U radu paketa xorg-x11-server otkrivena su dva propusta koja omogućuju otkrivanje osjetljivih informacija.
Paket:
xorg-x11-server 1.x
Operacijski sustavi:
Red Hat Enterprise Linux 6
Kritičnost:
1.5
Problem:
neodgovarajuće rukovanje datotekama
Iskorištavanje:
udaljeno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4028, CVE-2011-4029
Izvorni ID preporuke:
2012:0939
Izvor:
CentOS
Problem:
Ranjivost se javlja zbog nepravilnosti u rukovanju tzv. "lock" i "temporary lock" datotekama.
Posljedica:
Zlonamjerni napadač bi mogao izvesti tzv. symbolic link napad da otkrije osjetljive informacije kao npr. otkrivanje direktorija i datoteka koji nisu vidljivi svim korisnicima.
Rješenje:
Svim se korisnicima ažuriranje sustava nadogradnjom.
CentOS Errata and Security Advisory 2012:0939 Low
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0939.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
afc9fec0a02c7cbd776d01d2981e49f15596b0782e93ff0ac8638aab4de48c0e
xorg-x11-server-common-1.10.6-1.el6.centos.i686.rpm
8a7829849115f1f9e08c0c800e04fb0fc34b68aaf70faecd5773eea8234b76e5
xorg-x11-server-devel-1.10.6-1.el6.centos.i686.rpm
cd5ec6b18f7b5cbbd57f728414b0057008ab1532785dff11572615308ea8e3b1
xorg-x11-server-source-1.10.6-1.el6.centos.noarch.rpm
02f7fe02ae6afc62c87a7dcebd02f93f8022b03bd8a5be01cdba4ed3874edfe5
xorg-x11-server-Xdmx-1.10.6-1.el6.centos.i686.rpm
3a574f3646fc30334dd868a8b6935922f9ea265dc355ca0614090efa080997ae
xorg-x11-server-Xephyr-1.10.6-1.el6.centos.i686.rpm
e96c8d165b30ca24520fd1479f54177edfcb7a87e8b1b912a884fab37d1526c0
xorg-x11-server-Xnest-1.10.6-1.el6.centos.i686.rpm
734a61f2a8c87538155e8a5d83acc35444bcbbc764879e244d2d5c92a6ef6d69
xorg-x11-server-Xorg-1.10.6-1.el6.centos.i686.rpm
6319576867269aba8a4944f4b03c18222a639d6d0fadd30dc59f9e9c01feb3f9
xorg-x11-server-Xvfb-1.10.6-1.el6.centos.i686.rpm
x86_64:
7e7bd5b66efe805c6ad50bed82a26191d44ffbb64e7382f34dd44c8a1d2fe94d
xorg-x11-server-common-1.10.6-1.el6.centos.x86_64.rpm
905b26cc0f4153232f528d05b5acab113cc951863893ed02f2783eda2f4c475a
xorg-x11-server-devel-1.10.6-1.el6.centos.i686.rpm
93ad0f1d3b6feec9b62a1f97d8d93099c1a21a30124a79d9d029ec6a3772a3a4
xorg-x11-server-devel-1.10.6-1.el6.centos.x86_64.rpm
77b50ce47fbcf6aeac39fc403e084e166867a1d9958c37cf859bfd0886339561
xorg-x11-server-source-1.10.6-1.el6.centos.noarch.rpm
e43f82819c12e8ca34249473622d010f65e006387605b415909628fefe8a2c8c
xorg-x11-server-Xdmx-1.10.6-1.el6.centos.x86_64.rpm
52121b186dc63f52549a20b0e96b09c6c18f60ff8ce1c3206a68c16bad775750
xorg-x11-server-Xephyr-1.10.6-1.el6.centos.x86_64.rpm
a1289cfb7629fddc07b86446b9cf6f879175c64ed2e060b65537d0f71f814a63
xorg-x11-server-Xnest-1.10.6-1.el6.centos.x86_64.rpm
9dbd4f529f90b5c399828946821ef9d02fdf1f52d469fc4069364397a12c72fd
xorg-x11-server-Xorg-1.10.6-1.el6.centos.x86_64.rpm
39bd041e5cf3c7008918f19feefe946bd34180f1623253e6df347e675e9275b1
xorg-x11-server-Xvfb-1.10.6-1.el6.centos.x86_64.rpm
Source:
36fe33eb59e5502bdfaf83995e5239f86d3b9bb01b641b05fa391a2ec4f8aab6
xorg-x11-server-1.10.6-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke