Ispravljen je sigurnosni nedostatak u paketu OpenJPEG koji je omogućavao zlonamjernom korisniku nasilno gašenje paketa ili proizvoljno izvođenje programskog koda.
Paket nepravilno rukuje zaglavljima pojedinih datoteka.
Posljedica:
Zlonamjerni korisnik mogao je podmetnuti posebno oblikovanu datoteku kako bi nasilno ugasio paket i doveo do uskraćivanja usluge ili kako bi izveo programski kod.
CentOS Errata and Security Advisory 2012:1283 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1283.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
9cab51c5d2a7e1148b91b046682f4d12f38bbbaa5b86799aecffff957d1d9197
openjpeg-1.3-9.el6_3.i686.rpm
a1c060c110d7b0ad8e222c031f5ab04e3fe318a2d3838262b3f5a3e17b8f73f9
openjpeg-devel-1.3-9.el6_3.i686.rpm
a81104ee5212e9c509647c36ab1b8dcdd90fc316caebb172fc8dcb6963e96765
openjpeg-libs-1.3-9.el6_3.i686.rpm
x86_64:
d613e8c8acbd38dd3373bba0cc6c360d9717f959b81931bdf6ec431ea2a0a23f
openjpeg-1.3-9.el6_3.x86_64.rpm
a1c060c110d7b0ad8e222c031f5ab04e3fe318a2d3838262b3f5a3e17b8f73f9
openjpeg-devel-1.3-9.el6_3.i686.rpm
d239c60d7d0d1f9dd2e516f824fc536b54c71537aab679e1e5df0f9cd6ef75ab
openjpeg-devel-1.3-9.el6_3.x86_64.rpm
a81104ee5212e9c509647c36ab1b8dcdd90fc316caebb172fc8dcb6963e96765
openjpeg-libs-1.3-9.el6_3.i686.rpm
50bc6e3c7c24f8292c29b1ff60016f8357ed32a77d0b9d70b9dfa3d4a27e91c5
openjpeg-libs-1.3-9.el6_3.x86_64.rpm
Source:
949f949aff2f0a8b545a5d69a6d915e9c990ec0ed9668590de5e7bc16291ec32
openjpeg-1.3-9.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke