U radu programskog paketa AccountsService, za operacijski sustav Fedora 17, uočena je sigurnosna ranjivost. Lokalni ju napadači mogu iskoristiti za otkrivanje osjetljivih informacija.
Paket:
accountsservice 0.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
lokalno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2737
Izvorni ID preporuke:
FEDORA-2012-10120
Izvor:
Fedora
Problem:
Ranjivost je posljedica pogreške u funkciji "user_change_icon_file_authorized_cb()".
Posljedica:
Napadačima omogućuje pregled povjerljivih podataka i datoteka.
Rješenje:
Korisnicima ranjivog paketa preporuča se primjena nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10120
2012-06-30 21:31:35
--------------------------------------------------------------------------------
Name : accountsservice
Product : Fedora 17
Version : 0.6.21
Release : 2.fc17
URL : http://www.fedoraproject.org/wiki/Features/UserAccountDialog
Summary : D-Bus interfaces for querying and manipulating user account
information
Description :
The accountsservice project provides a set of D-Bus interfaces for
querying and manipulating user account information and an implementation
of these interfaces, based on the useradd, usermod and userdel commands.
--------------------------------------------------------------------------------
Update Information:
This updates accountsservice to correct a local file disclosure security flaw.
CVE-2012-2737
This update also corrects and issue where spurios users show up in the login
screen user list.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 28 2012 Ray Strode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.6.21-2
- CVE-2012-2737: local file disclosure
* Tue Jun 12 2012 Matthias Clasen <mclasen@redhatcom> 0.6.21-1
- Update to 0.6.21
* Fri May 4 2012 Ray Strode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.6.20-1
- Update to 0.6.20. Should fix user list.
Related: #814690
* Thu May 3 2012 Ray Strode <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 0.6.19-1
- Update to 0.6.19
Allows user deletion of logged in users
Related: #814690
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #836284 - CVE-2012-2737 accountsservice: local file disclosure flaw
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=836284
[ 2 ] Bug #836595 - Remove users "lightdm" and "root" from userlist
https://bugzilla.redhat.com/show_bug.cgi?id=836595
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update accountsservice' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke