util-linux 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1129362107
업데이트 : 2005.10.15
상세내용
CAN-2001-1494:
script command in the util-linux package before 2.11n allows local users to
overwrite arbitrary files by setting a hardlink from the typescript log file
to any file on the system, then having root execute the script command.
CAN-2005-2876:
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages
such as loop-aes-utils, allows local users with unmount permissions to gain
privileges via the -r (remount) option, which causes the file system to be
remounted with just the read-only flag, which effectively clears the nosuid,
nodev, and other flags.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. util-linux-2.11y-31.11.i686.rpm
. mount-2.11y-31.11.i686.rpm
. losetup-2.11y-31.11.i686.rpm
SRPMS :
. util-linux-2.11y-31.11.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2876
|