You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa pxz

Sigurnosni nedostatak programskog paketa pxz

——————————————————————————–
Fedora Update Notification
FEDORA-2020-c9eb911737
2020-05-03 04:40:20.139835
——————————————————————————–

Name : pxz
Product : Fedora 30
Version : 4.999.9
Release : 19.beta.20200421git.fc30
URL : https://jnovy.fedorapeople.org/pxz/
Summary : Parallel LZMA compressor using XZ
Description :
Parallel XZ is a compression utility that takes advantage of running
XZ compression simultaneously on different parts of an input file on
multiple cores and processors. This significantly speeds up compression
time.

——————————————————————————–
Update Information:

– Update to GIT 20200421 – Added patch against race condition in setting
permissions on output file (#1182024) – Added patch to revert environment
redirect allowing `export XZ_OPT=”-9″` or similar
——————————————————————————–
ChangeLog:

* Tue Apr 21 2020 Robert Scheck <robert@fedoraproject.org> 4.999.9-19.beta.20200421git
– Update to GIT 20200421
– Added patch against race condition in setting permissions on output file (#1182024)
– Added patch to revert environment redirect allowing ‘export XZ_OPT=”-9″‘ or similar
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> – 4.999.9-18.beta.20120930git
– Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> – 4.999.9-17.beta.20120930git
– Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
——————————————————————————–
References:

[ 1 ] Bug #1182024 – CVE-2015-1200 pxz: race condition in setting permissions on output file
https://bugzilla.redhat.com/show_bug.cgi?id=1182024
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-c9eb911737’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-8b89d5b9eb
2020-05-01 04:04:10.484407
——————————————————————————–

Name : pxz
Product : Fedora 32
Version : 4.999.9
Release : 19.beta.20200421git.fc32
URL : https://jnovy.fedorapeople.org/pxz/
Summary : Parallel LZMA compressor using XZ
Description :
Parallel XZ is a compression utility that takes advantage of running
XZ compression simultaneously on different parts of an input file on
multiple cores and processors. This significantly speeds up compression time.

——————————————————————————–
Update Information:

– Update to GIT 20200421 – Added patch against race condition in setting
permissions on output file (#1182024) – Added patch to revert environment
redirect allowing `export XZ_OPT=”-9″` or similar
——————————————————————————–
ChangeLog:

* Tue Apr 21 2020 Robert Scheck <robert@fedoraproject.org> 4.999.9-19.beta.20200421git
– Update to GIT 20200421
– Added patch against race condition in setting permissions on output file (#1182024)
– Added patch to revert environment redirect allowing ‘export XZ_OPT=”-9″‘ or similar
——————————————————————————–
References:

[ 1 ] Bug #1182024 – CVE-2015-1200 pxz: race condition in setting permissions on output file
https://bugzilla.redhat.com/show_bug.cgi?id=1182024
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-8b89d5b9eb’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa rubygem-json

Otkriven je sigurnosni nedostatak u programskom paketu rubygem-json za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja,...

Close