U radu programskog paketa Q, inačice za operacijske sustave Fedora 13, 14 i 15, uočena je sigurnosna ranjivost. Riječ je o funkcionalnom programskom jeziku namijenjenom znanstvenoj zajednici za jednostavno definiranje proizvoljnog sustava jednadžbi. Sigurnosni propust je uzrokovan radom datoteke "ltdl.c" koja nepravilno koristi i pokreće kod biblioteke u trenutnom radnom direktoriju, umjesto definirane biblioteke. Potencijalni napadač tako može podmetnuti željenu datoteku kako bi povećao prava na ranjivom sustavu. Svim se korisnicima savjetuje instalacija ispravljenih inačica.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1958
2011-02-22 18:19:53
--------------------------------------------------------------------------------
Name : q
Product : Fedora 13
Version : 7.11
Release : 8.fc13
URL : http://q-lang.sourceforge.net
Summary : Equational programming language
Description :
Q is a powerful and extensible functional programming language based
on the term rewriting calculus. You specify an arbitrary system of
equations which the interpreter uses as rewrite rules to reduce
expressions to normal form. Q is useful for scientific programming and
other advanced applications, and also as a sophisticated kind of
desktop calculator. The distribution includes the Q programming tools,
a standard library, add-on modules for interfacing to Curl, GNU dbm,
ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode.
--------------------------------------------------------------------------------
Update Information:
Rebuilt against system libltdl.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2011 Gérard Milmeister <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.11-8
- Rebuild against system libltdl
* Fri Sep 17 2010 Rex Dieter <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.11-7.1
- rebuild (ImageMagick)
* Mon May 24 2010 Tom "spot" Callaway <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.11-7
- disable rpath
- rebuild for non-static libxslt
* Wed Mar 24 2010 Mike McGrath <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.11-6.1
- Rebuilt for broken dep
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update q' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1967
2011-02-22 18:20:13
--------------------------------------------------------------------------------
Name : q
Product : Fedora 14
Version : 7.11
Release : 8.fc14
URL : http://q-lang.sourceforge.net
Summary : Equational programming language
Description :
Q is a powerful and extensible functional programming language based
on the term rewriting calculus. You specify an arbitrary system of
equations which the interpreter uses as rewrite rules to reduce
expressions to normal form. Q is useful for scientific programming and
other advanced applications, and also as a sophisticated kind of
desktop calculator. The distribution includes the Q programming tools,
a standard library, add-on modules for interfacing to Curl, GNU dbm,
ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode.
--------------------------------------------------------------------------------
Update Information:
Rebuilt against system libltdl.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 22 2011 Gérard Milmeister <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.11-8
- Rebuild against system libltdl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update q' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1990
2011-02-22 21:45:28
--------------------------------------------------------------------------------
Name : q
Product : Fedora 15
Version : 7.11
Release : 10.fc15
URL : http://q-lang.sourceforge.net
Summary : Equational programming language
Description :
Q is a powerful and extensible functional programming language based
on the term rewriting calculus. You specify an arbitrary system of
equations which the interpreter uses as rewrite rules to reduce
expressions to normal form. Q is useful for scientific programming and
other advanced applications, and also as a sophisticated kind of
desktop calculator. The distribution includes the Q programming tools,
a standard library, add-on modules for interfacing to Curl, GNU dbm,
ODBC, GNU Octave, ImageMagick, Tcl/Tk, XML/XSLT and an Emacs mode.
--------------------------------------------------------------------------------
Update Information:
Rebuilt against system libltdl.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #537941 - CVE-2009-3736 libtool: libltdl may load and execute code
from a library in the current directory
https://bugzilla.redhat.com/show_bug.cgi?id=537941
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update q' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke