Izdana je nova inačica programskog paketa dbus-1 čime se otklanja sigurnosna ranjivost koja je lokalnim napadačima omogućavala pokretanje proizvoljnih aplikacija s ovlastima administratora.
Paket:
dbus 1.x
Operacijski sustavi:
SUSE Linux Enterprise Desktop 11, SUSE Linux Enterprise Server (SLES) 11
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3524
Izvorni ID preporuke:
SUSE-SU-2012:1155-1
Izvor:
SUSE
Problem:
Ranjivost je uzrokovana pogreškom u "auto-launching" funkcionalnosti.
Posljedica:
Napadači ju mogu iskoristiti za pokretanje proizvoljnih programa s administratorskim ovlastima.
Rješenje:
Korisnicima se preporuča instalacija odgovarajućih zakrpa.
SUSE Security Update: Security update for dbus-1
______________________________________________________________________________
Announcement ID: SUSE-SU-2012:1155-1
Rating: important
References: #697105 #764047
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update fixes a vulnerability in the DBUS
auto-launching feature that allowed local users to execute
arbitrary programs as root. CVE-2012-3524 has been
assigned to this issue.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-dbus-1-6733
- SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-dbus-1-6733
- SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-dbus-1-6733
- SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-dbus-1-6733
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64
s390x x86_64):
dbus-1-devel-1.2.10-3.25.1
dbus-1-devel-doc-1.2.10-3.25.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):
dbus-1-1.2.10-3.25.1
dbus-1-x11-1.2.10-3.25.1
- SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):
dbus-1-32bit-1.2.10-3.25.1
- SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):
dbus-1-1.2.10-3.25.1
dbus-1-x11-1.2.10-3.25.1
- SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):
dbus-1-32bit-1.2.10-3.25.1
- SUSE Linux Enterprise Server 11 SP2 (ia64):
dbus-1-x86-1.2.10-3.25.1
- SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):
dbus-1-1.2.10-3.25.1
dbus-1-x11-1.2.10-3.25.1
- SUSE Linux Enterprise Desktop 11 SP2 (x86_64):
dbus-1-32bit-1.2.10-3.25.1
References:
https://bugzilla.novell.com/697105
https://bugzilla.novell.com/764047
http://download.novell.com/patch/finder/?keywords=67554744e53055e253dbe3ef2cceb035
--
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke