drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zahlenüberlauf in icecream
Name: |
Zahlenüberlauf in icecream |
|
ID: |
FEDORA-2014-10366 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Mi, 19. November 2014, 17:10 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607 |
|
Applikationen: |
icecream |
|
Originalnachricht |
Name : icecream Product : Fedora 19 Version : 1.0.1 Release : 8.20140822git.fc19 URL : http://en.opensuse.org/Icecream Summary : Distributed compiler Description : Icecream is a distributed compile system. It allows parallel compiling by distributing the compile jobs to several nodes of a compile network running the icecc daemon. The icecc scheduler routes the jobs and provides status and statistics information to the icecc monitor. Each compile node can accept one or more compile jobs depending on the number of processors and the settings of the daemon. Link jobs and other jobs which cannot be distributed are executed locally on the node where the compilation is started.
------------------------------------------------------------------------------- - Update Information:
This updates icecream to the current version from upstream git repository. It drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. (CVE-2014-4607) ------------------------------------------------------------------------------- - ChangeLog:
* Fri Sep 5 2014 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-8.20140822git - Update to current upstream git. - Drops bundled minilzo, use system lzo library. (#1131794, CVE-2014-4607) - Fix build of manpages (use docbook2X). - Enable clang wrappers. - Remove no longer necessary restorecon /var/log/icecc. - Drop merged patches. * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Mon Sep 2 2013 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-5 - Drop the permissions to log to the old files from the SELinux policy. * Mon Sep 2 2013 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-4 - Fix dropping of capabilities. - Log everything to journal/syslog, not the custom log files. * Fri Aug 30 2013 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-3 - Disable building with librsync. The upstream code to use it is unfinished and the only thing it does is leak memory. * Fri Aug 30 2013 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-2 - Update the SELinux policy module and build it. - Use tmpfiles.d to create /run/icecc instead of letting the daemon write to var_run_t directly. - Add a patch to stop icecc-create-env from reading /etc/passwd. - Batch semenage calls in scriptlets. * Mon Aug 26 2013 Michal Schmidt <mschmidt@redhat.com> - 1.0.1-1 - Rebase to current upstream release. (#888183, #914087, #925572, #992557) - Build with librsync and libcap-ng support. - Build manpages from included DocBook sources. - Disable the SELinux module, it's out of date. - Enable PIE. (#955456) - Modernize spec file. (#850154) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.7-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.7-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1112418 - CVE-2014-4607 lzo: lzo1x_decompress_safe() integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1112418 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update icecream' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|