SCIENTIFIC-LINUX-ERRATA Archives

December 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Low: rest on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Mon, 21 Dec 2015 23:16:15 +0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (26 lines) 
Synopsis:          Low: rest security update

Advisory ID:       SLSA-2015:2237-3

Issue Date:        2015-11-19

CVE Numbers:       CVE-2015-2675

--



It was found that the OAuth implementation in librest, a helper library

for RESTful services, incorrectly truncated the pointer returned by the

rest_proxy_call_get_url call. An attacker could use this flaw to crash an

application using the librest library. (CVE-2015-2675)



After installing the update, all applications using librest must be

restarted for the update to take effect.

--



SL7

  x86_64

    rest-0.7.92-3.el7.i686.rpm

    rest-0.7.92-3.el7.x86_64.rpm

    rest-debuginfo-0.7.92-3.el7.i686.rpm

    rest-debuginfo-0.7.92-3.el7.x86_64.rpm

    rest-devel-0.7.92-3.el7.i686.rpm

    rest-devel-0.7.92-3.el7.x86_64.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2