Kod programskog paketa Ikiwiki, za operacijske sustave Fedora 15, 16 i 17, ispravljen je sigurnosni propust koji udaljenim napadačima omogućuje izvođenje XSS napada.
| Paket: | ikiwiki 3.x |
| Operacijski sustavi: | Fedora 15, Fedora 16, Fedora 17 |
| Kritičnost: | 5.3 |
| Problem: | neodgovarajuća provjera ulaznih podataka |
| Iskorištavanje: | udaljeno |
| Posljedica: | umetanje HTML i skriptnog koda |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-0220 |
| Izvorni ID preporuke: | FEDORA-2012-8161 |
| Izvor: | Fedora |
| Problem: | |
| Nedostatak je posljedica neodgovarajuće provjere ulaznih podataka koji su prilikom stvaranja ili uređivanja stranica putem parametara "author" i "authorurl" preneseni meta direktivama. |
|
| Posljedica: | |
| Napadači ga mogu iskoristiti za izvođenje XSS (eng. cross-site scripting) napada. |
|
| Rješenje: | |
| Korisnicima se preporuča korištenje odgovarajućih zakrpa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8161
2012-05-19 21:15:14
--------------------------------------------------------------------------------
Name : ikiwiki
Product : Fedora 15
Version : 3.20111106
Release : 2.fc15
URL : http://ikiwiki.info/
Summary : A wiki compiler
Description :
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages
suitable for publishing on a website. Ikiwiki stores pages and history
in a revision control system such as Subversion or Git. There are many
other features, including support for blogging, as well as a large
array of plugins.
--------------------------------------------------------------------------------
Update Information:
Security update: Add patch from mainline that should fix a XSS exposure in the
meta plugin (CVE-2012-0220).
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 17 2012 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20111106-2
- Add patch that should fix CVE-2012-0220.
* Wed Nov 9 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20111106-1
- Update to 3.20111106.
* Wed Sep 14 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110905-1
- Update to 3.20110905.
* Sat Jul 23 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110715-3
- Update license tag.
- Add BR on Python to ensure the Python plugin gets byte-compiled.
- Add runtime dependency on Python.
* Fri Jul 22 2011 Petr Pisar <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110715-2
- RPM 4.9 dependency filtering added
* Thu Jul 21 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110715-1
- Update to 3.20110715.
* Wed Jul 20 2011 Petr Sabata <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110707-2
- Perl mass rebuild
* Sat Jul 9 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110707-1
- Update to 3.20110707.
* Sun Jun 19 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110608-1
- Update to 3.20110608.
* Sat May 7 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20110430-1
- Update to 3.20110430.
- Reset spurious x-bits.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ikiwiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8151
2012-05-19 21:14:43
--------------------------------------------------------------------------------
Name : ikiwiki
Product : Fedora 16
Version : 3.20111106
Release : 2.fc16
URL : http://ikiwiki.info/
Summary : A wiki compiler
Description :
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages
suitable for publishing on a website. Ikiwiki stores pages and history
in a revision control system such as Subversion or Git. There are many
other features, including support for blogging, as well as a large
array of plugins.
--------------------------------------------------------------------------------
Update Information:
Security update: Add patch from mainline that should fix a XSS exposure in the
meta plugin (CVE-2012-0220).
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 17 2012 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20111106-2
- Add patch that should fix CVE-2012-0220.
* Wed Nov 9 2011 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20111106-1
- Update to 3.20111106.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ikiwiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-7976
2012-05-17 22:49:55
--------------------------------------------------------------------------------
Name : ikiwiki
Product : Fedora 17
Version : 3.20120516
Release : 1.fc17
URL : http://ikiwiki.info/
Summary : A wiki compiler
Description :
Ikiwiki is a wiki compiler. It converts wiki pages into HTML pages
suitable for publishing on a website. Ikiwiki stores pages and history
in a revision control system such as Subversion or Git. There are many
other features, including support for blogging, as well as a large
array of plugins.
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version 3.20120516. Fixes CVE-2012-0220.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 17 2012 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20120516-1
- Update to 3.20120516.
* Mon Apr 30 2012 Thomas Moschny <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 3.20120419-1
- Update to 3.20120419.
- Specfile cleanups.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ikiwiki' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke