Kod programskog paketa Whatsup, distribuiranog s operacijskim sustavima Fedora 13, 14 i 15, uočen je novi sigurnosni propust. Radi se o aplikaciji za brzo računanje i prikaz uzlaznih i silaznih čvorova u grozdu. Propust se javlja kao posljedica neodgovarajućeg rukovanja zlonamjerno oblikovanim UTF-8 nizovima prilikom obrade XML dokumenata. Takvi nizovi mogu uzrokovati pogreške u radu modula "expat" i to na način da se nakon oznake "end of input" nastavi učitavati ulazni registar što u konačnici dovodi do rušenja ranjivog sustava. Svi se korisnici upućuju na instalaciju novih inačica paketa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3097
2011-03-11 04:35:45
--------------------------------------------------------------------------------
Name : whatsup
Product : Fedora 15
Version : 1.12
Release : 2.fc15
URL : https://computing.llnl.gov/linux/whatsup.html
Summary : Node up/down detection utility
Description :
Whatsup is a cluster node up/down detection utility.
Whatsup can quickly calculate and output the up and down nodes of a cluster.
Whatsup allows some tools, such as Pdsh, to operate more quickly by
not operating on down nodes. Whatsup calculates the up and down nodes of a
cluster through one of several possible backend tools
and several optional cluster node databases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652981 - libnodeupdown-backend-ganglia contains an embedded copy
of expat, prone to CVE-2009-3720
https://bugzilla.redhat.com/show_bug.cgi?id=652981
[ 2 ] Bug #661001 - FTBFS whatsup-1.10-1.fc14
https://bugzilla.redhat.com/show_bug.cgi?id=661001
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update whatsup' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2801
2011-03-07 20:38:00
--------------------------------------------------------------------------------
Name : whatsup
Product : Fedora 14
Version : 1.12
Release : 1.fc14
URL : https://computing.llnl.gov/linux/whatsup.html
Summary : Node up/down detection utility
Description :
Whatsup is a cluster node up/down detection utility.
Whatsup can quickly calculate and output the up and down nodes of a cluster.
Whatsup allows some tools, such as Pdsh, to operate more quickly by
not operating on down nodes. Whatsup calculates the up and down nodes of a
cluster through one of several possible backend tools
and several optional cluster node databases.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 7 2011 Ruben Kerkhof <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.12-1
- Upstream released new version
- Link against system-provided expat (#652981)
- Fixes FTBFS (#661001)
- Drop patch for incorrect open which was merged upstream
* Thu Sep 30 2010 Dan Horåk <dan[at]danny.cz> 1.10-2
- no InfiniBand on s390(x)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #661001 - FTBFS whatsup-1.10-1.fc14
https://bugzilla.redhat.com/show_bug.cgi?id=661001
[ 2 ] Bug #652981 - libnodeupdown-backend-ganglia contains an embedded copy
of expat, prone to CVE-2009-3720
https://bugzilla.redhat.com/show_bug.cgi?id=652981
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update whatsup' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-2794
2011-03-07 20:37:43
--------------------------------------------------------------------------------
Name : whatsup
Product : Fedora 13
Version : 1.12
Release : 1.fc13
URL : https://computing.llnl.gov/linux/whatsup.html
Summary : Node up/down detection utility
Description :
Whatsup is a cluster node up/down detection utility.
Whatsup can quickly calculate and output the up and down nodes of a cluster.
Whatsup allows some tools, such as Pdsh, to operate more quickly by
not operating on down nodes. Whatsup calculates the up and down nodes of a
cluster through one of several possible backend tools
and several optional cluster node databases.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 7 2011 Ruben Kerkhof <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 1.12-1
- Upstream released new version
- Link against system-provided expat (#652981)
- Fixes FTBFS (#661001)
- Drop patch for incorrect open which was merged upstream
- no InfiniBand on s390(x)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652981 - libnodeupdown-backend-ganglia contains an embedded copy
of expat, prone to CVE-2009-3720
https://bugzilla.redhat.com/show_bug.cgi?id=652981
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update whatsup' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke