| |||||||||||||||||||
MeeGo alert MeeGo-SA-10:33 (libsocialweb)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= MeeGo-SA-10:33.libsocialweb Security Advisory MeeGo Project Topic: Potential Format String Vulnerability Category: Communication Module: libsocialweb Announced: October 9, 2010 Affects: MeeGo 1.0 Corrected: October 9, 2010 MeeGo BID: 6295 CVE: For general information regarding MeeGo Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://www.MeeGo.com/>. I. Background A social data aggregator II. Problem Description librest passes unvalidated data from a webserver's response (via libsoup) into a g_set_error which is a function that takes a format string. The fix for this was to use a g_set_error_literal instead. Access Vector: Network exploitable III. Impact CVE-2010-2497: Unauthorized modification and disruption of service due to error with permissions, privileges or access control IV. Workaround None V. Solution Update to package libsocialweb-0.24.9-4.1 or later. VI. References http://bugs.meego.com/show_bug.cgi?id=6295 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (Darwin) iQEcBAEBAgAGBQJNN6koAAoJEEsJm1wYvCMbCugH/As/ly4fyXJQMUhd8yMX4chJ J6nMGEcnG00DD4tyKKEQBzOkOcFP798+wkhXOF8PomyuWzl41vgMKGLFxzUYGytX wOVC/nNf4BHn1f7dEbt9SCgMWLXYagNtyUUSb0eGLq60xqkC10pXInmsqnuQIYI4 NVAFyWZapXjommIKT0FYfGs4CAeChCRE4kah/tKJxRO3999tze1RTXn+7RbHvZHz paPlkR2FIsMv24HCX2e5f26tB4ia1sXqAjf/jHlQhDrnc3AadHySBZ4yveXAVkRA CfMyFRP5n/djvh8uYyTqo+Pov1xZKIIddgy3mHoLevOMKoEtxcmB7Mm8kWeIfpI= =eC+o -----END PGP SIGNATURE----- _______________________________________________ MeeGo-security mailing list MeeGo-security@meego.com http://lists.meego.com/listinfo/meego-security (Log in to post comments)
|
|||||||||||||||||||