Programski paket ChouchDB, odnosno inačica namijenjena operacijskom sustavu Fedora 15, sadrži novu sigurnosnu ranjivost. Riječ je o distribuiranoj bazi podataka. Uzrok sigurnosnog propusta je neodgovarajuća obrada nespecificiranih ulaznih podataka prije vraćanja korisniku. Uspješna zloupotreba spomenutog propusta potencijalnom napadaču osigurava mogućnost umetanja proizvoljnog HTML ili skriptnog koda. Dostupne su ispravljene inačice ranjivog programskog paketa koje se savjetuju svima na korištenje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-1513
2011-02-15 17:24:37
--------------------------------------------------------------------------------
Name : couchdb
Product : Fedora 15
Version : 1.0.2
Release : 1.fc15
URL : http://couchdb.apache.org/
Summary : A document database server, accessible via a RESTful JSON API
Description :
Apache CouchDB is a distributed, fault-tolerant and schema-free
document-oriented database accessible via a RESTful HTTP/JSON API.
Among other features, it provides robust, incremental replication
with bi-directional conflict detection and resolution, and is
queryable and indexable using a table-oriented view engine with
JavaScript acting as the default view definition language.
--------------------------------------------------------------------------------
Update Information:
* Ver. 1.0.2 (Bugfix release)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #674145 - CVE-2010-3854 couchdb: XSS vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=674145
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update couchdb' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke