Objavljena je preporuka o nadogradnji paketa ypserv. Detalji o ranjivostima nisu objavljene u preporuci no odnose se na nekoliko propusta u memoriji.
| Paket: | ypserv 2.x |
| Operacijski sustavi: | Fedora 16, Fedora 17 |
| Problem: | korupcija memorije, nepoznat |
| Iskorištavanje: | lokalno/udaljeno |
| Posljedica: | zaobilaženje postavljenih ograničenja |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | FEDORA-2012-13266 |
| Izvor: | Fedora |
| Problem: | |
| Izdana je nova nadogradnja u kojoj se uklanjaju brojni memorijski propusti. |
|
| Posljedica: | |
| Posljedice napada nisu objavljene. |
|
| Rješenje: | |
| Svim se korisnicima savjetuje instalacija najnovije inačice programa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13266
2012-09-03 22:26:45
--------------------------------------------------------------------------------
Name : ypserv
Product : Fedora 16
Version : 2.29
Release : 1.fc16
URL : http://www.linux-nis.org/nis/ypserv/index.html
Summary : The NIS (Network Information Service) server
Description :
The Network Information Service (NIS) is a system that provides
network information (login names, passwords, home directories, group
information) to all of the machines on a network. NIS can allow users
to log in on any machine on the network, as long as the machine has
the NIS client programs running and the user's password is recorded in
the NIS passwd database. NIS was formerly known as Sun Yellow Pages
(YP).
This package provides the NIS server, which will need to be running on
your network. NIS clients do not need to be running the server.
Install ypserv if you need an NIS server for your network. You also
need to install the yp-tools and ypbind packages on any NIS client
machines.
--------------------------------------------------------------------------------
Update Information:
This is an update to a new upstream release that fixes several memory leaks
considered as a security issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 3 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.29-1
- Update to new upstream release that fixes several memory leaks
(Related: #845283)
* Fri Apr 13 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-10
- Use O_CLOEXEC when opening pid file to avoid SELinux issues
Resolves: #809120
* Thu Jan 12 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-9
- Added ypserv-pre-setdomain to respect NISDOMAIN environment variable
and set domainname if empty
- Added autoreconf call (thus .path patch modified to keep impact)
- Patch .aliases fixed
Resolves: #699826
* Mon Nov 28 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-8
- Fixed returning success when shadow file is not writable
Resolves: #747335
* Fri Nov 25 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-7
- Fixed empty domain handling in ypinit script
Resolves: #751427
- Added a wrapper script to use all variables correctly in the unit file
Resolves: #755775
* Mon Oct 10 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-6
- Made error messages in yppasswdd more accurate
Resolves: #695754
* Fri Sep 30 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-5
- Rebuild with new gdbm-1.9.1
* Fri Sep 30 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-4
- Added passwd.adjunct support in yppasswdd to recognize
password format correctly when changing password using yppasswd
Resolves: #699667
* Wed Aug 31 2011 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.26-3
- fixed hiding the change request when external script is used
in rpc.yppasswdd
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ypserv' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13268
2012-09-03 22:26:51
--------------------------------------------------------------------------------
Name : ypserv
Product : Fedora 17
Version : 2.29
Release : 1.fc17
URL : http://www.linux-nis.org/nis/ypserv/index.html
Summary : The NIS (Network Information Service) server
Description :
The Network Information Service (NIS) is a system that provides
network information (login names, passwords, home directories, group
information) to all of the machines on a network. NIS can allow users
to log in on any machine on the network, as long as the machine has
the NIS client programs running and the user's password is recorded in
the NIS passwd database. NIS was formerly known as Sun Yellow Pages
(YP).
This package provides the NIS server, which will need to be running on
your network. NIS clients do not need to be running the server.
Install ypserv if you need an NIS server for your network. You also
need to install the yp-tools and ypbind packages on any NIS client
machines.
--------------------------------------------------------------------------------
Update Information:
This is an update to a new upstream release that fixes several memory leaks
considered as a security issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 3 2012 Honza Horak <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.29-1
- Update to new upstream version that fix memory leaks (Related: #845283)
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update ypserv' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke