Nacionalni CERT

Sigurnosni nedostaci programskog paketa openvas

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-3fb16e3a65<br />2017-07-16 19:40:43.832786<br />--------------------------------------------------------------------------------<br /><br />Name : openvas-gsa<br />Product : Fedora 26<br />Version : 7.0.2<br />Release : 2.fc26<br />URL : http://www.openvas.org<br />Summary : Greenbone Security Assistant (GSA) is GUI to the OpenVAS<br />Description :<br />The Greenbone Security Assistant (GSA) is a lean web service offering a user<br />web interface for the Open Vulnerability Assessment System (OpenVAS).<br />The GSA uses XSL transformation style-sheets that converts OMP responses<br />from the OpenVAS infrastructure into presentable HTML.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Update to openvas-9<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1393605 - openvas-gsa-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393605<br /> [ 2 ] Bug #1393634 - openvas-manager-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393634<br /> [ 3 ] Bug #736321 - openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled [epel-6]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=736321<br /> [ 4 ] Bug #1424031 - openvas-libraries: FTBFS in rawhide<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1424031<br /> [ 5 ] Bug #1393635 - openvas-libraries-9.0.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393635<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade openvas-gsa' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org<br /><br /><br />--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-3fb16e3a65<br />2017-07-16 19:40:43.832786<br />--------------------------------------------------------------------------------<br /><br />Name : openvas-cli<br />Product : Fedora 26<br />Version : 1.4.5<br />Release : 3.fc26<br />URL : http://www.openvas.org<br />Summary : Command-line tool to drive OpenVAS Manager<br />Description :<br />OpenVAS CLI contains the command line tool "omp" which allows to create batch<br />processes to drive OpenVAS Manager.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Update to openvas-9<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1393605 - openvas-gsa-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393605<br /> [ 2 ] Bug #1393634 - openvas-manager-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393634<br /> [ 3 ] Bug #736321 - openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled [epel-6]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=736321<br /> [ 4 ] Bug #1424031 - openvas-libraries: FTBFS in rawhide<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1424031<br /> [ 5 ] Bug #1393635 - openvas-libraries-9.0.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393635<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade openvas-cli' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org<br /><br /><br />--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-3fb16e3a65<br />2017-07-16 19:40:43.832786<br />--------------------------------------------------------------------------------<br /><br />Name : openvas-libraries<br />Product : Fedora 26<br />Version : 9.0.1<br />Release : 1.fc26<br />URL : http://www.openvas.org<br />Summary : Support libraries for Open Vulnerability Assessment (OpenVAS) Scanner<br />Description :<br />openvas-libraries is the base library for the OpenVAS network<br />security scanner.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Update to openvas-9<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1393605 - openvas-gsa-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393605<br /> [ 2 ] Bug #1393634 - openvas-manager-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393634<br /> [ 3 ] Bug #736321 - openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled [epel-6]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=736321<br /> [ 4 ] Bug #1424031 - openvas-libraries: FTBFS in rawhide<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1424031<br /> [ 5 ] Bug #1393635 - openvas-libraries-9.0.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393635<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade openvas-libraries' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org<br /><br /><br />--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-3fb16e3a65<br />2017-07-16 19:40:43.832786<br />--------------------------------------------------------------------------------<br /><br />Name : openvas-scanner<br />Product : Fedora 26<br />Version : 5.1.1<br />Release : 1.fc26<br />URL : http://www.openvas.org<br />Summary : Open Vulnerability Assessment (OpenVAS) Scanner<br />Description :<br />Scanner module for the Open Vulnerability Assessment System (OpenVAS).<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Update to openvas-9<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1393605 - openvas-gsa-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393605<br /> [ 2 ] Bug #1393634 - openvas-manager-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393634<br /> [ 3 ] Bug #736321 - openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled [epel-6]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=736321<br /> [ 4 ] Bug #1424031 - openvas-libraries: FTBFS in rawhide<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1424031<br /> [ 5 ] Bug #1393635 - openvas-libraries-9.0.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393635<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade openvas-scanner' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org<br /><br /><br />--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-3fb16e3a65<br />2017-07-16 19:40:43.832786<br />--------------------------------------------------------------------------------<br /><br />Name : openvas-manager<br />Product : Fedora 26<br />Version : 7.0.2<br />Release : 1.fc26<br />URL : http://www.openvas.org<br />Summary : Manager Module for the Open Vulnerability Assessment System (OpenVAS)<br />Description :<br />The OpenVAS Manager is the central service that consolidates plain vulnerability<br />scanning into a full vulnerability management solution. The Manager controls the<br />Scanner via OTP and itself offers the XML-based, stateless OpenVAS Management<br />Protocol (OMP). All intelligence is implemented in the Manager so that it is<br />possible to implement various lean clients that will behave consistently e.g.<br />with regard to filtering or sorting scan results. The Manager also controls<br />a SQL database (sqlite-based) where all configuration and scan result data is<br />centrally stored.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Update to openvas-9<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1393605 - openvas-gsa-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393605<br /> [ 2 ] Bug #1393634 - openvas-manager-7.0.2 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393634<br /> [ 3 ] Bug #736321 - openvas-scanner: Insecure temporary file use by generation of an OVAL system characteristics document, when ovaldi support enabled [epel-6]<br /> https://bugzilla.redhat.com/show_bug.cgi?id=736321<br /> [ 4 ] Bug #1424031 - openvas-libraries: FTBFS in rawhide<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1424031<br /> [ 5 ] Bug #1393635 - openvas-libraries-9.0.1 is available<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1393635<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade openvas-manager' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriveni su sigurnosni nedostaci u programskim paketima openvas-gsa, openvas-cli, openvas-libraries, openvas-scanner i openvas-manager za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje "symlink" i drugih nespecificiranih vrsta napada. Savjetuje se ažuriranje izdanim zakrpama.