Login
Newsletter
Werbung

Sicherheit: Zahlenüberlauf in icecream
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in icecream
ID: FEDORA-2014-10468
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 19. November 2014, 17:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4607
Applikationen: icecream

Originalnachricht

Name        : icecream
Product : Fedora 20
Version : 1.0.1
Release : 8.20140822git.fc20
URL : http://en.opensuse.org/Icecream
Summary : Distributed compiler
Description :
Icecream is a distributed compile system. It allows parallel compiling by
distributing the compile jobs to several nodes of a compile network running the
icecc daemon. The icecc scheduler routes the jobs and provides status and
statistics information to the icecc monitor. Each compile node can accept one
or more compile jobs depending on the number of processors and the settings of
the daemon. Link jobs and other jobs which cannot be distributed are executed
locally on the node where the compilation is started.

-------------------------------------------------------------------------------
-
Update Information:

This updates icecream to the current version from upstream git repository. It
drops the bundled minilzo library, which had a vulnerability. Instead the system lzo library is used. (CVE-2014-4607)
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Sep 5 2014 Michal Schmidt <mschmidt@redhat.com> -
1.0.1-8.20140822git
- Update to current upstream git.
- Drops bundled minilzo, use system lzo library. (#1131794, CVE-2014-4607)
- Fix build of manpages (use docbook2X).
- Enable clang wrappers.
- Remove no longer necessary restorecon /var/log/icecc.
- Drop merged patches.
* Sat Aug 16 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 1.0.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 1.0.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1112418 - CVE-2014-4607 lzo: lzo1x_decompress_safe() integer
overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1112418
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update icecream' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung