Utvrđen je sigurnosni nedostatak programskog paketa redeclipse, namijenjenog operacijskom sustavu Fedora 17. Spomenuti nedostatak se može iskoristiti za čitanje/izmjenu određenih datoteka.
Paket:
redeclipse 1.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
izmjena podataka, otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
FEDORA-2012-11582
Izvor:
Fedora
Problem:
Propust je posljedica nepravilnog rukovanja konfiguracijskim datotekama.
Posljedica:
Zlonamjerni korisnik može iskoristiti propust za čitanje/izmjenu datoteka kojima korisnik pristupi nakon učitavanja mape za igru koja sadrži posebno oblikovanu konfiguracijsku datoteku.
Rješenje:
Rješenje problema sigurnosti je nadogradnja paketa na novije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11582
2012-08-09 22:04:04
--------------------------------------------------------------------------------
Name : redeclipse
Product : Fedora 17
Version : 1.2
Release : 12.fc17
URL : http://www.redeclipse.net/
Summary : Multiplayer FPS game based on Cube2
Description :
A single-player and multi-player first-person ego-shooter, built on Cube
Engine 2, which lends itself toward a balanced gameplay, completely at
the control of map makers, while maintaining a general theme of agility
in a variety of environments.
Features:
* Balanced gameplay, with a general theme of agility in a variety of
environments
* Parkour, impulse boosts, dashing, sliding, and other tricks
* Favourite gamemodes with tons of mutators and variables
* Available for Windows, Linux/BSD and Mac OSX
* Builtin editor lets you create your own maps cooperatively online
--------------------------------------------------------------------------------
Update Information:
A flaw was found in the way Red Eclipse handled config files. In cube2-engine
games, game maps can be transmitted either from the server to a client, or from
client to client. These maps include a config file (mapname.cfg) in
"cubescript" format, which allows for an attacker to send a malicious script via
a new map. This map must either be chosen by an administrator on the server, or
created in co-operative editing mode. A malicious script could then be used to
read or write to any files that the user running the client has access to when
the victim loads a map with the malicious configuration file.
The patch included in this update stops "textedit" commands being able to be run
in map-run scripts, thus disabling the ability to read/write to user files.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #846368 - redeclipse: arbitrary file disclosue flaw with transmitted
map cfg scripts
https://bugzilla.redhat.com/show_bug.cgi?id=846368
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update redeclipse' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke