Sicherheit: Ausführen beliebiger Kommandos in rest
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in rest
ID: FEDORA-2015-4596
Distribution: Fedora
Plattformen: Fedora 21
Datum: So, 19. April 2015, 01:03
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2675
Applikationen: rest


Name        : rest
Product : Fedora 21
Version : 0.7.93
Release : 1.fc21
URL : http://www.gnome.org
Summary : A library for access to RESTful web services
Description :
This library was designed to make it easier to access web services that
claim to be "RESTful". A RESTful service should have urls that
remote objects, which methods can then be called on. The majority of services
don't actually adhere to this strict definition. Instead, their RESTful end
point usually has an API that is just simpler to use compared to other types
of APIs they may support (XML-RPC, for instance). It is this kind of API that
this library is attempting to support.

Update Information:

CVE-2015-2675 rest: memory corruption when using oauth because of implicit
declaration of rest_proxy_call_get_url

* Wed Mar 18 2015 Kalev Lember <kalevlember@gmail.com> - 0.7.93-1
- Update to 0.7.93
- Tighten deps with the _isa macro
- Don't manually require pkgconfig; rpmbuild generates this automatically
- Use license macro for the COPYING file
* Fri Jan 9 2015 Debarshi Ray <rishi@fedoraproject.org> 0.7.92-6
- Backport upstream patch to fix a memory error (GNOME #742644)

[ 1 ] Bug #1112497 - Please update to librest 0.7.91 in f20
[ 2 ] Bug #1204682 - rest: memory corruption when using oauth because of
implicit declaration of rest_proxy_call_get_url [fedora-all]

This update can be installed with the "yum" update program. Use
su -c 'yum update rest' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Twitter
Neue Nachrichten