Nacionalni CERT

Sigurnosni nedostatak programskog paketa spatialite

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-357f9df699<br />2017-07-16 19:40:43.833321<br />--------------------------------------------------------------------------------<br /><br />Name : spatialite-tools<br />Product : Fedora 26<br />Version : 4.3.0<br />Release : 23.fc26<br />URL : https://www.gaia-gis.it/fossil/spatialite-tools<br />Summary : A set of useful CLI tools for SpatiaLite<br />Description :<br />Spatialite-Tools is a set of useful CLI tools for SpatiaLite.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Security fix for CVE-2017-10989: Heap-buffer overflow in the getNodeSize<br />function Additionally sqlite has been updated to version 3.19.3, and<br />spatialite-tools rebuilt for the update.<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1469672 - CVE-2017-10989 sqlite: Heap-buffer overflow in the getNodeSize function<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1469672<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade spatialite-tools' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriven je sigurnosni nedostatak u programskom paketu spatialite za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje prepisivanje spremnika ili druge nespecificirane vrste napada. Savjetuje se ažuriranje izdanim zakrpama.