bzip2 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1121107110
업데이트 : 2005.07.12
상세내용
. CAN-2005-0758 :
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which
allows local users to execute arbitrary commands via filenames that are
injected into a sed script.
. CAN-2005-0953 :
Race condition in bzip2 1.0.2 and earlier allows local users to modify
permissions of arbitrary files via a hard link attack on a file while
it is being decompressed, whose permissions are changed by bzip2 after
the decompression is complete.
. CAN-2005-1260 :
bzip2 allows remote attackers to cause a denial of service (hard drive
consumption) via a crafted bzip2 file that causes an infinite loop
(a.k.a "decompression bomb").
Autoupdates 지원 : 지원
update 패키지
RPMS :
. bzip2-1.0.2-13.i686.rpm
. bzip2-libs-1.0.2-13.i686.rpm
. bzip2-devel-1.0.2-13.i686.rpm
SRPMS :
. bzip2-1.0.2-13.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260
|