Otkrivena dva sigurnosna nedostatka paketa bacula omogućavala su zlonamjernom korisniku otkrivanje lozinki te nedopušteno pisanje preko postojećih datoteka.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11717
2012-08-10 22:08:05
--------------------------------------------------------------------------------

Name : bacula
Product : Fedora 17
Version : 5.2.10
Release : 5.fc17
URL : http://www.bacula.org
Summary : Cross platform network backup for Linux, Unix, Mac and Windows
Description :
Bacula is a set of programs that allow you to manage the backup, recovery, and
verification of computer data across a network of different computers. It is
based on a client/server architecture and is efficient and relatively easy to
use, while offering many advanced storage management features that make it easy
to find and recover lost or damaged files.

--------------------------------------------------------------------------------
Update Information:

Update to fix a couple of bugs reported in other versions.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.10-5
- Removed make_catalog_backup bash script, leave only the default perl one
(rhbz#456612,665498).
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx>
- 5.2.10-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 16 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.10-3
- Updated log path patch (rhbz#837706).
* Tue Jul 10 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.10-2
- Add nss-lookup.target as required to service files (rhbz#838828).
- Fix bsmtp upstream bug sending mails to ipv4/ipv6 hosts.
* Mon Jul 2 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.10-1
- Update to 5.2.10.
* Tue Jun 19 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.9-2
- Remove _isa on BuildRequires.
- Remove useless code in SysV init scripts.
* Tue Jun 12 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.9-1
- Update to 5.2.9, remove termlib patch.
* Mon Jun 11 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.8-2
- Fix console build on RHEL 5.
* Mon Jun 11 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.8-1
- Update to 5.2.8.
- Removed upstram xattr patch.
- Added database backend detection to bacula-libs-sql for upgrades from
<= 5.0.3-28-fc16 and 5.2.6-1.fc17.
* Fri Jun 8 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.7-4
- Make a note about mt-st and mtx (bz#829888).
- Update README.Fedora with current information.
- Fix bacula-sd group on Fedora and RHEL >= 6 (bz#829509).
* Wed Jun 6 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.7-3
- Final xattr patch from upstream for bz#819158.
- Switch alternatives to point to the unversioned system libraries.
Pointed out by the closely related bug #829219.
* Mon Jun 4 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.7-2
- Remove python-devel test leftover.
- Updated bat build patch to add support for RHEL 6.
* Mon Jun 4 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.7-1
- Updated to 5.2.7, removed patches included upstream.
- Removed python-devel patch, fix included in python package.
- Replaced tabs with blanks in spec file (rpmlint).
* Mon May 28 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.6-6
- Even if pulled in by dependencies, re-add explict BR on systemd-units.
- Remove .gz suffix for man pages in file lists as per packaging guidelines.
* Mon May 28 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.6-5
- Patch for bug #819158.
- Updated hostname patch with official fix.
- Sorted all BuildRequires and removed useless systemd-units.
* Wed May 23 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.6-4
- Added python config workaround for Fedora 16.
* Mon May 21 2012 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.6-3
- Removed _install, _mkdir and _make macro.
- Added _isa to BuildRequires.
- Removed lzo-devel option for RHEL 4 (EOL).
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #837706 - Logwatch fails on bacula files
https://bugzilla.redhat.com/show_bug.cgi?id=837706
[ 2 ] Bug #456612 - CVE-2007-5626 bacula: MySQL Director Password Disclosure
Weakness
https://bugzilla.redhat.com/show_bug.cgi?id=456612
[ 3 ] Bug #665498 - CVE-2008-5373 bacula-common: Insecure temporary file use
in autochangers (symlink attack) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=665498
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update bacula' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-announce