Ispravljen je sigurnosni propust paketa guacd, guacamole-common, guacamole-ext i guacamole-common-js koje je zlonamjerni korisnik mogao iskoristiti kako bi izveo DoS napad.
| Paket: | guacamole-common 0.x, guacamole-common-js 0.x, guacamole-ext 0.x, guacd 0.x |
| Operacijski sustavi: | Fedora 18 |
| Problem: | preljev međuspremnika |
| Iskorištavanje: | udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-4415 |
| Izvorni ID preporuke: | FEDORA-2012-13914 |
| Izvor: | Fedora |
| Problem: | |
| Problem se javlja kao posljedica prepisivanja spremnika u dodatku za guac klijenta. |
|
| Posljedica: | |
| Zlonamjerni korisnik mogao je iskoristiti ovaj propust kako bi nasilno ugasio pakete i doveo do uskraćivanja usluge. |
|
| Rješenje: | |
| Omogućena je nadogradnja paketa. |
|
Izvorni tekst preporuke
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13914
2012-09-13 16:41:11
--------------------------------------------------------------------------------
Name : guacd
Product : Fedora 18
Version : 0.6.1
Release : 3.fc18
URL : http://guac-dev.org/
Summary : Proxy daemon for Guacamole
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacd is the Guacamole proxy daemon used by the Guacamole web application and
framework to translates between arbitrary protocols and the Guacamole protocol.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13914
2012-09-13 16:41:11
--------------------------------------------------------------------------------
Name : guacamole-common
Product : Fedora 18
Version : 0.6.1
Release : 2.fc18
URL : http://guac-dev.org/
Summary : The core Java library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common is the core Java library used by the Guacamole web application.
guacamole-common provides abstract means of connecting to guacd, interfacing
with the JavaScript client and tunnel provided by guacamole-common-js, and
reading configuration from a standard location (guacamole.properties).
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13914
2012-09-13 16:41:11
--------------------------------------------------------------------------------
Name : guacamole-ext
Product : Fedora 18
Version : 0.6.1
Release : 2.fc18
URL : http://guac-dev.org/
Summary : Common interfaces for extending the main Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-ext is a Java library used by the Guacamole web application to allow
its built-in functionality, such as authentication, to be extended or modified.
guacamole-ext provides an interface for retrieving a set of authorized
connection configurations for a given set of arbitrary credentials. Classes
implementing this interface can be referenced in guacamole.properties to allow
different authentication mechanisms (such as LDAP or SSL client authentication)
to be used.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-ext' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13914
2012-09-13 16:41:11
--------------------------------------------------------------------------------
Name : guacamole-common-js
Product : Fedora 18
Version : 0.6.1
Release : 2.fc18
URL : http://guac-dev.org/
Summary : The JavaScript library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common-js is the core JavaScript library used by the Guacamole web
application.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common-js' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke