bzip2 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1140964547
업데이트 : 2006.02.26
상세내용
CAN-2005-0758:
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows
local users to execute arbitrary commands via filenames that are injected into
a sed script.
CAN-2005-0953:
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions
of arbitrary files via a hard link attack on a file while it is being decompressed,
whose permissions are changed by bzip2 after the decompression is complete.
CAN-2005-1260:
bzip2 allows remote attackers to cause a denial of service (hard drive consumption)
via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
Autoupdates 지원 : 지원
update 패키지
RPMS :
. bzip2-1.0.2-14.i686.rpm
. bzip2-progs-1.0.2-14.i686.rpm
. bzip2-devel-1.0.2-14.i686.rpm
SRPMS :
. bzip2-1.0.2-14.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260
|