Ispravljen propust paketa globus-gridftp-server-control

Kod programskog paketa globus-gridftp-server-control uočen je i ispravljen nedostatak kojeg su napadači mogli iskoristiti za zaobilaženje postavljenih ograničenja i otkrivanje osjetljivih informacija.

Paket:	globus-gridftp-server-control 2.x
Operacijski sustavi:	Fedora 15, Fedora 16, Fedora 17
Problem:	pogreška u programskoj funkciji
Iskorištavanje:	lokalno/udaljeno
Posljedica:	otkrivanje osjetljivih informacija, zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	FEDORA-2012-8461
Izvor:	Fedora

Problem:
U radu programa uočeni su problemi prilikom obrade povratnih vrijednosti programske funkcije "getpw*" i greška u funkciji "getpwnam_r()".
Posljedica:
Zlonamjeran napadač može iskoristiti sigurnosne propuste za zaobilaženje postavljenih ograničenja i otkrivanje osjetljivih informacija.
Rješenje:
Rješenje problema sigurnosti je primjena službenih programskih rješenja.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8461
2012-05-27 01:33:28
--------------------------------------------------------------------------------

Name        : globus-gridftp-server-control
Product     : Fedora 16
Version     : 2.5
Release     : 2.fc16
URL         : http://www.globus.org/
Summary     : Globus Toolkit - Globus GridFTP Server Library
Description :
The Globus Toolkit is an open source software toolkit used for building Grid
systems and applications. It is being developed by the Globus Alliance and
many others all over the world. A growing number of projects and companies are
using the Globus Toolkit to unlock the potential of grids for their cause.

The globus-gridftp-server-control package contains:
Globus GridFTP Server Library

--------------------------------------------------------------------------------
Update Information:

Fix for http://jira.globus.org/browse/GT-195
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 25 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-2
- Backport security fix for JIRA ticket GT-195
* Fri Apr 27 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-1
- Update to Globus Toolkit 5.2.1
- Drop patch globus-gridftp-server-control-deps.patch (fixed upstream)
* Tue Jan 24 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3-2
- Fix broken links in README file
* Wed Dec 14 2011 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3-1
- Update to Globus Toolkit 5.2.0
- Drop patch globus-gridftp-server-control.patch (fixed upstream)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update globus-gridftp-server-control' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8445
2012-05-26 22:05:49
--------------------------------------------------------------------------------

Name        : globus-gridftp-server-control
Product     : Fedora 17
Version     : 2.5
Release     : 2.fc17
URL         : http://www.globus.org/
Summary     : Globus Toolkit - Globus GridFTP Server Library
Description :
The Globus Toolkit is an open source software toolkit used for building Grid
systems and applications. It is being developed by the Globus Alliance and
many others all over the world. A growing number of projects and companies are
using the Globus Toolkit to unlock the potential of grids for their cause.

The globus-gridftp-server-control package contains:
Globus GridFTP Server Library

--------------------------------------------------------------------------------
Update Information:

Fix for http://jira.globus.org/browse/GT-195
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 25 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-2
- Backport security fix for JIRA ticket GT-195
* Fri Apr 27 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-1
- Update to Globus Toolkit 5.2.1
- Drop patch globus-gridftp-server-control-deps.patch (fixed upstream)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update globus-gridftp-server-control' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8488
2012-05-27 06:56:40
--------------------------------------------------------------------------------

Name        : globus-gridftp-server-control
Product     : Fedora 15
Version     : 2.5
Release     : 2.fc15
URL         : http://www.globus.org/
Summary     : Globus Toolkit - Globus GridFTP Server Library
Description :
The Globus Toolkit is an open source software toolkit used for building Grid
systems and applications. It is being developed by the Globus Alliance and
many others all over the world. A growing number of projects and companies are
using the Globus Toolkit to unlock the potential of grids for their cause.

The globus-gridftp-server-control package contains:
Globus GridFTP Server Library

--------------------------------------------------------------------------------
Update Information:

Fix for http://jira.globus.org/browse/GT-195
--------------------------------------------------------------------------------
ChangeLog:

* Fri May 25 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-2
- Backport security fix for JIRA ticket GT-195
* Fri Apr 27 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.5-1
- Update to Globus Toolkit 5.2.1
- Drop patch globus-gridftp-server-control-deps.patch (fixed upstream)
* Tue Jan 24 2012 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3-2
- Fix broken links in README file
* Wed Dec 14 2011 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3-1
- Update to Globus Toolkit 5.2.0
- Drop patch globus-gridftp-server-control.patch (fixed upstream)
* Sun Jun  5 2011 Mattias Ellert <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 0.46-1
- Update to Globus Toolkit 5.0.4
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update globus-gridftp-server-control' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Ispravljen propust paketa globus-gridftp-server-control

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ispravljen propust paketa globus-gridftp-server-control

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti