Nekoliko ranjivosti otkriveno je u paketu libxslt. Nedostaci omogućuju pokretanje proizvoljnog programskog koda, čitanje povjerljivih informacija, izvođenje DoS napada te zaobilaženje postavljenih memorijskih ograničenja.
Paket:
libxslt 1.x
Operacijski sustavi:
Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6
Kritičnost:
5
Problem:
cjelobrojno prepisivanje, neodgovarajuće rukovanje datotekama, pogreška u programskoj komponenti
Ranjivosti se javljaju zbog prepisivanja spremnika pri obradi XSL datoteka, neprovjerenih XPath izraza te izvedbi XSLT transformacija.
Posljedica:
Napadač bi mogao iskoristiti propuste za otkrivanje osjetljivih informacija, DoS napad, obilaženje postavljenih memorijskih ograničenja te pokretanje proizvoljnog programskog koda.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnji.
CentOS Errata and Security Advisory 2012:1265 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
6bffce617e831fcf49d21ff048e6fb1a439d5890c5b8a8a9588d71d6cda6b5f8
libxslt-1.1.26-2.el6_3.1.i686.rpm
768adfca5b9e5ba2c409cbddb3b5586413c9c1ca9ceddffa3106173ff10365d6
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
a789fe0222628645577c9a3497bf9294f1878c6804b51395e6299f7c26ebd771
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
x86_64:
6bffce617e831fcf49d21ff048e6fb1a439d5890c5b8a8a9588d71d6cda6b5f8
libxslt-1.1.26-2.el6_3.1.i686.rpm
cad60abafcf8d8e9845ffe9df1b500869b1d0b49c4cccfbe5acbbe2d6a8ee39c
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
768adfca5b9e5ba2c409cbddb3b5586413c9c1ca9ceddffa3106173ff10365d6
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
9bd3aa4b7dc8ec8fa72899731c932107f066f828363475161125bf0b33ee41d6
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
42c3ad398719d6543b295834d25f22ae13d4f4bc7bc7c0622897cf2a91226509
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Source:
9330ec8ceb4c78de924f35cc25a5091da97e221f86abdc810e80a3f1f14d4032
libxslt-1.1.26-2.el6_3.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:1265 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1265.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
734626b9379a6d8930953042b7ff828ca94ab49eba0d28e4577a6f0c73eba7f4
libxslt-1.1.17-4.el5_8.3.i386.rpm
43833823f5ca89611cd20fcf95fe0d70608174300130c5ead75501ce70e61e51
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
391e8bf9a8eaea51f204783765cce929662fa61e0dc620d91aa1ae8702f82876
libxslt-python-1.1.17-4.el5_8.3.i386.rpm
x86_64:
734626b9379a6d8930953042b7ff828ca94ab49eba0d28e4577a6f0c73eba7f4
libxslt-1.1.17-4.el5_8.3.i386.rpm
1525ac210b2626cafb8623fffa1ab0d8cfb3d19bba5ac01da39e6cec5a1d6bb6
libxslt-1.1.17-4.el5_8.3.x86_64.rpm
43833823f5ca89611cd20fcf95fe0d70608174300130c5ead75501ce70e61e51
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
39106076184b0d38711eda6ea749b122b2b04012e073c515704040a9f8a927cd
libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
f3c39e01a56180e3d554bb69e5ce30f62d510ea9e99f0d40d487193e25fc01c9
libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
Source:
b51c27548936281bd62ea799445f05b6df8e35fba34ff5f8ec906648e72ae3a1
libxslt-1.1.17-4.el5_8.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke