libtiff 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1250509297
업데이트 : 2009.08.17
상세내용
보안 버그 수정
CVE-2009-2285:
A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW)
compression algorithm decoder. An attacker could create a specially-crafted
LZW-encoded TIFF file, which once opened by an unsuspecting user, would
cause an application linked with libtiff to access an out-of-bounds memory
location, leading to a denial of service (application crash).
CVE-2009-2347:
Several integer overflow flaws, leading to heap-based buffer overflows,
were found in various libtiff color space conversion tools. An attacker
could create a specially-crafted TIFF file, which once opened by an
unsuspecting user, would cause the conversion tool to crash or,
potentially, execute arbitrary code with the privileges of the user running
the tool.
Autoupdates 지원 : 지원
pkgsysupdate
update 패키지
RPMS :
. libtiff-3.5.7-33.el3.i686.rpm
. libtiff-devel-3.5.7-33.el3.i686.rpm
SRPMS :
. libtiff-3.5.7-33.el3.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2347
|