Izdana zakrpa za mozilla-https-everywhere

U radu programskog paketa mozilla-https-everywhere uočen je nedostatak kojeg udaljeni napadači mogu iskoristiti za otkrivanje osjetljivih informacija.

Paket:	mozilla-https-everywhere 2.x
Operacijski sustavi:	Fedora 17
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	otkrivanje osjetljivih informacija
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	FEDORA-2012-7051
Izvor:	Fedora

Problem:
Propusti su povezani s neodgovarajućom implementacijom SSL protokola.
Posljedica:
Zlonamjerni napadači mogu iskoristiti nedostatak za pregled i otkrivanje potencijalno osjetljivih podataka.
Rješenje:
Korisnicima se preporuča primjena programskih rješenja proizvođača.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7051
2012-05-02 04:37:21
--------------------------------------------------------------------------------

Name        : mozilla-https-everywhere
Product     : Fedora 17
Version     : 2.0.3
Release     : 2.fc17
URL         : https://eff.org/https-everywhere
Summary     : HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
Description :
HTTPS Everywhere is a Firefox extension produced as a collaboration between
The Tor Project and the Electronic Frontier Foundation. It encrypts your
communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS,
but make it difficult to use. For instance, they may default to unencrypted
HTTP, or fill encrypted pages with links that go back to the unencrypted site.

The HTTPS Everywhere extension fixes these problems by rewriting all requests
to these sites to HTTPS.

--------------------------------------------------------------------------------
Update Information:

Fix a possible SSL downgrade vulnerability.
Fix upstream bug 5676, which fixes an SSL downgrade attack.
Fix upstream bug 5676, which fixes an SSL downgrade attack.
Fix upstream bug 5676, which fixes an SSL downgrade attack.
Fix upstream bug 5676, which fixes an SSL downgrade attack.
Fix upstream bug 5676, which fixes an SSL downgrade attack.
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update mozilla-https-everywhere' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Izdana zakrpa za mozilla-https-everywhere

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Izdana zakrpa za mozilla-https-everywhere

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti