Kod programskog paketa Ember, distribuiranog s operacijskim sustavom Fedora 15, uočena je sigurnosna ranjivost. Riječ je o 3D klijentu namijenjenom WorldForge projektu, koji koristi programsku biblioteku Ogre 3D. Ranjivost je posljedica nepravilne promjene putanje i varijable okruženja "ld.so(8)" biblioteka u trenutnom direktoriju. Napadač može iskoristiti nepravilnost kako bi pokrenuo proizvoljan programski kod. Korisnicima ranjivog paketa savjetuje se pravovremena instalacija dostupne programske nadogradnje.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3208
2011-03-13 01:37:45
--------------------------------------------------------------------------------
Name : ember
Product : Fedora 15
Version : 0.6.0
Release : 5.fc15
URL : http://www.worldforge.org/dev/eng/clients/ember
Summary : 3D client for WorldForge
Description :
Ember is a client for MMORPGs using the WorldForge system.
It uses the Ogre 3D engine with CEGUI.
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2010-3355 (bug 638381)
This is just a rebuild to resolve a dependency conflict.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638381 - CVE-2010-3355 ember: insecure library loading
vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=638381
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ember' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke