U radu programskog paketa ocaml-xml-light uočena je i ispravljena sigurnosna ranjivost koja udaljenim napadačima omogućuje izvođenje napada uskraćivanjem usluge (eng. Denial of Service attack, DoS).
Paket:
ocaml-xml-light 2.x
Operacijski sustavi:
Fedora 17
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
lokalno/udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3514
Izvorni ID preporuke:
FEDORA-2012-12500
Izvor:
Fedora
Problem:
Propust nastaje kao posljedica nepravilnosti pri računanju hash vrijednosti.
Posljedica:
Propust je moguće iskoristiti za izvođenje DoS napada.
Rješenje:
Svim se korisnicima navedenog programskog paketa, u svrhu zaštite sigurnosti, savjetuje njegova nadogradnja na novije inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12500
2012-08-22 20:36:10
--------------------------------------------------------------------------------
Name : ocaml-xml-light
Product : Fedora 17
Version : 2.3
Release : 0.1.svn234.fc17
URL : http://tech.motion-twin.com/xmllight.html
Summary : Minimal XML parser and printer for OCaml
Description :
Xml-Light is a minimal XML parser & printer for OCaml. It provides
functions to parse an XML document into an OCaml data structure, work
with it, and print it back to an XML document. It support also DTD
parsing and checking, and is entirely written in OCaml, hence it does
not require additional C library.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-3514.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 21 2012 Richard W.M. Jones <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.3-0.1.svn234
- Update to latest version (subversion release 234).
- Includes fix for CVE-2012-3514 - moderate impact hash table collisions
(resolves: rhbz#787890).
- Clean up the spec file and bring up to modern standards.
- Add tests.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #787890 - ocaml-xml-light: hash table collisions CPU usage DoS
https://bugzilla.redhat.com/show_bug.cgi?id=787890
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ocaml-xml-light' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke