rest-0.7.92-3.el7

エラータID: AXSA:2015-778:01

Release date: 
Thursday, November 26, 2015 - 11:41
Subject: 
rest-0.7.92-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

This library was designed to make it easier to access web services that
claim to be "RESTful". A RESTful service should have urls that represent
remote objects, which methods can then be called on. The majority of services
don't actually adhere to this strict definition. Instead, their RESTful end
point usually has an API that is just simpler to use compared to other types
of APIs they may support (XML-RPC, for instance). It is this kind of API that
this library is attempting to support.

Security issues fixed with this release:

CVE-2015-2675
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-2675
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
Additional Info: 

N/A

Download: 

SRPMS
  1. rest-0.7.92-3.el7.src.rpm
    MD5: 2c83e481a85f7984e9a0246d2cc64f19
    SHA-256: ff4a2c4c186425e9547b3ade41632e327579ef78dacc61eadffd2c1105d7537c
    Size: 325.79 kB

Asianux Server 7 for x86_64
  1. rest-0.7.92-3.el7.x86_64.rpm
    MD5: b481d32da4460f5dffbd760e076c28df
    SHA-256: b5d23cb8b05454a8f9be31166af78aa667f6656ff2914b52e3446fc1534b3807
    Size: 61.32 kB
  2. rest-0.7.92-3.el7.i686.rpm
    MD5: 2ddc13610905302b2d1cb9788187245f
    SHA-256: 8f704df108acd967fe5c54727d1cc6bcf79f2ee73fd822447589cba39083370a
    Size: 60.48 kB