Sigurnosna ranjivost paketa plib

U radu programskog paketa plib uočen je novi sigurnosni propust kojeg udaljeni napadač može iskoristiti za izvršavanje proizvoljnog programskog koda.

Paket:	plib 1.x
Operacijski sustavi:	Fedora 15, Fedora 16
Kritičnost:	9.3
Problem:	preljev međuspremnika
Iskorištavanje:	udaljeno
Posljedica:	proizvoljno izvršavanje programskog koda
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-4620
Izvorni ID preporuke:	FEDORA-2012-0100
Izvor:	Fedora

Problem:
Sigurnosni nedostatak je posljedica preljeva međuspremnika u programskoj funkciji "ulSetError" (util/ulError.cxx).
Posljedica:
Udaljeni napadač navedeni propust može iskoristiti za proizvoljno pokretanje programskog koda.
Rješenje:
Svim se korisnicima savjetuje korištenje dostupnih nadogradnji i zakrpa.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0100
2012-01-05 20:37:21
--------------------------------------------------------------------------------

Name        : plib
Product     : Fedora 16
Version     : 1.8.5
Release     : 5.fc16
URL         : http://plib.sourceforge.net/
Summary     : Set of portable libraries especially useful for games
Description :
This is a set of OpenSource (LGPL) libraries that will permit programmers
to write games and other realtime interactive applications that are 100%
portable across a wide range of hardware and operating systems. Here is
what you need - it's all free and available with LGPL'ed source code on
the web. All of it works well together.

--------------------------------------------------------------------------------
Update Information:

Fix a buffer-overflow in ulSetError() (CVE-2011-4620)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 27 2011 Hans de Goede <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-5
- Fix a bufferoverflow in ulSetError() (CVE-2011-4620)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #769722 - CVE-2011-4620 plib ulSetError() buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=769722
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update plib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0144
2012-01-05 20:39:04
--------------------------------------------------------------------------------

Name        : plib
Product     : Fedora 15
Version     : 1.8.5
Release     : 5.fc15
URL         : http://plib.sourceforge.net/
Summary     : Set of portable libraries especially useful for games
Description :
This is a set of OpenSource (LGPL) libraries that will permit programmers
to write games and other realtime interactive applications that are 100%
portable across a wide range of hardware and operating systems. Here is
what you need - it's all free and available with LGPL'ed source code on
the web. All of it works well together.

--------------------------------------------------------------------------------
Update Information:

Fix a bufferoverflow in ulSetError() (CVE-2011-4620)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 27 2011 Hans de Goede <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.8.5-5
- Fix a bufferoverflow in ulSetError() (CVE-2011-4620)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #769722 - CVE-2011-4620 plib ulSetError() buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=769722
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update plib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Sigurnosna ranjivost paketa plib

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosna ranjivost paketa plib

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti