AnNyung Official Homepage Home > Update [ 1.2 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



gzip 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1158907559
업데이트 : 2006.09.22


상세내용

CVE-2006-4334:
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers
to cause a denial of service (crash) via a crafted GZIP (gz) archive, which
results in a NULL dereference.

CVE-2006-4335:
Array index error in the make_table function in unlzh.c in the LZH decompression
component in gzip 1.3.5, when running on certain platforms, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack
modification vulnerability."

CVE-2006-4336:
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows
context-dependent attackers to execute arbitrary code via a crafted leaf count
table that causes a write to a negative index.

CVE-2006-4337:
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5
allows context-dependent attackers to execute arbitrary code via a crafted
decoding table in a GZIP archive.

CVE-2006-4338:
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers
to cause a denial of service (infinite loop) via a crafted GZIP archive.


Autoupdates 지원 : 지원


update 패키지

  RPMS :

    . gzip-1.3.3-16.i686.rpm

  SRPMS :

    . gzip-1.3.3-16.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338



    



 Home > Update [ 1.2 ]

Copyright 2018 OOPS Development Organization 
LAST MODIFIED: 2016/04/24