U radu programskog paketa trytond, distribuiranog s operacijskim sustavom Fedora 18, uočena je sigurnosna ranjivost. Zlonamjerni ju korisnici mogu iskoristiti za zaobilaženje postavljenih ograničenja.
Paket:
trytond 2.x
Operacijski sustavi:
Fedora 18
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno/udaljeno
Posljedica:
zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-2238
Izvorni ID preporuke:
FEDORA-2012-13798
Izvor:
Fedora
Problem:
Spomenuta je ranjivost posljedica neodgovarajuće provjere dozvola pristupa.
Posljedica:
Napadačima omogućuje zaobilaženje sigurnosnih ograničenja.
Rješenje:
Svim korisnicima ranjivog paketa preporuča se instalacija nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13798
2012-09-11 19:05:48
--------------------------------------------------------------------------------
Name : trytond
Product : Fedora 18
Version : 2.4.2
Release : 1.fc18
URL : http://www.tryton.org
Summary : Server for the Tryton application framework
Description :
Tryton is a three-tiers high-level general purpose application framework
written in Python and use PostgreSQL as database engine. It is the core base
of an Open Source ERP. It provides modularity, scalability and security.
The core of Tryton (also called Tryton kernel) provides all the necessary
functionalities for a complete application framework: data persistence (i.e
an ORM with extensive modularity), users management (authentication, fine
grained control for data access, handling of concurrent access of resources),
workflow and report engines, web services and internationalisation. Thus
constituting a complete application platform which can be used for any
relevant purpose.
--------------------------------------------------------------------------------
Update Information:
security bugfix release (CVE-2012-2238)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update trytond' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke