- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2020-8afd443d46
2020-10-29 01:04:57.850474
——————————————————————————–
Name : yubihsm-shell
Product : Fedora 33
Version : 2.0.3
Release : 1.fc33
URL : https://protect2.fireeye.com/v1/url?k=d9c02592-85d29196-d9c7b85e-000babd90757-3e0fe15034d35626&q=1&e=87269704-313e-4e73-8736-02d65114656c&u=https%3A%2F%2Fgithub.com%2FYubico%2Fyubihsm-shell%2F
Summary : Tools to interact with YubiHSM 2
Description :
This package contains most of the components used to interact with
the YubiHSM 2 at both a user-facing and programmatic level.
——————————————————————————–
Update Information:
New upstream release (#1889941). It turned out to be security release, so added
the security bugs.
——————————————————————————–
ChangeLog:
* Wed Oct 21 2020 Jakub Jelen <jjelen@redhat.com> – 2.0.3-1
– New upstream release (#1889941)
——————————————————————————–
References:
[ 1 ] Bug #1890203 – CVE-2020-24387 yubihsm-shell: yh_create_session() does not explicitly check the returned session id could result in DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1890203
[ 2 ] Bug #1890205 – CVE-2020-24388 yubihsm-shell: _send_secure_msg() does not validate the embedded length field of a message which could result in DoS
https://bugzilla.redhat.com/show_bug.cgi?id=1890205
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-8afd443d46’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=abecb531-f7fe0135-abeb28fd-000babd90757-3be0cc5e359b796e&q=1&e=87269704-313e-4e73-8736-02d65114656c&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
| Autor | Bruno Varga |
| Cert id | NCERT-REF-2020-10-0001-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | Adobe |
