Ispravljen je sigurnosni propust paketa python-mwlib, namijenjenog operacijskom sustavu Fedora 17. Udaljeni ga je napadač mogao iskoristiti za izvođenje DoS (eng. Denial of Service) napada.
Paket:
python-mwlib 0.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2012-3138
Izvor:
Fedora
Problem:
Spomenuti je propust uzrokovan nepravilnostima koje se pojavljuju prilikom analize "#iferror" funkcija.
Posljedica:
Napadaču propust omogućuje izvođenje napada uskraćivanjem usluge (DoS).
Rješenje:
Svim se korisnicima savjetuje instalacija najnovije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-3138
2012-03-07 07:11:56
--------------------------------------------------------------------------------
Name : python-mwlib
Product : Fedora 17
Version : 0.13.5
Release : 1.fc17
URL : http://pediapress.com/code/
Summary : MediaWiki parser and utility library
Description :
mwlib provides a library for parsing MediaWiki articles and converting them to
different output formats. mwlib is used by Wikipedia's "Print/export" feature
in order to generate PDF documents from Wikipedia articles.
--------------------------------------------------------------------------------
Update Information:
Update to version 0.13.5, which solves the following issues:
It was reported that mwlib suffered from a flaw that could allow a remote
attacker to perform a denial of service attack on a mwlib installation by
forcing it to parse a specially-crafted #iferror magic function. This issue has
been resolved in version 0.13.5.
syntaxhighlight nodes are supported properly in version 0.13.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #800066 - mwlib: denial of service when parsing #iferror magic
functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=800066
[ 2 ] Bug #798615 - python-mwlib-0.13.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=798615
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-mwlib' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke