Otkrivena je i ispravljena sigurnosna ranjivost programskog paketa uzbl. Lokalni korisnici mogu iskoristiti navedenu ranjivost za otkrivanje osjetljivih informacija.
Paket:
uzbl 0.x
Operacijski sustavi:
Fedora 17
Kritičnost:
1.2
Problem:
nepravilno rukovanje ovlastima
Iskorištavanje:
lokalno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0843
Izvorni ID preporuke:
FEDORA-2012-2321
Izvor:
Fedora
Problem:
Primijećeno je da programski paket stvara datoteku s kolačićima (eng. cookies) s neodgovarajućim sigurnosnim postavkama .
Posljedica:
Zloćudni korisnici mogu iskoristiti ranjivost kako bi ukrali kolačiće i pristupili osjetljivim podacima.
Rješenje:
Korisnike se potiče na korištenje dostupnih programskih zakrpi.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2321
2012-02-24 22:28:43
--------------------------------------------------------------------------------
Name : uzbl
Product : Fedora 17
Version : 0
Release : 0.28.20111001git9576f59f05.fc17
URL : http://www.uzbl.org
Summary : Lightweight WebKit browser following the UNIX philosophy
Description :
Uzbl is a lightweight web browser based on WebKit/Gtk+. Uzbl follows
the UNIX philosophy - "Write programs that do one thing and do it
well. Write programs to work together. Write programs to handle text
streams, because that is a universal interface."
--------------------------------------------------------------------------------
Update Information:
Lock down cookie file permissions to not be world-readable.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #789645 - CVE-2012-0843 uzbl: world-readable cookie file
https://bugzilla.redhat.com/show_bug.cgi?id=789645
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update uzbl' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke