U radu programskog paketa abrt uočen je i ispravljen novi sigurnosni propust. Zloćudni korisnik navedeni propust može iskoristiti za otkrivanje osjetljivih informacija kao što su lozinke i korisnička imena.
Paket:
abrt 2.x
Operacijski sustavi:
Fedora 16
Kritičnost:
4.3
Problem:
neodgovarajuće rukovanje pogreškama
Iskorištavanje:
lokalno/udaljeno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4088
Izvorni ID preporuke:
FEDORA-2011-16990
Izvor:
Fedora
Problem:
Sigurnosni propust se javlja zbog neodgovarajućeg izvještavanja o pogreškama.
Posljedica:
Napadač navedeni propust može iskoristiti za čitanje potencijalno osjetljivih podataka.
Rješenje:
Svim se korisnicima programskog paketa abrt savjetuje korištenje dostupnih nadogradnji.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-16990
2011-12-11 21:22:43
--------------------------------------------------------------------------------
Name : abrt
Product : Fedora 16
Version : 2.0.7
Release : 2.fc16
URL : https://fedorahosted.org/abrt/
Summary : Automatic bug detection and reporting tool
Description :
abrt is a tool to help users to detect defects in applications and
to create a bug report with all informations needed by maintainer to fix it.
It uses plugin system to extend its functionality.
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 8 2011 Jiri Moskovcak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.0.7-2
- added man page
- fixed weird number formatting
* Wed Dec 7 2011 Jiri Moskovcak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.0.7-1
- new version
- disabled kerneloops.org
- abrt-ccpp hook fixes
- catch indentation errors in python rhbz#578969
- fixed make check
- fixed retrace-client to work with rawhide
- require abrtd service in other services rhbz#752014
- fixed problems with dupes rhbz#701717
- keep abrt services enabled when updating F15->F16
- Resolves: 752014 749891 749603 744887 730422 665210 639068 625445 701717
752014 578969 732876 757683 753183 756146 749100
* Fri Nov 4 2011 Jiri Moskovcak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 2.0.6-1
- new version
- Resolves: #701171 #712508 #726033 #728194 #728314 #730107 #733389 #738602
- Resolves: #741242 #749365 #700252 #734298 #736016 #738324 #748457 #692274
- Resolves: #711986 #723219 #749891 #712602 #744887 #749603 #625445 #665210
- Resolves: #737991 #639068 #578969 #636000 #631856
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #749854 - CVE-2011-4088 abrt: may leak some personal information to
bugzilla with some certain applications
https://bugzilla.redhat.com/show_bug.cgi?id=749854
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update abrt' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke