Detalji

Uočen je novi sigurnosni propust u radu programskog paketa Gnash, distribuiranog s operacijskim sustavom Fedora 15. Gnash je dodatak za web preglednike koji omogućuje pregled Flash sadržaja. Propust se javlja prilikom rukovanja određenim privremenim datotekama. Napadači ga mogu iskoristiti za brisanje ili mijenjanje proizvoljnih datoteka putem tzv. symlink napada na /tmp/gnash-configure-errors.$$, /tmp/gnash-configure-warnings.$$, ili /tmp/gnash-configure-recommended.$$ datoteke. U svrhu zaštite, svim korisnicima navedenog programskog paketa preporučuje se instalacija nove inačice koja ispravlja sigurnosni propust. 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3261
2011-03-14 05:16:24
--------------------------------------------------------------------------------

Name        : gnash
Product     : Fedora 15
Version     : 0.8.9
Release     : 0.1.20110312git.fc15
URL         : http://www.gnu.org/software/gnash/
Summary     : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and op-codes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669851 - CVE-2010-4337 gnash: symlink attack via configure script
        https://bugzilla.redhat.com/show_bug.cgi?id=669851
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh