drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in beep
Name: |
Ausführen beliebiger Kommandos in beep |
|
ID: |
FEDORA-2018-e4732930df |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 28 |
|
Datum: |
Fr, 11. Januar 2019, 07:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000532 |
|
Applikationen: |
beep |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2018-e4732930df 2019-01-11 00:16:18.759264 ------------------------------------------------------------------------------- -
Name : beep Product : Fedora 28 Version : 1.3 Release : 26.fc28 URL : http://www.johnath.com/beep/ Summary : Beep the PC speaker any number of ways Description : Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of course, it has no notion of what's interesting, but it's real good at that notifying part.
------------------------------------------------------------------------------- - Update Information:
Security fix for CVE-2018-1000532, new non-root permissions and a few smaller fixes. Fix a directory traversal issue introduced with the fix for CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any more priviledge escalation issue. ---- Security fix for CVE-2018-1000532 and a few smaller fixes ------------------------------------------------------------------------------- - ChangeLog:
* Sat Dec 29 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-26 - Stop shipping old sudo related config files - Refuse to run when run via sudo - Set up group 'beep' for write access to evdev device with new udev rule - Update README.fedora to reflect new group permission setup on evdev device * Fri Dec 28 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-25 - guard against directory traversal in /dev/input/ check - refuse to run if setuid or setgid root - make the evdev device the first device to look for (does not require root) * Fri Dec 28 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-24 - Actually apply the patches - Update COPYING with new FSF address - Fix Patch9 to work as non-git patch (do the rest with shell) - Proper naming of Patch14 - Exit beep when error accessing API * Fri Dec 28 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-23 - Fix CVE-2018-1000532 and mitigate against related issues (#1595592) - Fix a number of potential integer overflows * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.3-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Apr 3 2018 Hans Ulrich Niedermann <hun@n-dimensional.de> - 1.3-21 - Add CVE-2018-0492 fix. - Behaviour of multiple -f parameters matches documentation now. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1595591 - CVE-2018-1000532 beep: External control of file name or path via --device option https://bugzilla.redhat.com/show_bug.cgi?id=1595591 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-e4732930df' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
|
|
|
|