U radu programskog paketa Avahi, namijenjenog operacijskom sustavu Fedora 15, otkrivena je sigurnosna ranjivost. Riječ je o alatu namijenjenom pronalaženju servisa unutar lokalne računalne mreže, poput drugih računala, pisača i dijeljenih direktorija. Ranjivost je uzrokovana nepravilnošću u datoteci "avahi-core/socket.c", a posljedica je neodgovarajuće zakrpe za propust oznake CVE-2010-2244. Udaljenom napadaču omogućuje izvođenje DoS napada putem praznog IPv4 ili IPv6 UDP paketa. Korisnicima se savjetuje instalacija nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3033
2011-03-10 01:45:51
--------------------------------------------------------------------------------
Name : avahi
Product : Fedora 15
Version : 0.6.29
Release : 1.fc15
URL : http://avahi.org
Summary : Local network service discovery
Description :
Avahi is a system which facilitates service discovery on
a local network -- this means that you can plug your laptop or
computer into a network and instantly be able to view other people who
you can chat with, find printers to print to or find files being
shared. This kind of technology is already found in MacOS X (branded
'Rendezvous', 'Bonjour' and sometimes 'ZeroConf') and is very
convenient.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2011-1002 among other smaller things
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667187 - CVE-2011-1002 avahi: avahi daemon remote DoS by sending
NULL UDP (due incorrect CVE-2010-2244 fix)
https://bugzilla.redhat.com/show_bug.cgi?id=667187
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update avahi' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke