You are here
Home > Preporuke > Sigurnosni propust programskog paketa augeas

Sigurnosni propust programskog paketa augeas

  • Detalji os-a: FED
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-2445
2014-02-14 06:32:31
——————————————————————————–

Name : augeas
Product : Fedora 19
Version : 1.2.0
Release : 1.fc19
URL : http://augeas.net/
Summary : A library for changing configuration files
Description :
A library for programmatically editing configuration files. Augeas parses
configuration files into a tree structure, which it exposes through its
public API. Changes made through the API are written back to the initially
read files.

The transformation works very hard to preserve comments and formatting
details. It is controlled by “lens” definitions that describe the file
format and the transformation into a tree.

——————————————————————————–
Update Information:

Update to Augeas 1.2.0:

* resolves CVE-2013-6412
* changelog: https://github.com/hercules-team/augeas/blob/master/NEWS
——————————————————————————–
ChangeLog:

* Wed Feb 12 2014 Dominic Cleal <dcleal@redhat.com> – 1.2.0-1
– Update to 1.2.0, add check section
– Update source URL to download.augeas.net (RHBZ#996032)
* Wed Jun 19 2013 David Lutterkort <lutter@redhat.com> – 1.1.0-1
– Update to 1.1.0; remove all patches
* Tue Jun 18 2013 Richard W.M. Jones <rjones@redhat.com> – 1.0.0-4
– Fix /etc/sysconfig/network (RHBZ#904222).
* Wed Jun 5 2013 Richard W.M. Jones <rjones@redhat.com> – 1.0.0-3
– Don’t package lenses in tests/ subdirectory.
——————————————————————————–
References:

[ 1 ] Bug #1034261 – CVE-2013-6412 augeas: incorrect permissions set on newly created files
https://bugzilla.redhat.com/show_bug.cgi?id=1034261
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update augeas’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-2452
2014-02-14 06:32:47
——————————————————————————–

Name : augeas
Product : Fedora 20
Version : 1.2.0
Release : 1.fc20
URL : http://augeas.net/
Summary : A library for changing configuration files
Description :
A library for programmatically editing configuration files. Augeas parses
configuration files into a tree structure, which it exposes through its
public API. Changes made through the API are written back to the initially
read files.

The transformation works very hard to preserve comments and formatting
details. It is controlled by “lens” definitions that describe the file
format and the transformation into a tree.

——————————————————————————–
Update Information:

Update to Augeas 1.2.0:

* resolves CVE-2013-6412
* changelog: https://github.com/hercules-team/augeas/blob/master/NEWS
——————————————————————————–
ChangeLog:

* Wed Feb 12 2014 Dominic Cleal <dcleal@redhat.com> – 1.2.0-1
– Update to 1.2.0, add check section
– Update source URL to download.augeas.net (RHBZ#996032)
——————————————————————————–
References:

[ 1 ] Bug #1034261 – CVE-2013-6412 augeas: incorrect permissions set on newly created files
https://bugzilla.redhat.com/show_bug.cgi?id=1034261
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update augeas’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorTomislav Protega
Cert idNCERT-REF-2014-03-0022-ADV
CveCVE-2013-6412
ID izvornikaFEDORA-2014-2445 FEDORA-2014-2452
Proizvodaugeas
Izvorhttp://www.redhat.com
Top
More in Preporuke
Sigurnosni propust programskog paketa NetworkManager-ssh

Otkriven je sigurnosni propust kod programskog paketa NetworkManager-ssh izazvan pozivanjem sshpass s opcijom "-p" izlažući lozinke preko direktorija /proc. Propust...

Close