bzip2 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1121107110
업데이트 : 2005.07.12
. CAN-2005-0758 :
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that are
injected into a sed script.
. CAN-2005-0953 :
Race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while
it is being decompressed, whose permissions are changed by bzip2 after
the decompression is complete.
. CAN-2005-1260 :
bzip2 allows remote attackers to cause a denial of service (hard drive
consumption) via a crafted bzip2 file that causes an infinite loop
(a.k.a "decompression bomb").
Autoupdates 지원 : 지원