Pronađen je i ispravljen sigurnosni propust paketa glibc koji je lokalnom korisniku omogućavao nasilno gašenje aplikacije ili proizvoljno izvođenje programskog koda.
Paket:
glibc 2.x
Operacijski sustavi:
Fedora 18
Kritičnost:
4.6
Problem:
pogreška u programskoj funkciji
Iskorištavanje:
lokalno
Posljedica:
preuzimanje potpune kontrole nad sustavom, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3480
Izvorni ID preporuke:
FEDORA-2012-11963
Izvor:
Fedora
Problem:
Izvor problema proizlazi iz neispravnih funkcija strtod, strtof, strtold, strtod_l i sličnih povezanih funkcija.
Posljedica:
Lokalni zlonamjerni korisnik mogao je iskoristiti ranjivost kako bi nasilno ugasio aplikaciju te doveo do uskraćivanja usluge ili pokrenuo proizvoljan programski kod.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11963
2012-08-15 23:31:25
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 18
Version : 2.16
Release : 8.fc18
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
- Fix integer overflow leading to buffer overflow in strto* (#847718)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #847715 - CVE-2012-3480 glibc: Integer overflows, leading to
stack-based buffer overflows in strto* related routines
https://bugzilla.redhat.com/show_bug.cgi?id=847715
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke