U radu programskog paketa android-tools, distribuiranog s operacijskim sustavom Fedora 17, uočena je sigurnosna ranjivost. Zlonamjernim korisnicima omogućuje izmjenu podataka.
Paket:
android-tools 1.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
izmjena podataka
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2012-7645
Izvor:
Fedora
Problem:
Ranjivost je posljedica postavljanja "udev" seta pravila sa nesigurnim dopuštenjima.
Posljedica:
Napadač ju može iskoristiti za izmjenu podataka.
Rješenje:
Korisnicima se preporuča instalacija odgovarajućih sigurnosnih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7645
2012-05-10 20:34:40
--------------------------------------------------------------------------------
Name : android-tools
Product : Fedora 17
Version : 20120510gitd98c87c
Release : 1.fc17
URL : http://developer.android.com/guide/developing/tools/
Summary : Android platform tools(adb, fastboot)
Description :
The Android Debug Bridge (ADB) is used to:
- keep track of all Android devices and emulators instances
connected to or running on a given host developer machine
- implement various control commands (e.g. "adb shell", "adb pull", etc.)
for the benefit of clients (command-line users, or helper programs like
DDMS). These commands are what is called a 'service' in ADB.
Fastboot is used to manipulate the flash partitions of the Android phone.
It can also boot the phone using a kernel image or root filesystem image
which reside on the host machine rather than in the phone flash.
In order to use it, it is important to understand the flash partition
layout for the phone.
The fastboot program works in conjunction with firmware on the phone
to read and write the flash partitions. It needs the same USB device
setup between the host and the target phone as adb.
--------------------------------------------------------------------------------
Update Information:
- Update to upstream git commit d98c87c
- Added more udev devices
- Resolves: rhbz 819292 secure udev permissions
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 10 2012 Ivan Afonichev <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
20120510gitd98c87c-1
- Update to upstream git commit d98c87c
- Added more udev devices
- Resolves: rhbz 819292 secure udev permissions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #819292 - udev rules set insecure permissions
https://bugzilla.redhat.com/show_bug.cgi?id=819292
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update android-tools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke