Otkriven je sigurnosni propust paketa amsn za komunikaciju porukama u realnom vremenu. Napadač je mogao iskoristiti ovaj nedostatak kako vi doveo do uskraćivanja usluge.
Paket:
amsn 0.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2006-0138
Izvorni ID preporuke:
FEDORA-2012-12151
Izvor:
Fedora
Problem:
Problem uzrokuje nepravilno rukovanje podacima prilikom preuzimanja datoteke sa TCP priljučka za njihovo preuzimanje (TCP 6891).
Posljedica:
Napadač je mogao neprekidnim slanjem posebno oblikovane datoteke dovesti do uskraćivanja usluge i gašenja paketa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12151
2012-08-18 01:03:34
--------------------------------------------------------------------------------
Name : amsn
Product : Fedora 17
Version : 0.98.9
Release : 4.fc17
URL : http://www.amsn-project.net/
Summary : MSN Messenger clone for Linux, Mac and Windows
Description :
This is an MSN Messenger clone for Unix, Windows, and Macintosh.
It is written in tcl/tk and supports filetransfers, webcam, etc.
--------------------------------------------------------------------------------
Update Information:
Update to a new version which fixes a lot of things, including webcam support.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 16 2012 Sander Hoentjen <sander@xxxxxxxxxxx> 0.98.9-4
- *sigh*, didn't mean to remove those lines
* Mon Jul 16 2012 Sander Hoentjen <sander@xxxxxxxxxxx> 0.98.9-3
- How hard can it be to get this right? Finally did it.
* Tue Jul 3 2012 Sander Hoentjen <sander@xxxxxxxxxxx> 0.98.9-2
- We do actually move libs around, so add proper fix for that
* Tue Jul 3 2012 Sander Hoentjen <sander@xxxxxxxxxxx> 0.98.9-1
- We don't actually move libs around anymore, so drop fix for that
* Mon Jun 25 2012 Sander Hoentjen <sander@xxxxxxxxxxx> 0.98.9-0
- Update to new version
- require tcllib, it isn't pulled in by other dependencies anymore
- drop upstreamed patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #821416 - CVE-2006-0138 amsn: DoS (client hang, termination of
client's IM session) via repeatedly sending crafted data to default
file-transfer port
https://bugzilla.redhat.com/show_bug.cgi?id=821416
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update amsn' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke