Detalji

U programskom paketu Gnash, distribuiranim s operacijskim sustavima Fedora 13 i Fedora 14, uočen je novi sigurnosni propust. Programski paket Gnash je dodatak za web preglednike koji omogućuje pregledavanje Flash sadržaja. Sigurnosni propust je uočen pri rukovanju nekim privremenim datotekama. Lokalnom napadaču omogućuje mijenjanje proizvoljnih datoteka putem tzv. symlink napada na "/tmp/gnash-configure-errors.$$", "/tmp/gnash-configure-warnings.$$" te "/tmp/gnash-configure-recommended.$$" datoteke. Svim korisnicima navedenog programskog paketa preporuča se njegova nadogradnja.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3658
2011-03-19 09:58:14
--------------------------------------------------------------------------------

Name        : gnash
Product     : Fedora 14
Version     : 0.8.9
Release     : 1.fc14
URL         : http://www.gnu.org/software/gnash/
Summary     : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and op-codes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.

--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 18 2011 Hicham HAOUARI <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.9-1
- Update to 0.8.9 final
* Sat Mar 12 2011 Hicham HAOUARI <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:0.8.9-0.1.20110312git
- Switch to 0.8.9 branch
- Spec cleanup
- Add extensions
- Enable testsuite
* Tue Feb  8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1:0.8.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669851 - CVE-2010-4337 gnash: symlink attack via configure script
        https://bugzilla.redhat.com/show_bug.cgi?id=669851
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3662
2011-03-19 09:58:22
--------------------------------------------------------------------------------

Name        : gnash
Product     : Fedora 13
Version     : 0.8.9
Release     : 1.fc13
URL         : http://www.gnu.org/software/gnash/
Summary     : GNU flash movie player
Description :
Gnash is capable of reading up to SWF v9 files and op-codes, but primarily
supports SWF v7, with better SWF v8 and v9 support under heavy development.
Gnash includes initial parser support for SWF v8 and v9. Not all
ActionScript 2 classes are implemented yet, but all of the most heavily
used ones are. Many ActionScript 2 classes are partially implemented;
there is support for all of the commonly used methods of each
class.

--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 18 2011 Hicham HAOUARI <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.9-1
- Update to 0.8.9 final
* Sat Mar 12 2011 Hicham HAOUARI <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
1:0.8.9-0.1.20110312git
- Switch to 0.8.9 branch
- Spec cleanup
- Add extensions
- Enable testsuite
* Tue Feb  8 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.>
- 1:0.8.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Oct  6 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.8-4
- backport 2 upstream commits to make it work with libcurl >= 7.21.x (#639737)
* Sat Oct  2 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.8-3
- fix FTBFS (#631181) (fix by Hicham Haouari)
* Fri Aug 27 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.8-2
- fix the check for the docbook2X tools being in Perl
* Wed Aug 25 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.8-1.1
- rebuild for the official release of Boost 1.44.0 (silent ABI change)
* Mon Aug 23 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.8-1
- update to 0.8.8 (#626352, #574100, #606170)
- update file list (patch by Jeff Smith)
* Thu Jul 29 2010 Bill Nottingham <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.7-5
- Rebuilt for boost-1.44, again
* Tue Jul 27 2010 Bill Nottingham <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.7-4
- Rebuilt for boost-1.44
* Wed Jul 21 2010 David Malcolm <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.7-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun  8 2010 Kevin Kofler <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 1:0.8.7-2
- -plugin: avoid file (directory) dependency (#601942)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669851 - CVE-2010-4337 gnash: symlink attack via configure script
        https://bugzilla.redhat.com/show_bug.cgi?id=669851
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update gnash' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh