Detalji

U radu programskog paketa TeXmacs, namijenjenog operacijskim sustavima Fedora 13 i 14, uočena je sigurnosna ranjivost. Riječ je o besplatnom znanstvenom uređivaču teksta. Ranjivost je posljedica toga što skripte "texmacs" i "tm_mupad_help" postavljaju ime direktorija duljine nula (eng. zero-length) u LD_LIBRARY_PATH varijablu okoline. Lokalni ju napadač može iskoristiti za stjecanje povećanih ovlasti putem trojanskog konja u trenutnom radnom direktoriju. Korisnicima se preporuča instalacija novih programskih rješenja.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2127
2011-02-24 20:24:46
--------------------------------------------------------------------------------

Name        : TeXmacs
Product     : Fedora 14
Version     : 1.0.7.9
Release     : 2.fc14
URL         : http://www.texmacs.org
Summary     : Structured WYSIWYG scientific text editor
Description :
GNU TeXmacs is a free scientific text editor, which was both inspired
by TeX and GNU Emacs. The editor allows you to write structured
documents via a WYSIWYG (what-you-see-is-what-you-get) and user
friendly interface.  New styles may be created by the user. The
program implements high-quality typesetting algorithms and TeX fonts,
which help you to produce professionally looking documents.

The high typesetting quality still goes through for automatically
generated formulas, which makes TeXmacs suitable as an interface for
computer algebra systems. TeXmacs also supports the Guile/Scheme
extension language, so that you may customize the interface and write
your own extensions to the editor.

In the future, TeXmacs is planned to evolve towards a complete
scientific office suite, with spreadsheet capacities, a technical
drawing editor and a presentation mode.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2010-3394 (#638428)
package fonts according to fedora font packaging guidelines (#477464)
update to 1.0.7.9 (#593625)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 23 2011 Jindrich Novy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0.7.9-2
- first attempt to package fonts according to fedora font
  packaging guidelines (#477464)
- fix CVE-2010-3394 (#638428)
- fix Requires
- fix build -> broken util.h usage
- fix desktop categories
- remove BuildRoot
* Sun Feb 13 2011 GÊrard Milmeister <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0.7.9-1
- new release 1.0.7.9
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #638428 - CVE-2010-3394 TeXmacs: insecure library loading
vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=638428
  [ 2 ] Bug #477464 - [TeXmacs] Please convert to new font packaging guidelines
        https://bugzilla.redhat.com/show_bug.cgi?id=477464
  [ 3 ] Bug #593625 - TeXmacs-1.0.7.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=593625
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update TeXmacs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2146
2011-02-24 20:25:29
--------------------------------------------------------------------------------

Name        : TeXmacs
Product     : Fedora 13
Version     : 1.0.7.9
Release     : 2.fc13
URL         : http://www.texmacs.org
Summary     : Structured WYSIWYG scientific text editor
Description :
GNU TeXmacs is a free scientific text editor, which was both inspired
by TeX and GNU Emacs. The editor allows you to write structured
documents via a WYSIWYG (what-you-see-is-what-you-get) and user
friendly interface.  New styles may be created by the user. The
program implements high-quality typesetting algorithms and TeX fonts,
which help you to produce professionally looking documents.

The high typesetting quality still goes through for automatically
generated formulas, which makes TeXmacs suitable as an interface for
computer algebra systems. TeXmacs also supports the Guile/Scheme
extension language, so that you may customize the interface and write
your own extensions to the editor.

In the future, TeXmacs is planned to evolve towards a complete
scientific office suite, with spreadsheet capacities, a technical
drawing editor and a presentation mode.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2010-3394 (#638428)
package fonts according to fedora font packaging guidelines (#477464)
update to 1.0.7.9 (#593625)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 23 2011 Jindrich Novy <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.0.7.9-2
- update to 1.0.7.9
- fix CVE-2010-3394 (#638428)
- first attempt to package fonts according to fedora font
  packaging guidelines (#477464)
- fix Requires
- fix build -> broken util.h usage
- fix desktop categories
- remove BuildRoot
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #638428 - CVE-2010-3394 TeXmacs: insecure library loading
vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=638428
  [ 2 ] Bug #477464 - [TeXmacs] Please convert to new font packaging
guidelines
        https://bugzilla.redhat.com/show_bug.cgi?id=477464
  [ 3 ] Bug #593625 - TeXmacs-1.0.7.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=593625
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update TeXmacs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh