Uočena je i ispravljena nepravilnost u programskom paketu raptor koju zlonamjerni napadači mogu iskoristiti za otkrivanje osjetljivih informacija, DoS napad ili proizvoljno izvršavanje koda s privilegijama korisnika koji je pokrenuo program.
Paket:
raptor 2.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011, Mandriva Linux Enterprise Server 5.0
Uočena je ranjivost u dodatku "XML External Entity" prilikom obradbe RDF (eng. Resource Description Framework) datoteka.
Posljedica:
Navedenu ranjivost napadač može iskoristiti za otkrivanje osjetljivih informacija, napad uskraćivanja usluga (DoS) ili proizvoljno izvršavanje koda s privilegijama korisnika koji je pokrenuo program.
Rješenje:
Svim korisnicima se savjetuje korištenje nove ispravne inačice ranjivog programskog paketa.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:061
http://www.mandriva.com/security/
_______________________________________________________________________
Package : raptor
Date : April 21, 2012
Affected: 2010.1, 2011., Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
An XML External Entity expansion flaw was found in the way Raptor
processed RDF files. If an application linked against Raptor were to
open a specially-crafted RDF file, it could possibly allow a remote
attacker to obtain a copy of an arbitrary local file that the user
running the application had access to. A bug in the way Raptor handled
external entities could cause that application to crash or, possibly,
execute arbitrary code with the privileges of the user running the
application (CVE-2012-0037).
The updated packages have been patched to correct this issue.
raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version
which is not vulnerable to this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0037
http://www.libreoffice.org/advisories/CVE-2012-0037/
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
24ec3d87dd77462b556f86859840eae1
2010.1/i586/libraptor1-1.4.21-5.1mdv2010.2.i586.rpm
85d61e2cd9d054d9da9211f4fa342f69
2010.1/i586/libraptor-devel-1.4.21-5.1mdv2010.2.i586.rpm
e8b11b034af2de18b785e82cb4a30660
2010.1/i586/raptor-1.4.21-5.1mdv2010.2.i586.rpm
4379f2bfca9cfc03d297058d9635156a
2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
44aa890dd881c56e92f2b3983f4bc686
2010.1/x86_64/lib64raptor1-1.4.21-5.1mdv2010.2.x86_64.rpm
068c7d529fb465a3238f51179651ba2f
2010.1/x86_64/lib64raptor-devel-1.4.21-5.1mdv2010.2.x86_64.rpm
76bf6ce10c21fcc1c5f27e39d08b260d
2010.1/x86_64/raptor-1.4.21-5.1mdv2010.2.x86_64.rpm
4379f2bfca9cfc03d297058d9635156a
2010.1/SRPMS/raptor-1.4.21-5.1mdv2010.2.src.rpm
Mandriva Linux 2011:
e94c657f023e62cd238ea2f83ae0d88a
2011/i586/libraptor1-1.4.21-5.1-mdv2011.0.i586.rpm
79e92a9a81648805e7ae4cb28eb888f2
2011/i586/libraptor2_0-2.0.7-0.1-mdv2011.0.i586.rpm
11eef49d485d71baf0a11b66b48db345
2011/i586/libraptor2-devel-2.0.7-0.1-mdv2011.0.i586.rpm
ae76f3b8f48824daa66675f4fc007235
2011/i586/libraptor-devel-1.4.21-5.1-mdv2011.0.i586.rpm
9a42145d50101d1b3f8348808638240a
2011/i586/raptor-1.4.21-5.1-mdv2011.0.i586.rpm
6c528626b8a2602fdcb1761eac68e25e
2011/i586/raptor2-2.0.7-0.1-mdv2011.0.i586.rpm
7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm
404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm
Mandriva Linux 2011/X86_64:
c4c7ac5bf156c0d3f9bb1fd5740f347f
2011/x86_64/lib64raptor1-1.4.21-5.1-mdv2011.0.x86_64.rpm
83b05b1707a083e7cf76c67d5f646320
2011/x86_64/lib64raptor2_0-2.0.7-0.1-mdv2011.0.x86_64.rpm
f6c697b5e8ee115eb4e318a886105c35
2011/x86_64/lib64raptor2-devel-2.0.7-0.1-mdv2011.0.x86_64.rpm
aba11394c42aed7d4f99200900723837
2011/x86_64/lib64raptor-devel-1.4.21-5.1-mdv2011.0.x86_64.rpm
f557b8057cb4b8aa371f48626d8e2c11
2011/x86_64/raptor-1.4.21-5.1-mdv2011.0.x86_64.rpm
f7b4e5e149fb3d338c85eef948e16b27
2011/x86_64/raptor2-2.0.7-0.1-mdv2011.0.x86_64.rpm
7adcdbaed9ca771c734765e9ed92e8c4 2011/SRPMS/raptor-1.4.21-5.1.src.rpm
404f1edc446a93566026bbee0fbc8210 2011/SRPMS/raptor2-2.0.7-0.1.src.rpm
Mandriva Enterprise Server 5:
5d0221fba67389461f2808a8c1cf93fd
mes5/i586/libraptor1-1.4.18-3.1mdvmes5.2.i586.rpm
777bcd9d7035fcec459c2b0848ccb660
mes5/i586/libraptor-devel-1.4.18-3.1mdvmes5.2.i586.rpm
56c867304527d1b6ba5980b7d5c6e354 mes5/i586/raptor-1.4.18-3.1mdvmes5.2.i586.rpm
5d90acb0be0fd63e90a5dec62a19dfdc
mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
4680f20036dc383367955faab0ffb028
mes5/x86_64/lib64raptor1-1.4.18-3.1mdvmes5.2.x86_64.rpm
f40ea3da4964474fcf1acab58511d59b
mes5/x86_64/lib64raptor-devel-1.4.18-3.1mdvmes5.2.x86_64.rpm
593bb4d51e183ea45d416ff90ff4cb07
mes5/x86_64/raptor-1.4.18-3.1mdvmes5.2.x86_64.rpm
5d90acb0be0fd63e90a5dec62a19dfdc
mes5/SRPMS/raptor-1.4.18-3.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPkp0nmqjQ0CJFipgRAvUfAKCOqVsQF5ZKvywfrhq83Sa0vBo7TwCfTD7R
M+UaIWCajC9axOQi1nshPRA=
=Sy3/
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke