Detalji

U radu programskog paketa Abcm2ps uočeni su i ispravljeni višestruki sigurnosni nedostaci. Riječ je o paketu za pretvorbu datoteka iz ABC u Postscript format. Neki od propusta su problemi u funkcijama "trim_title()" i "getarena()", neodgovarajuća alokacija memorijskog prostora i sl. Napadaču omogućuju pokretanje zlonamjernog programskog koda i DoS napad. Svi se korisnici upućuju na detaljno čitanje izvornog teksta preporuke, a potom i odgovarajuću nadogradnju u svrhu zaštite od navedenih propusta. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1092
2011-02-05 21:42:49
--------------------------------------------------------------------------------

Name        : abcm2ps
Product     : Fedora 14
Version     : 5.9.21
Release     : 1.fc14
URL         : http://moinejf.free.fr
Summary     : A program to typeset ABC tunes into Postscript
Description :
Abcm2ps is a package which converts music tunes from ABC format to
Postscript. Based on abc2ps version 1.2.5, it was developed mainly to
print Baroque organ scores which have independent voices played on one
or many keyboards and a pedal-board. Abcm2ps introduces many
extensions to the ABC language that make it suitable for classical
music.

--------------------------------------------------------------------------------
Update Information:

new release 5.9.21
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb  5 2011 GÊrard Milmeister <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 5.9.21-1
- new release 5.9.21
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #600729 - Abcm2ps v5.9.13: More multiple unspecified security
vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=600729
  [ 2 ] Bug #580435 - CVE-2010-3441 Abcm2ps v5.9.12: Multiple unspecified
security vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=580435
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update abcm2ps' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh