Nacionalni CERT

Sigurnosni nedostatak programskog paketa augeas

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-7dacb3c21c<br />2017-09-13 19:51:51.197446<br />--------------------------------------------------------------------------------<br /><br />Name : augeas<br />Product : Fedora 25<br />Version : 1.8.1<br />Release : 1.fc25<br />URL : http://augeas.net/<br />Summary : A library for changing configuration files<br />Description :<br />A library for programmatically editing configuration files. Augeas parses<br />configuration files into a tree structure, which it exposes through its<br />public API. Changes made through the API are written back to the initially<br />read files.<br /><br />The transformation works very hard to preserve comments and formatting<br />details. It is controlled by ``lens'' definitions that describe the file<br />format and the transformation into a tree.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />New upstream version 1.8.1. Fixes CVE-2017-7555 (RHBZ#1482340).<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1482340 - CVE-2017-7555 augeas: Improper handling of escaped strings leading to memory corruption [fedora-all]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1482340<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade augeas' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriven je sigurnosni nedostatak u programskom paketu augeas za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje rušenje aplikacije ili izvršavanje proizvoljnog programskog koda. Savjetuje se ažuriranje izdanim zakrpama.