Detalji

Kod programskog paketa mozvoikko, inačice koja je distribuirana s operacijskim sustavom Fedora 14, uočena je sigurnosna ranjivost. Mozvoikko je paket koji predstavlja dodatak web pregledniku Mozilla Firefox, a koristi se prilikom provjere pravopisa. Pojedini propusti uključuju pogreške u rukovanju memorijom te pojavu preljeva memorijskog spremnika (eng. buffer overflow). Iskorištavanjem propusta napadač može srušiti ranjivu aplikaciju te izvesti CSRF napad. Obzirom da su inačice koje sadrže ispravke dostupne, preporučaju se svima na korištenje. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2444
2011-03-02 01:27:20
--------------------------------------------------------------------------------

Name        : mozvoikko
Product     : Fedora 14
Version     : 1.0
Release     : 18.fc14.1
URL         : http://voikko.sourceforge.net
Summary     : Finnish Voikko spell-checker extension for Mozilla programs
Description :
This is mozvoikko, an extension for Mozilla programs for using the Finnish
spell-checker Voikko.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-18.1
- Rebuild against newer gecko
* Thu Dec  9 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-17.1
- Rebuild against newer gecko
* Thu Oct 28 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-16.1
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0-15.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update mozvoikko' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh