U radu programskog paketa Gajim, namijenjenog operacijskim sustavima Fedora 15, 16 i 17, uočena je sigurnosna ranjivost. Lokalnim napadačima omogućuje stjecanje većih ovlasti i prepisivanje proizvoljnih datoteka.
| Paket: | gajim |
| Operacijski sustavi: | Fedora 15, Fedora 16, Fedora 17 |
| Kritičnost: | 4.4 |
| Problem: | pogreška u programskoj funkciji |
| Iskorištavanje: | lokalno |
| Posljedica: | dobivanje većih privilegija, izmjena podataka |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-2093 |
| Izvorni ID preporuke: | FEDORA-2012-6061 |
| Izvor: | Fedora |
| Problem: | |
| Ranjivost je posljedica nesigurnog stvaranja privremenih datoteka u funkciji "get_tmpfile_name()". |
|
| Posljedica: | |
| Napadač ju može iskoristiti za dobivanje većih ovlasti i prepisivanje proizvoljnih datoteka. |
|
| Rješenje: | |
| Svim se korisnicima preporuča instalacija odgovarajuće nadogradnje. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6061
2012-04-18 19:06:15
--------------------------------------------------------------------------------
Name : gajim
Product : Fedora 16
Version : 0.15
Release : 2.fc16
URL : http://gajim.org/
Summary : Jabber client written in PyGTK
Description :
Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is
to provide a full featured and easy to use xmpp client for the GTK+ users.
Gajim does not require GNOME to run, even though it exists with it nicely.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 17 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-2
- CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
* Mon Mar 19 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-1
- Upstream release 0.15.
* Thu Jan 26 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.4.beta4
- Upstream release 0.15 beta4.
* Tue Dec 20 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.2.beta3
- Upstream release 0.15 beta3.
- Drop gajim-0.13.90-pygtk-crash-python2.7-workaround.patch
Cannot reproduce the crash anymore.
* Tue Oct 11 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.1.beta2
- Upstream release 0.15 beta2.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #811651 - CVE-2012-2093 gajim (LaTeX module): Insecure creation of
temporary file
https://bugzilla.redhat.com/show_bug.cgi?id=811651
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gajim' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6001
2012-04-18 19:03:34
--------------------------------------------------------------------------------
Name : gajim
Product : Fedora 15
Version : 0.15
Release : 2.fc15
URL : http://gajim.org/
Summary : Jabber client written in PyGTK
Description :
Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is
to provide a full featured and easy to use xmpp client for the GTK+ users.
Gajim does not require GNOME to run, even though it exists with it nicely.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 17 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-2
- CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
* Mon Mar 19 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-1
- Upstream release 0.15.
* Thu Jan 26 2012 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.4.beta4
- Upstream release 0.15 beta4.
* Tue Dec 20 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.2.beta3
- Upstream release 0.15 beta3.
- Drop gajim-0.13.90-pygtk-crash-python2.7-workaround.patch
Cannot reproduce the crash anymore.
* Tue Oct 11 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.15-0.1.beta2
- Upstream release 0.15 beta2.
* Mon Jun 20 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.14.3-1
- Upstream bugfix release.
- gajim-0.14-handle-read-before-close.patch already applied.
* Thu Jun 9 2011 Michal Schmidt <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.14.2-1
- Upstream bugfix release.
- Dropped a merged patch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #811651 - CVE-2012-2093 gajim (LaTeX module): Insecure creation of
temporary file
https://bugzilla.redhat.com/show_bug.cgi?id=811651
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gajim' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-6161
2012-04-18 22:05:45
--------------------------------------------------------------------------------
Name : gajim
Product : Fedora 17
Version : 0.15
Release : 2.fc17
URL : http://gajim.org/
Summary : Jabber client written in PyGTK
Description :
Gajim is a Jabber client written in PyGTK. The goal of Gajim's developers is
to provide a full featured and easy to use xmpp client for the GTK+ users.
Gajim does not require GNOME to run, even though it exists with it nicely.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2012-2093 gajim (LaTeX module): Insecure creation of temporary file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #811651 - CVE-2012-2093 gajim (LaTeX module): Insecure creation of
temporary file
https://bugzilla.redhat.com/show_bug.cgi?id=811651
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gajim' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke