Detalji

U radu programskog paketa galeon, namijenjenog operacijskom sustavu Fedora 14, uočeno je nekoliko sigurnosnih propusta. Galeon je besplatan web preglednik otvorenog programskog koda. Ranjivosti su uzrokovane pojavom prepisivanja spremnika te nepravilnim rukovanjem memorijom pri čemu je moguće korištenje već oslobođenih memorijskih lokacija ili njihovo nepravilno oslobađanje u "JSON.stringify". Napadač putem posebno oblikovanih datoteka može srušiti osjetljivu aplikaciju, kao i pokrenuti CSRF napad putem dodataka (eng. plugins) ili preusmjeravanja. Savjetuje se instalacija dostupne nadogradnje.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2444
2011-03-02 01:27:20
--------------------------------------------------------------------------------

Name        : galeon
Product     : Fedora 14
Version     : 2.0.7
Release     : 37.fc14.1
URL         : http://galeon.sourceforge.net/
Summary     : GNOME2 Web browser based on Mozilla
Description :
Galeon is a web browser built around Gecko (Mozilla's rendering
engine) and Necko (Mozilla's networking engine). It's a GNOME web
browser, designed to take advantage of as many GNOME technologies as
makes sense. Galeon was written to do just one thing - browse the web.

--------------------------------------------------------------------------------
Update Information:

Update to new upstream Firefox version 3.6.14, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.7-37.1
- Rebuild against newer gecko
* Thu Dec  9 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.7-36.1
- Rebuild against newer gecko
* Thu Oct 28 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.7-35.1
- Rebuild against newer gecko
* Tue Oct 19 2010 Jan Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.0.7-34.1
- Rebuild against newer gecko
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update galeon' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh