U radu jezgre operacijskog sustava CentOS uočena su dva nova sigurnosna propusta. Napadač ih može iskoristiti za stjecanje većih ovlasti, napad uskraćivanjem usluga (eng. Denial of Service) te pokretanje proizvoljnog programskog koda.
Paket:
Linux kernel 3.x
Operacijski sustavi:
CentOS
Kritičnost:
7.2
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0217, CVE-2012-2934
Izvorni ID preporuke:
2012:0721
Izvor:
CentOS
Problem:
Sigurnosne ranjivosti se javljaju zbog korištenja starijih inačica AMD procesora te zbog pogrešnog ograničavanja syscall povratnih adresa u komponenti "Xen hypervisor".
Posljedica:
Zloćudni korisnik spomenute ranjivosti može iskoristiti za proizvoljno pokretanje programskog koda, DoS napad te dobivanje većih privilegija u sustavu.
Rješenje:
Svim se korisnicima savjetuje nadogradnja ažuriranim paketima.
CentOS Errata and Security Advisory 2012:0721 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0721.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
cbb4a31da293e11c165753949275e557ed989f83ed5bd9ff1bdd5da31d80c636
kernel-2.6.18-308.8.2.el5.i686.rpm
ea33676e3b72e3d74bc67538abf4eb261f43236ff5624fe8f95d8743d7eae448
kernel-debug-2.6.18-308.8.2.el5.i686.rpm
88b655d8310f7dcb5db276de5755d67c7538798aa2fcdf13a44a8625471f0c1f
kernel-debug-devel-2.6.18-308.8.2.el5.i686.rpm
4ea808bd8ca6a90bf6f8c9d0ba6a2cb9ff24cda84c0729ba6f1b11a2663d10f4
kernel-devel-2.6.18-308.8.2.el5.i686.rpm
409ea419465826ecc3e8f5ca226fc862cc4b058adb725c84e9c4c68390f8c8de
kernel-doc-2.6.18-308.8.2.el5.noarch.rpm
9052b183ff52d80f67a7b52663f761cc9d6cfd1db480ba6ed5b38f15982a6e23
kernel-headers-2.6.18-308.8.2.el5.i386.rpm
0b04d3a84ce29460b545f03102422dfbfa5e0d6f5c320f0c86ad83be513b81f3
kernel-PAE-2.6.18-308.8.2.el5.i686.rpm
ed3b3cb0f95ad5217c04d5e0cb53975ebd87b0bd0971b169f41ae3f4313578ea
kernel-PAE-devel-2.6.18-308.8.2.el5.i686.rpm
e2d5facb99b47f353e485bdac3dd270d1e4b2b1a13407d00161b5fb9d41566bc
kernel-xen-2.6.18-308.8.2.el5.i686.rpm
14a82f4c262215b67d7c7c6d22c0fa32ba65ade61b80c728c166b43ddc00b26f
kernel-xen-devel-2.6.18-308.8.2.el5.i686.rpm
x86_64:
d936dd354fd9fbb409ddf415ad7ea87d3b9870e419e58e7925a50d0cc3889713
kernel-2.6.18-308.8.2.el5.x86_64.rpm
da112881ff2dd48d45349d0997ebc0cdfe53dcaa078c6f34055c488a61222452
kernel-debug-2.6.18-308.8.2.el5.x86_64.rpm
4e3d65f7dab2055f0fc732f4192a1d0e4e41abff7e75f1afc85c24cb24ebd0e4
kernel-debug-devel-2.6.18-308.8.2.el5.x86_64.rpm
1086c971fc75d89bfd0fcbda8e31cd807a922324e97697bc7adfe6928db068cd
kernel-devel-2.6.18-308.8.2.el5.x86_64.rpm
409ea419465826ecc3e8f5ca226fc862cc4b058adb725c84e9c4c68390f8c8de
kernel-doc-2.6.18-308.8.2.el5.noarch.rpm
408dd016c3f0d2efce0b27ea4b7a77505313d70bf9089528058f3e20576e4a89
kernel-headers-2.6.18-308.8.2.el5.x86_64.rpm
a2073516d8ac0ebceae4668bd4036a3dad6ea743210794a3bed4678b1a07d6a2
kernel-xen-2.6.18-308.8.2.el5.x86_64.rpm
a1b45d66a1bf5ede91d5ba6e09adfac4238db01cee71267c2dc5f55d27d78452
kernel-xen-devel-2.6.18-308.8.2.el5.x86_64.rpm
Source:
e0fb314918e345984377ba34aa77aaf1dc5420c1e203e721c16068c8af94b817
kernel-2.6.18-308.8.2.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke