Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in rrdtool
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in rrdtool
ID: FEDORA-2013-10288
Distribution: Fedora
Plattformen: Fedora 19
Datum: Di, 18. Juni 2013, 10:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2131
Applikationen: rrdtool

Originalnachricht

Name        : rrdtool
Product : Fedora 19
Version : 1.4.8
Release : 2.fc19
URL : http://oss.oetiker.ch/rrdtool/
Summary : Round Robin Database Tool to store and display time-series data
Description :
RRD is the Acronym for Round Robin Database. RRD is a system to store and
display time-series data (i.e. network bandwidth, machine-room temperature,
server load average). It stores the data in a very compact way that will not
expand over time, and it presents useful graphs by processing the data to
enforce a certain data density. It can be used either via simple wrapper
scripts (from shell or Perl) or via frontends that poll network devices and
put a friendly user interface on it.

-------------------------------------------------------------------------------
-
Update Information:

This is an update that adds explicit check to the imginfo format. It may
prevent crash/exploit of user space applications which pass user supplied format to the library call without checking.
This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that large graph expressions are processed magnitudes faster. For more details see the original announcement forum.en.html#nabble-f937719
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #969310 - CVE-2013-2131 rrdtool: crashes on format string exploit
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=969310
[ 2 ] Bug #966639 - rrdtool-1.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=966639
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update rrdtool' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung