AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



apr-util 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1246385653
업데이트 : 2009.07.01


상세내용

- 보안버그 수정 사항

. CVE-2009-0023
A heap-based underwrite flaw was found in the way apr-util created compiled
forms of particular search patterns. An attacker could formulate a
specially-crafted search keyword, that would overwrite arbitrary heap
memory locations when processed by the pattern preparation engine.

. CVE-2009-1955
A denial of service flaw was found in the apr-util Extensible Markup
Language (XML) parser. A remote attacker could create a specially-crafted
XML document that would cause excessive memory consumption when processed
by the XML decoding engine.

. CVE-2009-1956
An off-by-one overflow flaw was found in the way apr-util processed a
variable list of arguments. An attacker could provide a specially-crafted
string as input for the formatted output conversion routine, which could,
on big-endian platforms, potentially lead to the disclosure of sensitive
information or a denial of service (application crash).


Autoupdates 지원 : 지원안함
 pkgadd -F 'apr-util*'


update 패키지

  RPMS :

    . apr-util-0.9.15-2.i686.rpm
    . apr-util-devel-0.9.15-2.i686.rpm

  SRPMS :

    . apr-util-0.9.15-2.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1956



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10