apr-util 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1246385653
업데이트 : 2009.07.01
상세내용
- 보안버그 수정 사항
. CVE-2009-0023
A heap-based underwrite flaw was found in the way apr-util created compiled
forms of particular search patterns. An attacker could formulate a
specially-crafted search keyword, that would overwrite arbitrary heap
memory locations when processed by the pattern preparation engine.
. CVE-2009-1955
A denial of service flaw was found in the apr-util Extensible Markup
Language (XML) parser. A remote attacker could create a specially-crafted
XML document that would cause excessive memory consumption when processed
by the XML decoding engine.
. CVE-2009-1956
An off-by-one overflow flaw was found in the way apr-util processed a
variable list of arguments. An attacker could provide a specially-crafted
string as input for the formatted output conversion routine, which could,
on big-endian platforms, potentially lead to the disclosure of sensitive
information or a denial of service (application crash).
Autoupdates 지원 : 지원안함
pkgadd -F 'apr-util*'
update 패키지
RPMS :
. apr-util-0.9.15-2.i686.rpm
. apr-util-devel-0.9.15-2.i686.rpm
SRPMS :
. apr-util-0.9.15-2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956
|