U radu programskog paketa trytond uočen je sigurnosni nedostatak kojeg lokalni napadač može iskoristiti za zaobilaženje postavljenih ograničenja i dobivanje većih ovlasti.
Paket:
tyrond 2.x
Operacijski sustavi:
Fedora 17
Problem:
nepravilno rukovanje ovlastima
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0215
Izvorni ID preporuke:
FEDORA-2012-4923
Izvor:
Fedora
Problem:
Nedostatak je posljedica neodgovarajuće provjere dopuštenja za pristup "Many2Many" polju modela relacije.
Posljedica:
Napadaču omogućuje zaobilaženje određenih sigurnosnih ograničenja i stjecanje većih ovlasti.
Rješenje:
Svim se korisnicima savjetuje korištenje novih programskih rješenja.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-4923
2012-03-30 17:49:15
--------------------------------------------------------------------------------
Name : trytond
Product : Fedora 17
Version : 2.2.2
Release : 1.fc17
URL : http://www.tryton.org
Summary : Server for the Tryton application framework
Description :
Tryton is a three-tiers high-level general purpose application framework
written in Python and use PostgreSQL as database engine. It is the core base
of an Open Source ERP. It provides modularity, scalability and security.
The core of Tryton (also called Tryton kernel) provides all the necessary
functionalities for a complete application framework: data persistence (i.e
an ORM with extensive modularity), users management (authentication, fine
grained control for data access, handling of concurrent access of resources),
workflow and report engines, web services and internationalisation. Thus
constituting a complete application platform which can be used for any
relevant purpose.
--------------------------------------------------------------------------------
Update Information:
update for CVE-2012-0215
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update trytond' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke