drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in rrdtool
Name: |
Ausführen beliebiger Kommandos in rrdtool |
|
ID: |
FEDORA-2013-10288 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Di, 18. Juni 2013, 10:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2131 |
|
Applikationen: |
rrdtool |
|
Originalnachricht |
Name : rrdtool Product : Fedora 19 Version : 1.4.8 Release : 2.fc19 URL : http://oss.oetiker.ch/rrdtool/ Summary : Round Robin Database Tool to store and display time-series data Description : RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data (i.e. network bandwidth, machine-room temperature, server load average). It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data to enforce a certain data density. It can be used either via simple wrapper scripts (from shell or Perl) or via frontends that poll network devices and put a friendly user interface on it.
------------------------------------------------------------------------------- - Update Information:
This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking.
This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that large graph expressions are processed magnitudes faster. For more details see the original announcement forum.en.html#nabble-f937719 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #969310 - CVE-2013-2131 rrdtool: crashes on format string exploit [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=969310 [ 2 ] Bug #966639 - rrdtool-1.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=966639 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update rrdtool' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|