Sigurnosni propust programskog paketa setroubleshoot

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2015-4833
2015-03-28 23:41:04
——————————————————————————–

Name : setroubleshoot
Product : Fedora 20
Version : 3.2.17
Release : 2.fc20
URL : https://fedorahosted.org/setroubleshoot
Summary : Helps troubleshoot SELinux problems
Description :
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
messages.
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.

——————————————————————————–
Update Information:

Security fix for CVE-2015-1815
——————————————————————————–
ChangeLog:

* Thu Mar 26 2015 Petr Lautrbach <plautrba@redhat.com> 3.2.17-2
– Fix get_rpm_nvr_*_temporary functions – CVE-2015-1815 (#1203352)
* Mon Jan 20 2014 Dan Walsh <dwalsh@redhat.com> – 3.2.17-1
– Fix unicode settings
* Tue Jan 7 2014 Dan Walsh <dwalsh@redhat.com> – 3.2.16-2
– Remove requires for notify-python and yum
* Thu Jan 2 2014 Dan Walsh <dwalsh@redhat.com> – 3.2.16-1
– Don’t error out on no policy installed
– Update translations.
* Thu Jan 2 2014 Dan Walsh <dwalsh@redhat.com> – 3.2.15-2
– Eliminate requirement on service script.
* Tue Dec 3 2013 Dan Walsh <dwalsh@redhat.com> – 3.2.15-1
– Update Lanquages
– Use setup.py in Makefile for setroubleshoot dir
——————————————————————————–
References:

[ 1 ] Bug #1203352 – CVE-2015-1815 setroubleshoot: command injection via crafted file name
https://bugzilla.redhat.com/show_bug.cgi?id=1203352
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update setroubleshoot’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-4838
2015-03-28 23:41:13
——————————————————————————–

Name : setroubleshoot
Product : Fedora 21
Version : 3.2.22
Release : 1.fc21
URL : https://fedorahosted.org/setroubleshoot
Summary : Helps troubleshoot SELinux problems
Description :
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
messages.
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.

——————————————————————————–
Update Information:

Security fix for CVE-2015-1815
——————————————————————————–
ChangeLog:

* Thu Mar 26 2015 Petr Lautrbach <plautrba@redhat.com> 3.2.22-1
– Ship a symbolic setroubleshoot icon (#1182652)
– Fix get_rpm_nvr_*_temporary functions – CVE-2015-1815 (#1203352)
* Fri Nov 28 2014 Miroslav Grepl <mgrepl@redhat.com> – 3.2.21-1
– Provide the policy rpm in Bugzilla bug reports by jfilak@redhat.com
——————————————————————————–
References:

Autor	Marko Stanec
Cert id	NCERT-REF-2015-04-0016-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	http://www.adobe.com/

Sigurnosni propust programskog paketa setroubleshoot

Archives

More in Preporuke

Ranjivost programskog paketa chicken