You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa netcf

Sigurnosni nedostatak programskog paketa netcf

——————————————————————————–
Fedora Update Notification
FEDORA-2015-5910
2015-04-10 02:58:36
——————————————————————————–

Name : netcf
Product : Fedora 20
Version : 0.2.8
Release : 1.fc20
URL : https://fedorahosted.org/netcf/
Summary : Cross-platform network configuration library
Description :
Netcf is a library used to modify the network configuration of a
system. Network configurations are expressed in a platform-independent
XML format, which netcf translates into changes to the system’s
‘native’ network configuration files.

——————————————————————————–
Update Information:

Security fix for CVE 2014-8119, as well as adding a few other minor bugfixes and enhancements (support for multiple IPv4 addresses, simultaneous static & dhcp for IPv4)
——————————————————————————–
ChangeLog:

* Wed Apr 8 2015 Laine Stump <laine@redhat.com> – 0.2.8-1
– rebase to netcf-0.2.8
– resolve CVE-2014-8119
– Fix build on systems with newer libnl3 that doesn’t
– support multiple IPv4 addresses in interface config (redhat driver)
– allow static IPv4 config simultaneous with DHCPv4 (redhat driver)
– recognize IPADDR0/NETMASK0/PREFIX0
– remove extra quotes from IPV6ADDR_SECONDARIES (redhat+suse drivers)
– miscellaneous systemd service fixes
– use git to apply patches in rpm specfile
– allow interleaved elements in interface XML schema
– allow <link> element in vlan and bond interfaces
– report link state/speed in interface status
– change DHCPv6 to DHCPV6C in ifcfg files
– max vlan id is 4095, not 4096
– wait for IFF_UP and IFF_RUNNING after calling ifup
– don’t require IFF_RUNNING for bridge devices
– avoid memory leak in debian when listing interfaces
– avoid use of uninitialized data when getting mac address
(fixes https://bugzilla.redhat.com/show_bug.cgi?id=1046594 )
– limit interface names to IFNAMSIZ-1 characters in length
– support systemd for netcf-transaction
* Sat May 3 2014 Cole Robinson <crobinso@redhat.com> – 0.2.3-6
– Fix reading bridge stp value (bz #1031053)
——————————————————————————–
References:

[ 1 ] Bug #1172176 – CVE-2014-8119 netcf: augeas path expression injection via interface name
https://bugzilla.redhat.com/show_bug.cgi?id=1172176
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update netcf’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-5872
2015-04-09 05:00:29
——————————————————————————–

Name : netcf
Product : Fedora 21
Version : 0.2.8
Release : 1.fc21
URL : https://fedorahosted.org/netcf/
Summary : Cross-platform network configuration library
Description :
Netcf is a library used to modify the network configuration of a
system. Network configurations are expressed in a platform-independent
XML format, which netcf translates into changes to the system’s
‘native’ network configuration files.

——————————————————————————–
Update Information:

Security fix for CVE 2014-8119, as well as adding a few other minor bugfixes and enhancements (support for multiple IPv4 addresses, simultaneous static & dhcp for IPv4)
——————————————————————————–
ChangeLog:

* Wed Apr 8 2015 Laine Stump <laine@redhat.com> – 0.2.8-1
– rebase to netcf-0.2.8
– resolve CVE-2014-8119
– Fix build on systems with newer libnl3 that doesn’t
– support multiple IPv4 addresses in interface config (redhat driver)
– allow static IPv4 config simultaneous with DHCPv4 (redhat driver)
– recognize IPADDR0/NETMASK0/PREFIX0
– remove extra quotes from IPV6ADDR_SECONDARIES (redhat+suse drivers)
– miscellaneous systemd service fixes
– use git to apply patches in rpm specfile
– revert the 0.2.6-2 specfile patch mentioned below (now fixed properly)
* Thu Jan 8 2015 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> – 0.2.6-2
– do not write to the console (#1135744)
——————————————————————————–
References:

[ 1 ] Bug #1172176 – CVE-2014-8119 netcf: augeas path expression injection via interface name
https://bugzilla.redhat.com/show_bug.cgi?id=1172176
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update netcf’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Ispravak zakrpe za jezgru operacijskog sustava

Izdan je ispravak za otklanjanje greške u zakrpi izdanoj s preporukama oznake USN-2597-1, USN-2598-1, USN-2599-1 i USN-2600-1 za jezgru operacijskog...

Close