Otkriven je i ispravljen sigurnosni propust kod programskog paketa php-symfony-symfony kojeg su udaljeni napadači mogli iskoristiti za zaobilaženje postavljenih ograničenja.
| Paket: | |
| Operacijski sustavi: | Fedora 15, Fedora 16, Fedora 17 |
| Kritičnost: | 4.3 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | zaobilaženje postavljenih ograničenja |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-2667 |
| Izvorni ID preporuke: | FEDORA-2012-8985 |
| Izvor: | Fedora |
| Problem: | |
| Uočena je ranjivost u datoteci "lib/user/sfBasicSecurityUser.class.php". |
|
| Posljedica: | |
| Napadač može iskoristiti nedostatak kako bi zaobišao postavljena ograničenja i oteo mrežnu sjednicu. |
|
| Rješenje: | |
| Korisnicima se preporuča nadogradnja ranjivog programskog paketa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8985
2012-06-07 01:40:06
--------------------------------------------------------------------------------
Name : php-symfony-symfony
Product : Fedora 16
Version : 1.4.18
Release : 1.fc16
URL : http://www.symfony-project.org/
Summary : Open-Source PHP Web Framework
Description :
Symfony is a complete framework designed to optimize the development of web
applications by way of several key features. For starters, it separates a web
application's business rules, server logic, and presentation views.
It contains numerous tools and classes aimed at shortening the development time
of a complex web application. Additionally, it automates common tasks so that
the developer can focus entirely on the specifics of an application.
The end result of these advantages means there is no need to reinvent the wheel
every time a new web application is built!
--------------------------------------------------------------------------------
Update Information:
- upstream 1.4.18
- fixes: CVE-2012-2667 php-symfony-symfony: Session fixation flaw
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 4 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.18-1
- upstream 1.4.18 (security fix)
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-2
- fix doctrine path
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-1
- upstream 1.4.17
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.4.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828079 - CVE-2012-2667 php-symfony-symfony: Session fixation flaw
corrected in upstream 1.4.18 version [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=828079
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-symfony-symfony' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8911
2012-06-07 01:35:48
--------------------------------------------------------------------------------
Name : php-symfony-symfony
Product : Fedora 15
Version : 1.4.18
Release : 1.fc15
URL : http://www.symfony-project.org/
Summary : Open-Source PHP Web Framework
Description :
Symfony is a complete framework designed to optimize the development of web
applications by way of several key features. For starters, it separates a web
application's business rules, server logic, and presentation views.
It contains numerous tools and classes aimed at shortening the development time
of a complex web application. Additionally, it automates common tasks so that
the developer can focus entirely on the specifics of an application.
The end result of these advantages means there is no need to reinvent the wheel
every time a new web application is built!
--------------------------------------------------------------------------------
Update Information:
- upstream 1.4.18
- fixes: CVE-2012-2667 php-symfony-symfony: Session fixation flaw
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 4 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.18-1
- upstream 1.4.18 (security fix)
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-2
- fix doctrine path
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-1
- upstream 1.4.17
* Sat Jan 14 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1.4.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828079 - CVE-2012-2667 php-symfony-symfony: Session fixation flaw
corrected in upstream 1.4.18 version [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=828079
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-symfony-symfony' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8966
2012-06-07 01:39:18
--------------------------------------------------------------------------------
Name : php-symfony-symfony
Product : Fedora 17
Version : 1.4.18
Release : 1.fc17
URL : http://www.symfony-project.org/
Summary : Open-Source PHP Web Framework
Description :
Symfony is a complete framework designed to optimize the development of web
applications by way of several key features. For starters, it separates a web
application's business rules, server logic, and presentation views.
It contains numerous tools and classes aimed at shortening the development time
of a complex web application. Additionally, it automates common tasks so that
the developer can focus entirely on the specifics of an application.
The end result of these advantages means there is no need to reinvent the wheel
every time a new web application is built!
--------------------------------------------------------------------------------
Update Information:
- upstream 1.4.18
- fixes: CVE-2012-2667 php-symfony-symfony: Session fixation flaw
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 4 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.18-1
- upstream 1.4.18 (security fix)
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-2
- fix doctrine path
* Thu Mar 8 2012 Christof Damian <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1.4.17-1
- upstream 1.4.17
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828079 - CVE-2012-2667 php-symfony-symfony: Session fixation flaw
corrected in upstream 1.4.18 version [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=828079
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-symfony-symfony' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke