Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Scientific Linux: SLSA-2015:2237-3 Low: librest Crash Risk

Scientific Large Esm H446
Low: rest security update
Date: Mon, 21 Dec 2015 23:16:15 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Low: rest on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20151221231615.18997.96701@slpackages.fnal.gov>

Synopsis: Low: rest security update
Advisory ID: SLSA-2015:2237-3
Issue Date: 2015-11-19
CVE Numbers: CVE-2015-2675
--

It was found that the OAuth implementation in librest, a helper library
for RESTful services, incorrectly truncated the pointer returned by the
rest_proxy_call_get_url call. An attacker could use this flaw to crash an
application using the librest library. (CVE-2015-2675)

After installing the update, all applications using librest must be
restarted for the update to take effect.
--

SL7
 x86_64
 rest-0.7.92-3.el7.i686.rpm
 rest-0.7.92-3.el7.x86_64.rpm
 rest-debuginfo-0.7.92-3.el7.i686.rpm
 rest-debuginfo-0.7.92-3.el7.x86_64.rpm
 rest-devel-0.7.92-3.el7.i686.rpm
 rest-devel-0.7.92-3.el7.x86_64.rpm

- Scientific Linux Development Team