You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa catfish

Sigurnosni nedostaci programskog paketa catfish

——————————————————————————–
Fedora Update Notification
FEDORA-2014-3453
2014-03-06 07:17:27
——————————————————————————–

Name : catfish
Product : Fedora 19
Version : 0.4.0.2
Release : 4.fc19
URL : https://launchpad.net/catfish-search
Summary : A handy file search tool
Description :
A handy file search tool using different backends which is
configurable via the command line.

This program acts as a frontend for different file search engines.
The interface is intentionally lightweight and simple. But it takes
configuration options from the command line.

——————————————————————————–
Update Information:

In the previous rpm, catfish used a wrapper launching script using some bad logic for searching paths, which might lead to arbitrary code execution exploit by malicious local user. This vulnerability is now assigned as CVE-2014-2093 through CVE-2014-2096.

This new rpm should fix this issue.
——————————————————————————–
ChangeLog:

* Sun Mar 2 2014 Mamoru TASAKA <mtasaka@fedoraproject.org> – 0.4.0.2-4
– Fix insecure loading of script at startup (CVE-2014-2093 through
CVE-2014-2096, bug 1069398)
* Mon Jul 1 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> – 0.4.0.2-3
– Fix GError module error on launch (bug 964356)
– Fix infinite loop when searching words with asterisk (bug 964356)
——————————————————————————–
References:

[ 1 ] Bug #1069398 – catfish: insecure loading of python script [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1069398
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update catfish’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-3497
2014-03-06 07:25:43
——————————————————————————–

Name : catfish
Product : Fedora 20
Version : 1.0.1
Release : 1.fc20
URL : https://launchpad.net/catfish-search
Summary : A handy file search tool
Description :
Catfish is a handy file searching tool. The interface is
intentionally lightweight and simple, using only GTK+3.
You can configure it to your needs by using several command line
options.

——————————————————————————–
Update Information:

In the previous rpm, catfish used a wrapper launching script using some bad logic for searching paths, which might lead to arbitrary code execution exploit by malicious local user. This vulnerability is now assigned as CVE-2014-2093 through CVE-2014-2096.

This new rpm should fix this issue.
——————————————————————————–
ChangeLog:

* Sun Mar 2 2014 Mamoru TASAKA <mtasaka@fedoraproject.org> – 1.0.1-1
– 1.0.1
– Fix insecure loading of script at startup (CVE-2014-2093 through
CVE-2014-2096, bug 1069398)
* Sat Feb 15 2014 Mamoru TASAKA <mtasaka@fedoraproject.org> – 1.0.0-1
– 1.0.0
——————————————————————————–
References:

[ 1 ] Bug #1069398 – catfish: insecure loading of python script [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1069398
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update catfish’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa php

Otkriveni su sigurnosni nedostaci u programskom paketu php za RHEL 5. Otkriveni nedostaci se javljaju kod parsiranja brojeva s pomičnim...

Close