Lucene search

K
fedoraFedoraFEDORA:5F76321B0E
HistoryJul 15, 2013 - 1:01 a.m.

[SECURITY] Fedora 19 Update: zeroinstall-injector-2.3-1.fc19

2013-07-1501:01:19
lists.fedoraproject.org
7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

The Zero Install Injector makes it easy for users to install software without needing root privileges. It takes the URL of a program and runs it (downloading it first if necessary). Any dependencies of the program are fetched in the same way. The user controls which version of the program and its dependencies to use. Zero Install is a decentralized installation system (there is no central repository; all packages are identified by URLs), loosely-coupled (if different programs require different versions of a library then both versions are installed in parallel, without conflicts), and has an emphasis on security (all package descriptions are GPG-signed, and contain cryptographic hashes of the contents of each version). Each version of each program is stored in its own sub-directory within the Zero Install cache (nothing is installed to directories outside of the cache, such as /usr/bin) and no code from the package is run during install or uninstall. The system can automatically check for updates when software is run.

OSVersionArchitecturePackageVersionFilename
Fedora19anyzeroinstall-injector< 2.3UNKNOWN

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P