Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in S3QL
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in S3QL
ID: FEDORA-2015-10884
Distribution: Fedora
Plattformen: Fedora 21
Datum: Sa, 11. Juli 2015, 09:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0485
Applikationen: S3QL

Originalnachricht

Name        : s3ql
Product : Fedora 21
Version : 2.13
Release : 1.fc21
URL : https://bitbucket.org/nikratio/s3ql
Summary : Full-Featured File System for Online Data Storage
Description :
S3QL is a file system that stores all its data online using storage services
like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a hard
disk of dynamic, infinite capacity that can be accessed from any computer
with Internet access.

S3QL is a standard conforming, full featured UNIX file system that is
conceptually indistinguishable from any local file system. Furthermore, S3QL
has additional features like compression, encryption, data de-duplication,
immutable trees and snapshotting which make it especially suitable for on-line
backup and archival.

S3QL is designed to favor simplicity and elegance over performance and feature-
creep. Care has been taken to make the source code as readable and serviceable
as possible. Solid error detection and error handling have been included
from the very first line, and S3QL comes with extensive automated test cases
for all its components.

== Features ==
* Transparency. Conceptually, S3QL is indistinguishable from a local file
system. For example, it supports hardlinks, symlinks, standard unix
permissions, extended attributes and file sizes up to 2 TB.

* Dynamic Size. The size of an S3QL file system grows and shrinks dynamically
as required.

* Compression. Before storage, all data may compressed with the LZMA, bzip2
or deflate (gzip) algorithm.

* Encryption. After compression (but before upload), all data can AES
encrypted with a 256 bit key. An additional SHA256 HMAC checksum is used to
protect the data against manipulation.

* Data De-duplication. If several files have identical contents, the redundant
data will be stored only once. This works across all files stored in the file
system, and also if only some parts of the files are identical while other
parts differ.
* Immutable Trees. Directory trees can be made immutable, so that their
contents can no longer be changed in any way whatsoever. This can be used to
ensure that backups can not be modified after they have been made.

* Copy-on-Write/Snapshotting. S3QL can replicate entire directory trees
without using any additional storage space. Only if one of the copies is
modified, the part of the data that has been modified will take up additional
storage space. This can be used to create intelligent snapshots that preserve
the state of a directory at different points in time using a minimum amount
of space.

* High Performance independent of network latency. All operations that do not
write or read file contents (like creating directories or moving, renaming,
and changing permissions of files and directories) are very fast because they
are carried out without any network transactions.

S3QL achieves this by saving the entire file and directory structure in a
database. This database is locally cached and the remote copy updated
asynchronously.

* Support for low bandwidth connections. S3QL splits file contents into
smaller blocks and caches blocks locally. This minimizes both the number of
network transactions required for reading and writing data, and the amount of
data that has to be transferred when only parts of a file are read or written.

-------------------------------------------------------------------------------
-
Update Information:

Update to 2.13
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jun 29 2015 Marcel Wysocki <maci@satgnu.net> - 2.13-1
- Update to 2.13
* Fri Jun 19 2015 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1134677 - CVE-2014-0485 s3ql: code execution due to unsafe
pickle() usage [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1134677
[ 2 ] Bug #1182213 - [abrt] s3ql:
pkg_resources.py:567:resolve:pkg_resources.DistributionNotFound: requests
https://bugzilla.redhat.com/show_bug.cgi?id=1182213
[ 3 ] Bug #1124493 - s3ql-2.13 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1124493
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update s3ql' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung