093, CVE-2011-4091
Izvorni ID preporuke:
FEDORA-2011-15326
Izvor:
Fedora
Problem:
Navedeni propusti posljedica su cjelobrojnog prepisivanja u "basic_server::id_counter" i nepravilnog provođenja autentikacije korisnika.
Posljedica:
Udaljeni napadač može iskoristiti propuste za otkrivanje osjetljivih podataka ili preuzimanje kontrole nad postojećom konekcijom.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15326
2011-11-03 00:06:07
--------------------------------------------------------------------------------
Name : net6
Product : Fedora 15
Version : 1.3.14
Release : 1.fc15
URL : http://releases.0x539.de/net6/
Summary : A TCP protocol abstraction for library C++
Description :
net6 is a library which eases the development of network-based applications
as it provides a TCP protocol abstraction for C++. It is portable to both
the Windows and Unix-like platforms.
--------------------------------------------------------------------------------
Update Information:
http://permalink.gmane.org/gmane.network.obby.announce/50
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Luke Macken <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.14-1
- Update to 1.3.14 to fix a security issue (#750631)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750631 - CVE-2011-4093 net6: integer overflow may lead to
connection hijacking
https://bugzilla.redhat.com/show_bug.cgi?id=750631
[ 2 ] Bug #750632 - CVE-2011-4091 net6: user information exposure flaw
https://bugzilla.redhat.com/show_bug.cgi?id=750632
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update net6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15332
2011-11-03 00:06:23
--------------------------------------------------------------------------------
Name : net6
Product : Fedora 14
Version : 1.3.14
Release : 1.fc14
URL : http://releases.0x539.de/net6/
Summary : A TCP protocol abstraction for library C++
Description :
net6 is a library which eases the development of network-based applications
as it provides a TCP protocol abstraction for C++. It is portable to both
the Windows and Unix-like platforms.
--------------------------------------------------------------------------------
Update Information:
http://permalink.gmane.org/gmane.network.obby.announce/50
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Luke Macken <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.14-1
- Update to 1.3.14 to fix a security issue (#750631)
* Tue Feb 8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.3.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb 4 2011 Christopher Aillon <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.12-1
- Update to 1.3.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750631 - CVE-2011-4093 net6: integer overflow may lead to
connection hijacking
https://bugzilla.redhat.com/show_bug.cgi?id=750631
[ 2 ] Bug #750632 - CVE-2011-4091 net6: user information exposure flaw
https://bugzilla.redhat.com/show_bug.cgi?id=750632
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update net6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-15363
2011-11-03 21:51:05
--------------------------------------------------------------------------------
Name : net6
Product : Fedora 16
Version : 1.3.14
Release : 1.fc16
URL : http://releases.0x539.de/net6/
Summary : A TCP protocol abstraction for library C++
Description :
net6 is a library which eases the development of network-based applications
as it provides a TCP protocol abstraction for C++. It is portable to both
the Windows and Unix-like platforms.
--------------------------------------------------------------------------------
Update Information:
http://permalink.gmane.org/gmane.network.obby.announce/50
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2011 Luke Macken <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.3.14-1
- Update to 1.3.14 to fix a security issue (#750631)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #750631 - CVE-2011-4093 net6: integer overflow may lead to
connection hijacking
https://bugzilla.redhat.com/show_bug.cgi?id=750631
[ 2 ] Bug #750632 - CVE-2011-4091 net6: user information exposure flaw
https://bugzilla.redhat.com/show_bug.cgi?id=750632
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update net6' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke