drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung temporärer Dateien in systemd
Name: |
Unsichere Verwendung temporärer Dateien in systemd |
|
ID: |
FEDORA-2012-4018 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Mo, 26. März 2012, 08:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1174 |
|
Applikationen: |
systemd |
|
Originalnachricht |
Name : systemd Product : Fedora 16 Version : 37 Release : 17.fc16 URL : http://www.freedesktop.org/wiki/Software/systemd Summary : A System and Service Manager Description : systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux cgroups, supports snapshotting and restoring of the system state, maintains mount and automount points and implements an elaborate transactional dependency-based service control logic. It can work as a drop-in replacement for sysvinit.
------------------------------------------------------------------------------- - Update Information:
This update fixes a bug that could be exploited to delete arbitrary directories. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Mar 16 2012 Michal Schmidt <mschmidt@redhat.com> - 37-17 - CVE-2012-1174 (#804118) * Tue Mar 6 2012 Michal Schmidt <mschmidt@redhat.com> - 37-16 - From upstream: - avoid socket tarpits when the service keeps failing - get rid of awk, sed, grep in bash completion - and minor fixes * Thu Mar 1 2012 Michal Schmidt <mschmidt@redhat.com> - 37-15 - logind: move X11 socket * Mon Feb 27 2012 Michal Schmidt <mschmidt@redhat.com> - 37-14 - A few fixes from upstream: - PrivateTmp permissions (#790522) - timedated without ntp installed (#790260) - logind: allow PowerOff and Reboot via polkit - loading empty files in read_one_line_file() (fdo#45362) - fix cgit URLs in manpages * Thu Feb 9 2012 Michal Schmidt <mschmidt@redhat.com> - 37-13 - Minor fixes and some manpage updates from upstream. * Sun Jan 29 2012 Michal Schmidt <mschmidt@redhat.com> - 37-12 - Avoid a glitch with plymouth (#785548). - Fix logind capabilities. * Thu Jan 26 2012 Michal Schmidt <mschmidt@redhat.com> - 37-11 - Fix automount regression. * Sat Jan 21 2012 Michal Schmidt <mschmidt@redhat.com> - 37-10 - Fix occasionally failing socket units with Accept=yes (#783344). * Fri Jan 20 2012 Michal Schmidt <mschmidt@redhat.com> - 37-9 - Fix a crash related to pid file watch and daemon-reload (#783118). - Added Conflicts with known broken spamassassin. * Tue Jan 17 2012 Michal Schmidt <mschmidt@redhat.com> - 37-8 - Shut up another logind message (#727315). * Sat Jan 14 2012 Michal Schmidt <mschmidt@redhat.com> - 37-7 - Fix for quota and a couple of other issues. * Wed Jan 11 2012 Michal Schmidt <mschmidt@redhat.com> - 37-6 - Fixes and low-risk enhancements (no journald) from upstream v38. * Fri Dec 2 2011 Karsten Hopp <karsten@redhat.com> - 37-5 - add upstream patch for bugzilla 744415, encrypted filesystem passphrases fail on runtime systems in hvc consoles * Tue Nov 15 2011 Michal Schmidt <mschmidt@redhat.com> - 37-4 - Run authconfig if /etc/pam.d/system-auth is not a symlink. - Resolves: #753160 * Wed Nov 2 2011 Michal Schmidt <mschmidt@redhat.com> - 37-3 - Fix remote-fs-pre.target and its ordering. - Resolves: #749940 * Wed Oct 19 2011 Michal Schmidt <mschmidt@redhat.com> - 37-2 - A couple of fixes from upstream: - Fix a regression in bash-completion reported in Bodhi. - Fix a crash in isolating. - Resolves: #717325 * Tue Oct 11 2011 Lennart Poettering <lpoetter@redhat.com> - 37-1 - New upstream release - Resolves: #744726, #718464, #713567, #713707, #736756 * Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-5 - Undo the workaround. Kay says it does not belong in systemd. - Unresolves: #741655 * Thu Sep 29 2011 Michal Schmidt <mschmidt@redhat.com> - 36-4 - Workaround for the crypto-on-lvm-on-crypto disk layout - Resolves: #741655 ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #803358 - CVE-2012-1174 systemd (systemd-logind): TOCTOU race condition by removing user session https://bugzilla.redhat.com/show_bug.cgi?id=803358 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update systemd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|