Uočen je sigurnosni propust otkriven u radu programskog paketa Condor, namijenjenog operacijskom sustavu Fedora 17. Lokalnom napadaču omogućuje zaobilaženje postavljenih ograničenja.
Paket:
Condor 7.x
Operacijski sustavi:
Fedora 17
Kritičnost:
6.5
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3416
Izvorni ID preporuke:
FEDORA-2012-12127
Izvor:
Fedora
Problem:
Propust je posljedica pogreške u sustavu za autentikaciju koji se temelji na prepoznavanju naziva računala korisnika.
Posljedica:
Napadači ga mogu iskoristiti za zaobilaženje postavljenih sigurnosnih ograničenja.
Rješenje:
Korisnicima se savjetuje instalacija ispravljene inačice.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12127
2012-08-17 23:14:27
--------------------------------------------------------------------------------
Name : condor
Product : Fedora 17
Version : 7.9.1
Release : 0.1.fc17.2
URL : http://www.cs.wisc.edu/condor/
Summary : Condor: High Throughput Computing
Description :
Condor is a specialized workload management system for
compute-intensive jobs. Like other full-featured batch systems, Condor
provides a job queueing mechanism, scheduling policy, priority scheme,
resource monitoring, and resource management. Users submit their
serial or parallel jobs to Condor, Condor places them into a queue,
chooses when and where to run the jobs based upon a policy, carefully
monitors their progress, and ultimately informs the user upon
completion.
--------------------------------------------------------------------------------
Update Information:
Catchup build with CVE fix
Update to 7.9.0 developer series. Happy condor week
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 16 2012 <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.9.1-0.1
- Fast forward to 7.9.1 pre-release
- Fix CVE-2012-3416
* Fri Apr 27 2012 <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 7.9.0-0.1
- Fast forward to 7.9.0 pre-release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #848145 - CVE-2012-3416 condor: host based authentication does not
implement forward-confirmed reverse dns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=848145
[ 2 ] Bug #808019 - Condors MOUNT_UNDER_SCRATCH and autofs do no combine
https://bugzilla.redhat.com/show_bug.cgi?id=808019
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update condor' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke