expat 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1261332645
업데이트 : 2009.12.21
상세내용
- 1.95.8-8.3.el54.2 update
- fixed CVE-2009-3560
- fixed CVE-2009-3720
. CVE-2009-3560:
The big2_toUtf8 function in lib/xmltok.c in libexpat in
Expat 2.0.1, as used in the XML-Twig module for Perl,
allows context-dependent attackers to cause a denial of
service (application crash) via an XML document with
malformed UTF-8 sequences that trigger a buffer over-read,
related to the doProlog function in lib/xmlparse.c, a
different vulnerability than CVE-2009-2625 and CVE-2009-3720.
. CVE-2009-3720:
The updatePosition function in lib/xmltok_impl.c in libexpat
in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and
other software, allows context-dependent attackers to cause
a denial of service (application crash) via an XML document
with crafted UTF-8 sequences that trigger a buffer over-read,
a different vulnerability than CVE-2009-2625.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. expat-1.95.8-8.3.el54.2.i686.rpm
SRPMS :
. expat-1.95.8-8.3.el54.2.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
|