Otkriven je sigurnosni nedostatak vezan uz programski paket iproute. Zlonamjernom se lokalnom napadaču na taj način omogućuje modificiranje i brisanje datoteka na disku.
Paket:
iproute 2.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
izmjena podataka
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-1088
Izvorni ID preporuke:
FEDORA-2012-2818
Izvor:
Fedora
Problem:
Propust se javlja zbog nepravilnog korištenja i provjera privremenih datoteka u više programskih komponenti.
Posljedica:
Ukoliko napadač pošalje poruku sa zlonamjerno oblikovanim poveznicom, mogao bi lokalno modificirati i brisati proizvoljne datoteke.
Rješenje:
Svim se korisnicima preporuča instalacija nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2818
2012-03-02 00:55:13
--------------------------------------------------------------------------------
Name : iproute
Product : Fedora 17
Version : 3.2.0
Release : 3.fc17
URL : http://kernel.org/pub/linux/utils/networking/iproute2/
Summary : Advanced IP routing and network device configuration tools
Description :
The iproute package contains networking utilities (ip and rtmon, for example)
which are designed to use the advanced networking capabilities of the Linux
2.4.x and 2.6.x kernel.
--------------------------------------------------------------------------------
Update Information:
Address dangerous /tmp files security issue
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #797878 - CVE-2012-1088 iproute: Multiple instances of insecure
temporary file use
https://bugzilla.redhat.com/show_bug.cgi?id=797878
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update iproute' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke