drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in netcf
| Name: |
Ausführen beliebiger Kommandos in netcf |
|
| ID: |
FEDORA-2015-5872 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 21 |
|
| Datum: |
Mo, 11. Mai 2015, 09:48 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8119 |
|
| Applikationen: |
netcf |
|
Originalnachricht |
Name : netcf
Product : Fedora 21
Version : 0.2.8
Release : 1.fc21
URL : https://fedorahosted.org/netcf/
Summary : Cross-platform network configuration library
Description :
Netcf is a library used to modify the network configuration of a
system. Network configurations are expressed in a platform-independent
XML format, which netcf translates into changes to the system's
'native' network configuration files.
-------------------------------------------------------------------------------
-
Update Information:
Security fix for CVE 2014-8119, as well as adding a few other minor bugfixes
and enhancements (support for multiple IPv4 addresses, simultaneous static & dhcp for IPv4)
-------------------------------------------------------------------------------
-
ChangeLog:
* Wed Apr 8 2015 Laine Stump <laine@redhat.com> - 0.2.8-1
- rebase to netcf-0.2.8
- resolve CVE-2014-8119
- Fix build on systems with newer libnl3 that doesn't
- support multiple IPv4 addresses in interface config (redhat driver)
- allow static IPv4 config simultaneous with DHCPv4 (redhat driver)
- recognize IPADDR0/NETMASK0/PREFIX0
- remove extra quotes from IPV6ADDR_SECONDARIES (redhat+suse drivers)
- miscellaneous systemd service fixes
- use git to apply patches in rpm specfile
- revert the 0.2.6-2 specfile patch mentioned below (now fixed properly)
* Thu Jan 8 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> -
0.2.6-2
- do not write to the console (#1135744)
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1172176 - CVE-2014-8119 netcf: augeas path expression injection
via interface name
https://bugzilla.redhat.com/show_bug.cgi?id=1172176
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update netcf' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
