U radu programskog paketa TeXmacs, namijenjenog operacijskom sustavu Fedora 15, uočen je sigurnosni propust. Spomenuti programski paket je besplatan uređivač teksta, inspiriran TeX i Emacs paketima. Uočeni sigurnosni propust je posljedica nepravilnosti rada skripti "texmacs" i "tm_mupad_help" koje dodaju prazno ime direktorija u "LD_LIBRARY_PATH" varijablu. Zloupotrebom korištene biblioteke u trenutnom radnom direktoriju napadač može povećati prava na ranjivom sustavu. Korisnicima se savjetuje korištenje ispravljenih inačica u svrhu zaštite od potencijalnih problema.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2247
2011-02-25 23:14:31
--------------------------------------------------------------------------------
Name : TeXmacs
Product : Fedora 15
Version : 1.0.7.9
Release : 2.fc15
URL : http://www.texmacs.org
Summary : Structured WYSIWYG scientific text editor
Description :
GNU TeXmacs is a free scientific text editor, which was both inspired
by TeX and GNU Emacs. The editor allows you to write structured
documents via a WYSIWYG (what-you-see-is-what-you-get) and user
friendly interface. New styles may be created by the user. The
program implements high-quality typesetting algorithms and TeX fonts,
which help you to produce professionally looking documents.
The high typesetting quality still goes through for automatically
generated formulas, which makes TeXmacs suitable as an interface for
computer algebra systems. TeXmacs also supports the Guile/Scheme
extension language, so that you may customize the interface and write
your own extensions to the editor.
In the future, TeXmacs is planned to evolve towards a complete
scientific office suite, with spreadsheet capacities, a technical
drawing editor and a presentation mode.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2010-3394 (#638428)
package fonts according to fedora font packaging guidelines (#477464)
update to 1.0.7.9 (#593625)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638428 - CVE-2010-3394 TeXmacs: insecure library loading
vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=638428
[ 2 ] Bug #477464 - [TeXmacs] Please convert to new font packaging
guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=477464
[ 3 ] Bug #593625 - TeXmacs-1.0.7.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=593625
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update TeXmacs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke