DoS ranjivost paketa NSS

U radu paketa NSS otkriven je sigurnosni propust koji zlonamjernom korisniku omogućuje izvođenje DoS (eng. Denial of Service) napada.

Paket:	nss 3.x
Operacijski sustavi:	Red Hat Enterprise Linux 6
Problem:	neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti
Iskorištavanje:	lokalno/udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	2012:1091
Izvor:	CentOS

Problem:
Propust je uzrokovan nepravilnošću ASN.1 (Abstract Syntax Notation One) dekodera pri obradi ulaznih nizova.
Posljedica:
Zlonamjeni korisnik bi mogao izvesti DoS napad rušenjem aplikacije.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnje u kojoj je propust ispravljen.

Izvorni tekst preporuke

CentOS Errata and Security Advisory 2012:1091 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1091.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 


i386:
6c92dcdd887c875ac7b483048f421cc2b2b8b36cc5b629cd6741fe3a51f38455 
nspr-4.9.1-2.el6_3.i686.rpm
e7f2272a546eba5929743f0c104d25e039f915e27237bc481c75c899d5af7f24 
nspr-devel-4.9.1-2.el6_3.i686.rpm
79d0c655ad6c5909e18ccecdc7df37a5fd238852cc660269af5147146cf4da12 
nss-3.13.5-1.el6_3.i686.rpm
55624050d35e4fa815d00f01376ad89b6ceeed53d33ae2a82f21fdea6b888ff8 
nss-devel-3.13.5-1.el6_3.i686.rpm
94a38294c5c614be95428d8b0fae9dd2f8ead41661c4d80a87850e3f9fc5e083 
nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm
eeb2643edc28b8704323ad7b7d336e52dac515139a4243190cc2aa467e4184f9 
nss-sysinit-3.13.5-1.el6_3.i686.rpm
87798e2edc8e12ebd4f075acea82525bc367b7e89942ee408ce6d503c39ca92d 
nss-tools-3.13.5-1.el6_3.i686.rpm
59dd7e79257733659325070a07ca1eb46294245980f71f0b74e8efd184cb7e4d 
nss-util-3.13.5-1.el6_3.i686.rpm
4a8fb926dd91295ab9283337f16831678dfc4993669d886aa7b5620cc6b8e26d 
nss-util-devel-3.13.5-1.el6_3.i686.rpm

x86_64:
6c92dcdd887c875ac7b483048f421cc2b2b8b36cc5b629cd6741fe3a51f38455 
nspr-4.9.1-2.el6_3.i686.rpm
8d6863ab8297a858b930702031d37e0607153af0bfc4b30440e626aaeb5fe57c 
nspr-4.9.1-2.el6_3.x86_64.rpm
e7f2272a546eba5929743f0c104d25e039f915e27237bc481c75c899d5af7f24 
nspr-devel-4.9.1-2.el6_3.i686.rpm
82313e6b8a860ff1bd7e3e72a527dd032f64573d168beeade6d998be5340d518 
nspr-devel-4.9.1-2.el6_3.x86_64.rpm
79d0c655ad6c5909e18ccecdc7df37a5fd238852cc660269af5147146cf4da12 
nss-3.13.5-1.el6_3.i686.rpm
206ce2e8d7e8a4d92f676cc18d3cb697a16699c440e5605925fd354df0381ee3 
nss-3.13.5-1.el6_3.x86_64.rpm
55624050d35e4fa815d00f01376ad89b6ceeed53d33ae2a82f21fdea6b888ff8 
nss-devel-3.13.5-1.el6_3.i686.rpm
a0d80f40f0626e62163b7c23cb6159b2b87d4a1bd2f4d0cf7547a4ac99ea9d63 
nss-devel-3.13.5-1.el6_3.x86_64.rpm
94a38294c5c614be95428d8b0fae9dd2f8ead41661c4d80a87850e3f9fc5e083 
nss-pkcs11-devel-3.13.5-1.el6_3.i686.rpm
ce62c6373df12811b1664b7facdf9f2970f5bba1dbefd3b7e05d97be62e58855 
nss-pkcs11-devel-3.13.5-1.el6_3.x86_64.rpm
53ecce09cd3157073902b20f050a168d8ca66fe7fb75409b2ae89565a6b23638 
nss-sysinit-3.13.5-1.el6_3.x86_64.rpm
0050c1c56dfd339f9e6e4be124a26ad146982d951965a238d37ae648c09d60dc 
nss-tools-3.13.5-1.el6_3.x86_64.rpm
59dd7e79257733659325070a07ca1eb46294245980f71f0b74e8efd184cb7e4d 
nss-util-3.13.5-1.el6_3.i686.rpm
c64c3519240d1e40d553be2d5c81d13582e52c718d2b6edda11c2ae8eb5316c5 
nss-util-3.13.5-1.el6_3.x86_64.rpm
4a8fb926dd91295ab9283337f16831678dfc4993669d886aa7b5620cc6b8e26d 
nss-util-devel-3.13.5-1.el6_3.i686.rpm
20480665634a9dcec4c75d82f6fe03481bc54f17a1b8bde325b2d6f03cb49bd0 
nss-util-devel-3.13.5-1.el6_3.x86_64.rpm

Source:
ab2d15305f447c202709720668cc4276a206097947c0616220fb8f6119977686 
nspr-4.9.1-2.el6_3.src.rpm
b94809ee1654b80afef24624e59d77866bac594cce708cbf0809d8a8e7bb626d 
nss-3.13.5-1.el6_3.src.rpm
98c4dbb5df76731e3bfa9c2c70e5744b2fd5abe59228d5df3aa91bfa55405368 
nss-util-3.13.5-1.el6_3.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce



CentOS Errata and Security Advisory 2012:1090 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1090.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
5479be80ad867495cfc776cb256814688f8f67774a7da886488c6fb2dc38ca91 
nspr-4.9.1-4.el5_8.i386.rpm
88cf336d2879dc67b56964ae5978f9b1d7075ef7d9a35629a857559d7dccf17f 
nspr-devel-4.9.1-4.el5_8.i386.rpm
e856a6244e8b44f0a9b1b9887a7e738723e86fd4295b1d559c6aa19aaee003ae 
nss-3.13.5-4.el5_8.i386.rpm
91471424901bf424820c18f991a9869f0e12389a5025676991f01e972c11f1a9 
nss-devel-3.13.5-4.el5_8.i386.rpm
f72a18025df57b2bb95a1781e49ac1dd54b85066cd70743e08d6ed8833c26f1d 
nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm
159884df1b31c8ef4ed6f4c2c5a719f1aadf4f1a83e499627c93751ac0bd797c 
nss-tools-3.13.5-4.el5_8.i386.rpm

x86_64:
5479be80ad867495cfc776cb256814688f8f67774a7da886488c6fb2dc38ca91 
nspr-4.9.1-4.el5_8.i386.rpm
ae726e6968f04550619b9be40fcaf886a0df259896e8d5e4c36f902ec4995737 
nspr-4.9.1-4.el5_8.x86_64.rpm
88cf336d2879dc67b56964ae5978f9b1d7075ef7d9a35629a857559d7dccf17f 
nspr-devel-4.9.1-4.el5_8.i386.rpm
e203383942a2068984f22597079c57cca4d1d4e36aac914f63dd783b79bc47aa 
nspr-devel-4.9.1-4.el5_8.x86_64.rpm
e856a6244e8b44f0a9b1b9887a7e738723e86fd4295b1d559c6aa19aaee003ae 
nss-3.13.5-4.el5_8.i386.rpm
39f61bfc24b7ed592ef12d914ce0c5bf7894fceee0529fa86d68210ab0e09442 
nss-3.13.5-4.el5_8.x86_64.rpm
91471424901bf424820c18f991a9869f0e12389a5025676991f01e972c11f1a9 
nss-devel-3.13.5-4.el5_8.i386.rpm
3640ab2e7f916e60c6ed5d1e55239515c7703bb8990fc93b04020a576145d02c 
nss-devel-3.13.5-4.el5_8.x86_64.rpm
f72a18025df57b2bb95a1781e49ac1dd54b85066cd70743e08d6ed8833c26f1d 
nss-pkcs11-devel-3.13.5-4.el5_8.i386.rpm
0fd55a640909c9502a8f43bb7ed1cde7431663569092673294ed75c29d296e8a 
nss-pkcs11-devel-3.13.5-4.el5_8.x86_64.rpm
559983034b602bbe92a00c5c8c5d157d1c57b02869502bf80fe0f6a8e0d685d9 
nss-tools-3.13.5-4.el5_8.x86_64.rpm

Source:
4c3a6a3bc53e14cc7147db183f526350dae3502a959211007b23d7233187fd34 
nspr-4.9.1-4.el5_8.src.rpm
e9a8af28ddf624f343ffbdd73e7f27e5068b4c711917234c4c7736dd4eef253b 
nss-3.13.5-4.el5_8.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce

DoS ranjivost paketa NSS

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

DoS ranjivost paketa NSS

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti