Expat sadrži sigurnosnu ranjivost

Kod programskog paketa Expat uočena su i ispravljena dva sigurnosna propusta koji omogućuju zlonamjernom korisniku izvođenje DoS (eng. Denial of Service) napada.

Paket:	expat 2.x
Operacijski sustavi:	Mandriva Linux Enterprise Server 5.0
Kritičnost:	5
Problem:	korupcija memorije, neodgovarajuće rukovanje datotekama
Iskorištavanje:	lokalno/udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-0876, CVE-2012-1148
Izvorni ID preporuke:	MDVSA-2012:041
Izvor:	Mandriva

Problem:
Sigurnosni propust se javlja zbog pogreške u rukovanju hash tablicom te korupcije memorije izazvane greškom u funkciji "realloc_fcn".
Posljedica:
Udaljeni napadač spomenuti propust može iskoristiti za izvođenje DoS (eng. Denial of Service) napada.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje nadogradnja na novije inačice.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:041
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : expat
 Date    : March 27, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A memory leak and a hash table collision flaw in expat could cause
 denial os service (DoS) attacks (CVE-2012-0876, CVE-2012-1148).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0876
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1148
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 210b60280a0baf8e08634e0ea6a3bab9 
2010.1/i586/expat-2.0.1-12.1mdv2010.2.i586.rpm
 0b657867100b109cbf90a05d2262bec7 
2010.1/i586/libexpat1-2.0.1-12.1mdv2010.2.i586.rpm
 0bd180a7b4f4d93df5b74f66e2c85e74 
2010.1/i586/libexpat1-devel-2.0.1-12.1mdv2010.2.i586.rpm 
 9f063d0589f638e047de6a5266e6ac84 
2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 ced30873d989d1511e828037b4f68d4d 
2010.1/x86_64/expat-2.0.1-12.1mdv2010.2.x86_64.rpm
 ebd7d687082377e65c818f8ba780b66d 
2010.1/x86_64/lib64expat1-2.0.1-12.1mdv2010.2.x86_64.rpm
 fd8bef44ccdadeaf14966b44733883fe 
2010.1/x86_64/lib64expat1-devel-2.0.1-12.1mdv2010.2.x86_64.rpm 
 9f063d0589f638e047de6a5266e6ac84 
2010.1/SRPMS/expat-2.0.1-12.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 6c8bdc44eed2cebf483d4041d57f5eea 
2011/i586/expat-2.0.1-15.1-mdv2011.0.i586.rpm
 8211eeb028a563dcbedda7d1726035bb 
2011/i586/libexpat1-2.0.1-15.1-mdv2011.0.i586.rpm
 c6c9685891ae405ff6181b6899ee10ce 
2011/i586/libexpat-devel-2.0.1-15.1-mdv2011.0.i586.rpm
 7afd883dae4a17201128de1485cf949c 
2011/i586/libexpat-static-devel-2.0.1-15.1-mdv2011.0.i586.rpm 
 4be73538c443ced014373c7e364daac5  2011/SRPMS/expat-2.0.1-15.1.src.rpm

 Mandriva Linux 2011/X86_64:
 7e84ec2183f6ba903779b00f914e3813 
2011/x86_64/expat-2.0.1-15.1-mdv2011.0.x86_64.rpm
 d7c0853983ce8d2dc2b0b9740924acd7 
2011/x86_64/lib64expat1-2.0.1-15.1-mdv2011.0.x86_64.rpm
 ecca4f586885b53d2a0ca39a8985f561 
2011/x86_64/lib64expat-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm
 f87f9aecd51f1f20508dc6f6ad5f02e6 
2011/x86_64/lib64expat-static-devel-2.0.1-15.1-mdv2011.0.x86_64.rpm 
 4be73538c443ced014373c7e364daac5  2011/SRPMS/expat-2.0.1-15.1.src.rpm

 Mandriva Enterprise Server 5:
 9618c2dceec06fcb04655e2adb9f8d9d  mes5/i586/expat-2.0.1-7.4mdvmes5.2.i586.rpm
 a0b4d2e3b545f6d63cef9476da3cc72f 
mes5/i586/libexpat1-2.0.1-7.4mdvmes5.2.i586.rpm
 95ec804d1758d0a7628abd42bf3e54e5 
mes5/i586/libexpat1-devel-2.0.1-7.4mdvmes5.2.i586.rpm 
 01271afe453d63599a6951f7dbc83197  mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4781b62e289cae964e8a7c540d2387c9 
mes5/x86_64/expat-2.0.1-7.4mdvmes5.2.x86_64.rpm
 aee65480dd6cc31f957c3b17771babf6 
mes5/x86_64/lib64expat1-2.0.1-7.4mdvmes5.2.x86_64.rpm
 ddbc81b65a6969e17900bbbc842cc8e4 
mes5/x86_64/lib64expat1-devel-2.0.1-7.4mdvmes5.2.x86_64.rpm 
 01271afe453d63599a6951f7dbc83197  mes5/SRPMS/expat-2.0.1-7.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPcd5UmqjQ0CJFipgRAvzjAJ46WPQm7hmP1/gmoLmPmFMdZYcOrQCgq/oR
ZVAk5KD7zUd2cFhkef3xvRo=
=EuSi
-----END PGP SIGNATURE-----

Expat sadrži sigurnosnu ranjivost

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Expat sadrži sigurnosnu ranjivost

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti