Login
Newsletter
Werbung

Sicherheit: Fehlerhafte Zugriffsrechte in rhncfg
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in rhncfg
ID: FEDORA-2013-1233
Distribution: Fedora
Plattformen: Fedora 16
Datum: Mo, 4. Februar 2013, 07:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2679
Applikationen: rhncfg

Originalnachricht

Name        : rhncfg
Product : Fedora 16
Version : 5.10.36
Release : 1.fc16
URL : https://fedorahosted.org/spacewalk
Summary : Red Hat Network Configuration Client Libraries
Description :
The base libraries and functions needed by all rhncfg-* packages.

-------------------------------------------------------------------------------
-
Update Information:

Closing CVE-2012-2679
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Oct 30 2012 Jan Pazdziora 5.10.36-1
- Update the copyright year.
- fix for bz#869626 use st_mode, st_uid of dst Signed-off-by: Paresh Mutha
<pmutha@redhat.com>
* Mon Oct 22 2012 Jan Pazdziora 5.10.35-1
- Revert "Revert "Revert "get_server_capability() is defined twice
in osad and
rhncfg, merge and move to rhnlib and make it member of
rpclib.Server"""
* Tue Aug 7 2012 Tomas Kasparek <tkasparek@redhat.com> 5.10.34-1
- 840250 - If there's symlink in file deployment path it will be created
* Mon Jul 9 2012 Michael Mraka <michael.mraka@redhat.com> 5.10.33-1
- check symlink not target file existence
* Thu Jun 28 2012 Michael Mraka <michael.mraka@redhat.com> 5.10.32-1
- 765816 - value of selinux context is important
* Mon Jun 4 2012 Stephen Herr <sherr@redhat.com> 5.10.31-1
- 824707 - make /var/log/rhncfg-actions have 600 permissions
* Fri Jun 1 2012 Stephen Herr <sherr@redhat.com> 5.10.30-1
- 824707 - rhncfg-actions should not log the diff of files that are not
readable by all
- %defattr is not needed since rpm 4.4
* Mon May 14 2012 Michael Mraka <michael.mraka@redhat.com> 5.10.29-1
- 820517 - fixed command synopsis
- 805449 - honor rhncfg-specific settings
* Thu Mar 8 2012 Miroslav Suchý 5.10.28-1
- accept server name without protocol
* Fri Mar 2 2012 Jan Pazdziora 5.10.27-1
- Update the copyright year info.
* Thu Feb 23 2012 Michael Mraka <michael.mraka@redhat.com> 5.10.26-1
- we are now just GPL
* Sun Jan 15 2012 Aron Parsons <aronparsons@gmail.com> 5.10.25-1
- add a --disable-selinux option to 'rhncfg-manager upload-channel'
(aronparsons@gmail.com)
* Wed Dec 21 2011 Milan Zazrivec <mzazrivec@redhat.com> 5.10.24-1
- update copyright info
* Wed Dec 14 2011 Jan Pazdziora 5.10.23-1
- Fixing SyntaxError: ('invalid syntax', ...
* Tue Dec 13 2011 Miroslav Suchý 5.10.22-1
- 765816 - Added the option --selinux-context to rhncfg-manager which allows to
overwrite the SELinux context from a file (mmello@redhat.com)
* Wed Nov 30 2011 Miroslav Suchý 5.10.21-1
- handle fs objects without selinux context correctly
* Mon Nov 21 2011 Michael Mraka <michael.mraka@redhat.com> 5.10.20-1
- 627490 - fixed cross device symlink backup
* Mon Oct 24 2011 Jan Pazdziora 5.10.19-1
- 743121 - don't report differences containing invalid UTF-8
(mzazrivec@redhat.com)
* Wed Oct 19 2011 Milan Zazrivec <mzazrivec@redhat.com> 5.10.18-1
- 743424 - rhncfg-client diff: do not fail when not a valid symlink
* Mon Oct 10 2011 Jan Pazdziora 5.10.17-1
- 743424 - rhncfg-client diff: don't traceback on missing symlink
(mzazrivec@redhat.com)
* Thu Sep 29 2011 Miroslav Suchý 5.10.16-1
- add save_traceback even into this branch
* Fri Sep 23 2011 Martin Minar <mminar@redhat.com> 5.10.15-1
- Fix `rhncfg-client verify' traceback for missing symlinks
(Joshua.Roys@gtri.gatech.edu)
* Thu Aug 18 2011 Michael Mraka <michael.mraka@redhat.com> 5.10.14-1
- 731284 - is_selinux_enabled is not defined on RHEL4
* Fri Aug 12 2011 Miroslav Suchý 5.10.13-1
- add proto, server_name and server_list to local_config overrides
- None has not iteritems() method
* Thu Aug 11 2011 Miroslav Suchý 5.10.12-1
- True and False constants are defined since python 2.4
- do not mask original error by raise in execption
* Thu Aug 4 2011 Jan Pazdziora 5.10.11-1
- 508936 - rhn-actions-control honor the allowed-actions/scripts/run for remote
commands (mmello@redhat.com)
* Mon Aug 1 2011 Miroslav Suchý 5.10.10-1
- get server_name from config only if it was not set on command line
- remove rhn_rpc.py
* Fri Jul 15 2011 Miroslav Suchý 5.10.9-1
- optparse is here since python 2.3 - remove optik (msuchy@redhat.com)
* Thu Jun 16 2011 Jan Pazdziora 5.10.8-1
- Creating the /var/spool/rhn in %build
LANG=C
export LANG
unset DISPLAY
.
* Thu Jun 16 2011 Jan Pazdziora 5.10.7-1
- temp script file customizable dedicated directory (matteo.sessa@dbmsrl.com)
* Tue May 31 2011 Jan Pazdziora 5.10.6-1
- Fix python import (matteo.sessa@dbmsrl.com)
* Tue May 10 2011 Jan Pazdziora 5.10.5-1
- remove unused import, fix indentation and a minor typo (iartarisi@suse.cz)
- fix usage documentation messages for topdir and dest-file (iartarisi@suse.cz)
* Fri May 6 2011 Jan Pazdziora 5.10.4-1
- 702524 - Fixed python traceback when deploying a file with permission set to
000 (mmello@redhat.com)
* Fri Apr 29 2011 Jan Pazdziora 5.10.3-1
- 699966 - added --ignore-missing option in rhncfg-manager to ignore missing
local files when adding or uploading files (mmello@redhat.com)
* Fri Apr 15 2011 Jan Pazdziora 5.10.2-1
- add missing directories to filelist (mc@suse.de)
- build rhncfg build on SUSE (mc@suse.de)
- 683200 - ca is now unicode, check for basestring, which is parent for both
str and unicode type (msuchy@redhat.com)
- 683200 - set the protocol correctly (msuchy@redhat.com)
- 683200 - server_name and server_list should contain just hostname, not url
(msuchy@redhat.com)
- 683200 - if value is int ConfigParser fails with interpolation
(msuchy@redhat.com)
- 683200 - variable %proto is not used in up2date_cfg (msuchy@redhat.com)
- removing .rhncfgrc - it is not packed, probably forgotten for long time
(msuchy@redhat.com)
- add () if you want to get result of function (msuchy@redhat.com)
* Wed Apr 13 2011 Miroslav Suchý 5.10.1-1
- bump up version (msuchy@redhat.com)
* Wed Apr 13 2011 Miroslav Suchý 5.9.55-1
- code cleanup
* Wed Apr 13 2011 Miroslav Suchý 5.9.54-1
- dead code - module up2date_config_parser is not used any more
- dead code - get_up2date_config() is not used any more
- 695723, 683200 - use up2date_client.config instead of own parser
(utils.get_up2date_config)
* Mon Apr 11 2011 Michael Mraka <michael.mraka@redhat.com> 5.9.53-1
- fixed moved imports
- don't make link target absolute
- 683264 - fixed extraneous directory creation via rhncfg-manager
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #832037 - CVE-2012-2679 rhncfg: Insecure permissions used for
/var/log/rhncfg-actions file [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=832037
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update rhncfg' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung