libxml2 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1250603080
업데이트 : 2009.08.18
상세내용
보안 버그 수정
. CVE-2009-2414
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32,
and libxml 1.8.17, allows context-dependent attackers to cause a denial of service
(application crash) via a large depth of element declarations in a DTD, related
to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
. CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27,
and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial
of service (application crash) via crafted (1) Notation or (2) Enumeration
attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing
framework.
Autoupdates 지원 : 지원
pkgsysupdate
pkgadd -F libxml2-phtyon
update 패키지
RPMS :
. libxml2-2.6.16-12.el4.7.i686.rpm
. libxml2-devel-2.6.16-12.el4.7.i686.rpm
. libxml2-python-2.6.16-12.el4.7.i686.rpm
SRPMS :
. libxml2-2.6.16-12.el4.7.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416
|