Detalji

Ispravljen je jedan sigurnosni nedostatak u programskom paketu collectd za operacijski sustav Fedora 14. Ovaj paket skuplja statističke podatke o sustavu te omogućava detaljno praćenje pojedinih dijelova sustava i analizu performansi. Nedostatak se javlja u funkciji "cu_rrd_create_file" u datoteci "src/utils_rrdcreate.c". Nedostatak omogućuje udaljenom napadaču izvođenje DoS (eng. Denial of Service) napada podmetanjem posebno oblikovanog paketa. Korisnicima se savjetuje primjena odgovarajuće nadogradnje.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-19031
2010-12-17 19:58:31
--------------------------------------------------------------------------------

Name        : collectd
Product     : Fedora 14
Version     : 4.9.4
Release     : 1.fc14
URL         : http://collectd.org/
Summary     : Statistics collection daemon for filling RRD files
Description :
collectd is a small daemon written in C for performance.  It reads various
system  statistics  and updates  RRD files,  creating  them if necessary.
Since the daemon doesn't need to startup every time it wants to update the
files it's very fast and easy on the system. Also, the statistics are very
fine grained since the files are updated every 10 seconds.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 17 2010 Alan Pevec <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 4.9.4-1
- New upstream version 4.9.4
http://collectd.org/news.shtml#news86
- fixes CVE-2010-4336 (rhbz#663799)
* Wed Sep 29 2010 jkeating - 4.9.2-1.1
- Rebuilt for gcc bug 634757
* Tue Jun  8 2010 Alan Pevec <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> 4.9.2-1
- New upstream version 4.9.2
  http://collectd.org/news.shtml#news83
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #663797 - CVE-2010-4336 collectd: DoS via the RRDtool and RRDCacheD
plugins
        https://bugzilla.redhat.com/show_bug.cgi?id=663797
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update collectd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh