Uočena su i otklonjena dva sigurnosna nedostatka kod programskih paketa abrt, libreport, btparser i python-meh. Lokalnom napadaču omogućuju otkrivanje osjetljivih informacija.
| Paket: | abrt 2.x, btparser 0.x, libreport 2.x, python-meh 0.x |
| Operacijski sustavi: | CentOS |
| Kritičnost: | 3.2 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | lokalno |
| Posljedica: | otkrivanje osjetljivih informacija |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2011-4088, CVE-2012-1106 |
| Izvorni ID preporuke: | 2012:0841 |
| Izvor: | CentOS |
| Problem: | |
| Oba su nedostatka posljedica nepravilnosti u alatu ABRT (Automatic Bug Reporting Tool). |
|
| Posljedica: | |
| Napadači ih mogu iskoristiti za pregled povjerljivih podataka. |
|
| Rješenje: | |
| Svim se korisnicima savjetuje instalacija sigurnosnih zakrpa. |
|
Izvorni tekst preporuke
CentOS Errata and Security Advisory 2012:0841 Low
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0841.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
a761ddbf659067983214235c2729f1247efa178eeb6f9ca87d2dc463afea3c71
abrt-2.0.8-6.el6.centos.i686.rpm
f8393893f252dc95618f6a16539cbabb2d69f6717bebe07c60af1132e4880a56
abrt-addon-ccpp-2.0.8-6.el6.centos.i686.rpm
cdc21c4c171b6db4b28ca745a0d78e024b9cbaf971048c1bd1fce204f5327529
abrt-addon-kerneloops-2.0.8-6.el6.centos.i686.rpm
e84df2de7429640384da1b24360367dfc5dbb951a67ee4132d65fadb231b4aa3
abrt-addon-python-2.0.8-6.el6.centos.i686.rpm
816376bd99fa394542879adf88f4f97b3798270d667215898b993697198edcd3
abrt-addon-vmcore-2.0.8-6.el6.centos.i686.rpm
337d9b4f808ca9c64724fe05c39d1d4946fbfe00d7e9e2647ac5c3bd578c90bc
abrt-cli-2.0.8-6.el6.centos.i686.rpm
5cafac6da350dd173abbfac7ab28644e5c66b226b568ef1209dfbf29317ba27f
abrt-desktop-2.0.8-6.el6.centos.i686.rpm
a511d77bb33494a13b8a14bad213d456e29b56cef09817c215a9f3b57e7e5e2a
abrt-devel-2.0.8-6.el6.centos.i686.rpm
3f413ba1b8966ae45fa02f53b8d2f326b3b822ecf16310e83ee9c9a2d2d1344e
abrt-gui-2.0.8-6.el6.centos.i686.rpm
b0b283668e7217baa10554516d3b66bb22ba920c8caaf3a483b8a6bb37a9ebc4
abrt-libs-2.0.8-6.el6.centos.i686.rpm
e5d6b6ec4f6918f0b90fdda739f1deb7804fa88e84a6b2e1e7a6d4b6d4dd69ef
abrt-tui-2.0.8-6.el6.centos.i686.rpm
97ade9b6a144ebfef1c3c331e75358ebfd49e4eaf5ea7359cee0ffc4ae91eb3d
btparser-0.16-3.el6.i686.rpm
cce6315ed26e8e94203c2566da7ac524ab5fc9c537ff6a36ec6c2b24cadb4d8a
btparser-devel-0.16-3.el6.i686.rpm
8a817bdbdf23cff3c18cd836dd1dc8f2c145f95b5f5a212368e223c6c7a8b832
btparser-python-0.16-3.el6.i686.rpm
74bceb8a2684b4b97ac1f2b05883b00928ecf2ddd0c93bfc22be468441e9743b
libreport-2.0.9-5.el6.centos.i686.rpm
61fa217b55090613e569f1ad666500cb0166dfd748fcf1fadada952abe09360b
libreport-cli-2.0.9-5.el6.centos.i686.rpm
90d69ae3fc1b9c56e13aa20dea23bb5780771ec125f50ffb110faf13908e8c39
libreport-devel-2.0.9-5.el6.centos.i686.rpm
22ee8c59eaeb04da4358d1012264865fb3da43e203269e5a49fd7ff1d48a83a3
libreport-gtk-2.0.9-5.el6.centos.i686.rpm
4936a74fd90181c2ea6591fe98d87f0bf9597d1a3bd648d445a2fe488aa40d96
libreport-gtk-devel-2.0.9-5.el6.centos.i686.rpm
1e774eb763ef6b2ce3e9d79678587ceda0e07ef3eddf0abc9cdf5bb559328c93
libreport-newt-2.0.9-5.el6.centos.i686.rpm
3832c4bb70234728f61c750973ae2a110b32fde098bb87983d4e26673360266b
libreport-plugin-bugzilla-2.0.9-5.el6.centos.i686.rpm
7d3a4b5df970c8986b924d29e530a7084e6f7a73c54cb8569c3122ff8abf1cdf
libreport-plugin-kerneloops-2.0.9-5.el6.centos.i686.rpm
6aedf157a1e85ea57d31e31f57bec60748548e73de65f117f847eeac27b80082
libreport-plugin-logger-2.0.9-5.el6.centos.i686.rpm
e8fe0884d800059cdc7f779553fc9acfc7e81df73235df2609b767e0033249b6
libreport-plugin-mailx-2.0.9-5.el6.centos.i686.rpm
68ffb8b786675d09e51c2637c5d5f2930c069ddfbdef3b720a85df56b902adf4
libreport-plugin-reportuploader-2.0.9-5.el6.centos.i686.rpm
95d284401f021abdf3e398e144e22e532d2dceecf2979334d29794902e5a25ca
libreport-plugin-rhtsupport-2.0.9-5.el6.centos.i686.rpm
d85059070ac4e682ed331f63f657c420b4064b4463b9eb9a0c92c3325f253392
libreport-python-2.0.9-5.el6.centos.i686.rpm
x86_64:
29d4ae359416c8f960bb854932c851004bcdb5b4975aa7d2e9ce6f1c7cf7ef19
abrt-2.0.8-6.el6.centos.x86_64.rpm
1e563ddb80d64355ff773b1a16a2ca3f733cd781749c23bc5594538d348e6b77
abrt-addon-ccpp-2.0.8-6.el6.centos.x86_64.rpm
ed20e625803d1e1626587c43f7fbb175e2aa67115e41e20d791805f3c0b312b2
abrt-addon-kerneloops-2.0.8-6.el6.centos.x86_64.rpm
d131893e5e59424392394464426347617a934dfb3b17d0e48c3d4dbe092abe5c
abrt-addon-python-2.0.8-6.el6.centos.x86_64.rpm
041bcccf36d8a5c0537e4c840d648208c33311d587c4918d9b10288cfc6f2a1f
abrt-addon-vmcore-2.0.8-6.el6.centos.x86_64.rpm
24e08f2d0c10c4ccfc3d64f36ddb7e23560b006bbe3635323ca5f245be6ff630
abrt-cli-2.0.8-6.el6.centos.x86_64.rpm
4a98752ade514acb5d5105e80f46db40e0893c258817d2794bc52e74b0015308
abrt-desktop-2.0.8-6.el6.centos.x86_64.rpm
451b4a70f53a08f9c4b7317ebd882ee1695d7663ca538ea9881b1273e49a0166
abrt-devel-2.0.8-6.el6.centos.i686.rpm
0009682bb5e3dcfd5252601efc1b5317e8cadde5cab78f7c125ceb98df5ba743
abrt-devel-2.0.8-6.el6.centos.x86_64.rpm
dffb03529d921eda90071cf52f9a4df2c80eb6eae5c54d05d0701e29f4f7670f
abrt-gui-2.0.8-6.el6.centos.x86_64.rpm
e0836f98fd5435134e06b64a13a171ba8c7c44033165be8efff07cb574478bb8
abrt-libs-2.0.8-6.el6.centos.i686.rpm
b2c4c8d3ce2d8f042f7b7b74d0f9be13770da4ed7a5d92db6260c264b17cc42c
abrt-libs-2.0.8-6.el6.centos.x86_64.rpm
6ae499bc2f87d2b3811f257bcffbd43c08cf805a2471042422dbf49f7c361715
abrt-tui-2.0.8-6.el6.centos.x86_64.rpm
d440a78f3810f3339a91e599e9504db959074b9c184504f6e643413b99985b77
btparser-0.16-3.el6.i686.rpm
10acb6d7a6a12166451a5525c2524ae6e2d6a7f59fe3532573bd42807a10ce48
btparser-0.16-3.el6.x86_64.rpm
061a8d1f41fec6f4019021c13eb0e50fc0d87eb0511c9e7ceb62c5534d6234ca
btparser-devel-0.16-3.el6.i686.rpm
cae2896a4e8610a0d1808277ff4c3bdbd133237fe071dccb988fa948facd0f3b
btparser-devel-0.16-3.el6.x86_64.rpm
400992cf07f8ee8072033bcf24f236da07921dfa40249b1b711bcb66fd0b3228
btparser-python-0.16-3.el6.x86_64.rpm
74bceb8a2684b4b97ac1f2b05883b00928ecf2ddd0c93bfc22be468441e9743b
libreport-2.0.9-5.el6.centos.i686.rpm
5a3aa9fca0d2c6ce3b78f2a78af17702cdbdc5a4ebc3f42229998edccfaa0cdc
libreport-2.0.9-5.el6.centos.x86_64.rpm
e31528a82518a1ebd319f113e663814c2dd7e97d3c6e436831de606013ec0004
libreport-cli-2.0.9-5.el6.centos.x86_64.rpm
90d69ae3fc1b9c56e13aa20dea23bb5780771ec125f50ffb110faf13908e8c39
libreport-devel-2.0.9-5.el6.centos.i686.rpm
536600dd425c9c6da45b0fc14962d62286585fbd2ffc00b2568962c051224613
libreport-devel-2.0.9-5.el6.centos.x86_64.rpm
22ee8c59eaeb04da4358d1012264865fb3da43e203269e5a49fd7ff1d48a83a3
libreport-gtk-2.0.9-5.el6.centos.i686.rpm
a5c6cf6f1f0764af2280aa174aba04bc6062328e7df800895bacd357cbba87ce
libreport-gtk-2.0.9-5.el6.centos.x86_64.rpm
4936a74fd90181c2ea6591fe98d87f0bf9597d1a3bd648d445a2fe488aa40d96
libreport-gtk-devel-2.0.9-5.el6.centos.i686.rpm
2e3dca3eb6b6688b1acd9542fd995d824d2be746c7dabfc2335586347856f659
libreport-gtk-devel-2.0.9-5.el6.centos.x86_64.rpm
d66fafe5e6b03a0591e1191d3841ee8f8efe2bb8a2571f102af118f6ff36ce71
libreport-newt-2.0.9-5.el6.centos.x86_64.rpm
31bb1cec96c3f98f1683b2949d3659e36865adc809f2b487a56351f1aa8f769a
libreport-plugin-bugzilla-2.0.9-5.el6.centos.x86_64.rpm
4cb577a97403bf11642a83a4f5cbe006ab2a39334126ea8704313619b0076f99
libreport-plugin-kerneloops-2.0.9-5.el6.centos.x86_64.rpm
b5c1521fe2b1bebfd44643822b3d1c3c88ab633f1616eb7d61009fc7f910982a
libreport-plugin-logger-2.0.9-5.el6.centos.x86_64.rpm
5fc8e4373975950a41e7e6b8638ff14195a0d7398bddbcb0f7f706878887dfa4
libreport-plugin-mailx-2.0.9-5.el6.centos.x86_64.rpm
aae2b4d3deaeabf8dbcd3176ff4cc88cbd6857680f681ac3a9408a5effa575f5
libreport-plugin-reportuploader-2.0.9-5.el6.centos.x86_64.rpm
619267ee69b97c8cf0cbcf6b5ebe7735428550af7fc18bf08b4c6928d5318e8f
libreport-plugin-rhtsupport-2.0.9-5.el6.centos.x86_64.rpm
cd0573196967e8f415c3cfb661245e324b12213755799e8d328f9f2605f836b8
libreport-python-2.0.9-5.el6.centos.x86_64.rpm
Source:
eb8b04c55986f4d7e387130d4a326d02ebdc9bb921d28ecb94c107c1e90aac4c
abrt-2.0.8-6.el6.centos.src.rpm
eba212323a75423d14ff002fd1ac3a1e6621e7cb60f55582a4100165a0304e24
btparser-0.16-3.el6.src.rpm
3534f58cd8816c500f0519c802100e7331dd7c02fe73c6360824c14d3cf2c40c
libreport-2.0.9-5.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke