U radu programskog paketa gnash, za operacijski sustav Fedora 17, uočena je sigurnosna ranjivost. Lokalnom napadaču omogućuje otkrivanje osjetljivih informacija.
Paket:
gnash 0.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4328
Izvorni ID preporuke:
FEDORA-2012-2617
Izvor:
Fedora
Problem:
Spomenuta je ranjivost posljedica pogreške u načinu na koji Shockwave Flash dodatak (eng. plug-in) upravlja HTTP kolačićima.
Posljedica:
Napadači ju mogu iskoristiti za otkrivanje osjetljivih informacija.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2617
2012-02-28 20:31:18
--------------------------------------------------------------------------------
Name : gnash
Product : Fedora 17
Version : 0.8.10
Release : 1.fc17
URL : http://www.gnu.org/software/gnash/
Summary : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and op-codes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755518 - CVE-2011-4328 gnash: Unsafe management of HTTP cookies
https://bugzilla.redhat.com/show_bug.cgi?id=755518
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke