Detalji
Kreirano: 11 Srpanj 2012
Otkrivena su dva sigurnosna propusta u radu programskog paketa Qt. Zlonamjernim korisnicima omogućuju DoS napad, pokretanje zlonamjernog programskog koda i lažiranje proizvoljnih SSL poslužitelja.
Paket:
qt 4.x
Operacijski sustavi:
CentOS
Kritičnost:
5.5
Problem:
pogreška u programskoj komponenti, preljev međuspremnika
Iskorištavanje:
lokalno/udaljeno
Posljedica:
proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2010-5076, CVE-2011-3922
Izvorni ID preporuke:
2012:0880
Izvor:
CentOS
Problem:
Propusti su posljedica prepisivanja spremnika na stogu u modulu "harfbuzz" i pogreške u komponenti "QSslSocket".
Posljedica:
Napadač ih može iskoristiti za izvođenje DoS napada, pokretanje proizvoljnog programskog koda i lažiranje proizvoljnih SSL poslužitelja.
Rješenje:
Korisnicima se savjetuje instalacija odgovarajućih zakrpa.
Izvorni tekst preporuke
CentOS Errata and Security Advisory 2012:0880 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0880.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
50f94fe74c884b57a1a2101510283eeffdfd8d0af4af5b1246d61f18154919b5
phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm
730950970da28d3f9e6bacc4eb62cfdb2f0b9cf43c378106fbf61727d580093f
qt-4.6.2-24.el6.i686.rpm
ed2eb8e07eb4eacf0d56ff0f1c37ad97cf27a02f739f50b063e7425f7bf46949
qt-demos-4.6.2-24.el6.i686.rpm
3f2ec9f380e88ddc355692b4a33ced0e21fb1661c3464376c5a3a04039386a2d
qt-devel-4.6.2-24.el6.i686.rpm
6398fd0e92c17891ddc79474e72d56865307aefb91e1822c04a05f19a8607cf1
qt-doc-4.6.2-24.el6.noarch.rpm
ec7c2cd7730d6f4daa322638490bd1523e939782e58fa3641a75d0f368f1e1a6
qt-examples-4.6.2-24.el6.i686.rpm
8cb8d236a4db3381ce90177f2e7a83b26c13de15235ce6a43eb6c4a1fc030703
qt-mysql-4.6.2-24.el6.i686.rpm
a9834f5fadff3f74c8e71e16377e60b846b83d80459a431452bab157f05c0575
qt-odbc-4.6.2-24.el6.i686.rpm
767c9475b48b289b3bc3c3ded8d26d9abe05b0fb22a4c7ccaec7876e1bf3a87e
qt-postgresql-4.6.2-24.el6.i686.rpm
99257e27b8de3d138c3d7e8d5dbd21e04acda47978d9d2f6c09253e3bf8c681d
qt-sqlite-4.6.2-24.el6.i686.rpm
7ff5a4f6b9dea1d0a69b476d54e0baa6dc6a365a2e84e84aa4624d87c49e84e2
qt-x11-4.6.2-24.el6.i686.rpm
x86_64:
f941ea7f2f8a3310278ccb8955622292f75961e2090bda876298290e977d1fd4
phonon-backend-gstreamer-4.6.2-24.el6.i686.rpm
5f111ab646fa6d42d04dcd0006b74e3fa8f3d88acb91e5fe0970c4222b141dc7
phonon-backend-gstreamer-4.6.2-24.el6.x86_64.rpm
fe173715a687f5c2fe3af6b3bc024bd5ee8e031be39a525e9227d1e93308bf47
qt-4.6.2-24.el6.i686.rpm
acf333a818738540b0256691b617db2ed43c38b938e162ed31aec8ee2920ce57
qt-4.6.2-24.el6.x86_64.rpm
4f00ae022ebbf1628783ae8bb91689ed99f583cb9d811f116b0f7ff0ee5dcc5c
qt-demos-4.6.2-24.el6.x86_64.rpm
3bac63ac4be58586c48b6008bf9547a0442dcfbc10f04ee629f201f5b1b00858
qt-devel-4.6.2-24.el6.i686.rpm
63928f2950a03edbf74d767a3df69b2bffbc6db7b23ad484de47f9b85ebba2a0
qt-devel-4.6.2-24.el6.x86_64.rpm
5f0cdecd889df90ac48dd65032373c1a8838a05999bf1447745335fb99fde162
qt-doc-4.6.2-24.el6.noarch.rpm
a399c947549c864e6baf82a028bb35103237691aea3d2ee75ec9e2f348aeea62
qt-examples-4.6.2-24.el6.x86_64.rpm
2530e2d87593d7a259b68cfa645b62263a664b0242cb67a71a5ebfc04f4f535b
qt-mysql-4.6.2-24.el6.i686.rpm
e8f61d7fe170d3103682f477fdf41e2bbdd59229631bc28d9e6adf99fca59640
qt-mysql-4.6.2-24.el6.x86_64.rpm
ee427a742502ad3763ee118475a5646a2c15ab5ea1db9eda6d857c8bb704b971
qt-odbc-4.6.2-24.el6.i686.rpm
9a00bef45139aace15e06ac40afc45de55ee9cca8961ab87a2c08aa69f179d71
qt-odbc-4.6.2-24.el6.x86_64.rpm
a127ddc168606ceea7945a75ca24c40604c32b002fd1a1260dbe93ac92b4d945
qt-postgresql-4.6.2-24.el6.i686.rpm
c444c4d20f3224d0ce3fe0c05724ea2d2c92cb47d704da7a32f3497c67e6d7a1
qt-postgresql-4.6.2-24.el6.x86_64.rpm
99f6619066ed24f327670dea85ddc12d8e9749d4801d97c78b12aaefb5c386e4
qt-sqlite-4.6.2-24.el6.i686.rpm
cf4219ce0203b899f4cf93557f830245fd72a550194a73a87f340e58af8df9cb
qt-sqlite-4.6.2-24.el6.x86_64.rpm
f87e8a8a9a78d871bf0e1bbcd2cc695cc9175723e846758e85ef7247d341b893
qt-x11-4.6.2-24.el6.i686.rpm
2df078f74929e3183cff1c0469aed52d8be1ee072e02d0782f80456e8b36d54c
qt-x11-4.6.2-24.el6.x86_64.rpm
Source:
ac83b28513e964586a65510ef67330f02beb974b0619b8cb4f685a48fad568dd
qt-4.6.2-24.el6.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke