Brojne ranjivosti uočene su i otklonjene novom zakrpom za paket firefox. Radi se o propustima koji omogućuju pokretanje proizvoljnog programskog koda, izvođenje XSS i DoS napada te otkrivanje osjetljivih informacija.
Paket:
Firefox 11.x
Operacijski sustavi:
Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6
Ranjivosti se javljaju zbog nepravilnosti u obradi ".ICO" i ".BMP" datoteka te SVG formata slike, pri otvaranju novih stranica, zbog grešaka u implementaciji WebGL okružnja i drugi.
Posljedica:
Propusti omogućuju izvršavanje proizvoljnog programskog koda, pokretanje XSS i DoS napada, prepisivanje spremnika te otkrivanje osjetljivih informacija.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnji.
CentOS Errata and Security Advisory 2012:1210 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1210.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
3da86a40859ded51736236b0af5656e748c0f583a707c196b69e16d22c46ce37
firefox-10.0.7-1.el6.centos.i686.rpm
aa80a0a7916ec0020135837f9f77ea6d9f5b247e29cb3057d00eeae3808a2e64
xulrunner-10.0.7-1.el6.centos.i686.rpm
2117cfd41fb328b0c2c0125a258c43db3bf64c0181c1397694ba4dc15d42dd3b
xulrunner-devel-10.0.7-1.el6.centos.i686.rpm
x86_64:
3da86a40859ded51736236b0af5656e748c0f583a707c196b69e16d22c46ce37
firefox-10.0.7-1.el6.centos.i686.rpm
fc7a7d567e45859ba38ff9281513b7330e07472b05bc33e5433f87473170cbf5
firefox-10.0.7-1.el6.centos.x86_64.rpm
aa80a0a7916ec0020135837f9f77ea6d9f5b247e29cb3057d00eeae3808a2e64
xulrunner-10.0.7-1.el6.centos.i686.rpm
3574143e41beeba0cfd7dd58e405336bb6ddef33fc7af8a69a1d59431b002fed
xulrunner-10.0.7-1.el6.centos.x86_64.rpm
2117cfd41fb328b0c2c0125a258c43db3bf64c0181c1397694ba4dc15d42dd3b
xulrunner-devel-10.0.7-1.el6.centos.i686.rpm
d17762f434679e917ba8166f8ab951ab859b1a1b087b8eac3141455201f32d0b
xulrunner-devel-10.0.7-1.el6.centos.x86_64.rpm
Source:
7a32ff968ac9fb57e9db6218087f0c6868a971e13b9f84e58ce371508a79019c
firefox-10.0.7-1.el6.centos.src.rpm
6d86b67474be39e8a2e1e3833ee35fc85a471a093b5f11f3f84088982973e9fb
xulrunner-10.0.7-1.el6.centos.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:1210 Critical
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1210.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
0b2bf2082dae2c75a0af9b58b48c44f5b14527e90e6306cd6cd57bd02c9cc644
firefox-10.0.7-1.el5.centos.i386.rpm
a5310d8615fd2c9f16d522d868d73fb4720c543adc782ea794ffcfbafa8212a5
xulrunner-10.0.7-2.el5_8.i386.rpm
f737bfad4025412bd47a561dc461bf0445b94edcf47a5c20b9f9b425fd5eadd0
xulrunner-devel-10.0.7-2.el5_8.i386.rpm
x86_64:
0b2bf2082dae2c75a0af9b58b48c44f5b14527e90e6306cd6cd57bd02c9cc644
firefox-10.0.7-1.el5.centos.i386.rpm
41c4a1926e9735d64fcea5257a8392673a6b23ee5da9dd7cb94e30503cb620aa
firefox-10.0.7-1.el5.centos.x86_64.rpm
a5310d8615fd2c9f16d522d868d73fb4720c543adc782ea794ffcfbafa8212a5
xulrunner-10.0.7-2.el5_8.i386.rpm
25d55a59e7661346e7e72bef9b1a4eacb401ac14a42ba5d0f251aa73e24c6775
xulrunner-10.0.7-2.el5_8.x86_64.rpm
f737bfad4025412bd47a561dc461bf0445b94edcf47a5c20b9f9b425fd5eadd0
xulrunner-devel-10.0.7-2.el5_8.i386.rpm
1119abfac4455d147bdcd4bf7a61561736037bf9d634880770565dd945b72ac7
xulrunner-devel-10.0.7-2.el5_8.x86_64.rpm
Source:
8759f974c9001e2ab894c12d89cc4cee261b4de9fa6f474b272ef51f6947ddca
firefox-10.0.7-1.el5.centos.src.rpm
423007e1b634ca37cef2062c28805ee7945e68b2a817209f85c28c6bf5479abd
xulrunner-10.0.7-2.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke