U radu programskog paketa tremulous ispravljen je sigurnosni nedostatak koji je napadač mogao iskoristiti za izvršavanje proizvoljnog programskog koda.
Paket:
tremulous 1.x
Operacijski sustavi:
Fedora 17
Kritičnost:
10
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2764
Izvorni ID preporuke:
FEDORA-2012-2238
Izvor:
Fedora
Problem:
Propust nastaje u funkciji FS_CheckFilenameIsNotExecutable u datoteci qcommon/files.c zbog neodgovarajuće provjere ekstenzija datoteka.
Posljedica:
Udaljeni napadači propust su mogli iskoristiti za pokretanje zlonamjernog programskog koda.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2238
2012-02-23 22:22:30
--------------------------------------------------------------------------------
Name : tremulous
Product : Fedora 17
Version : 1.2.0
Release : 0.4.beta1.fc17
URL : http://tremulous.net
Summary : First Person Shooter game based on the Quake 3 engine
Description :
Tremulous is a free, open source game that blends a team based FPS with elements
of an RTS. Players can choose from 2 unique races, aliens and humans.
Players on both teams are able to build working structures in-game like an RTS.
These structures provide many functions, the most important being spawning.
The designated builders must ensure there are spawn structures or other players
will not be able to rejoin the game after death. Other structures provide
automated base defense (to some degree), healing functions and much more...
Player advancement is different depending on which team you are on.
As a human, players are rewarded with credits for each alien kill.
These credits may be used to purchase new weapons and upgrades from the Armoury
The alien team advances quite differently. Upon killing a human foe,
the alien is able to evolve into a new class. The more kills gained the more
powerful the classes available.
The overall objective behind Tremulous is to eliminate the opposing team.
This is achieved by not only killing the opposing players but also
removing their ability to respawn by destroying their spawn structures.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2011-2764
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #796362 - multiple flaws in current version of tremulous
https://bugzilla.redhat.com/show_bug.cgi?id=796362
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tremulous' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke