gzip 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1158907559
업데이트 : 2006.09.22
상세내용
CVE-2006-4334:
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers
to cause a denial of service (crash) via a crafted GZIP (gz) archive, which
results in a NULL dereference.
CVE-2006-4335:
Array index error in the make_table function in unlzh.c in the LZH decompression
component in gzip 1.3.5, when running on certain platforms, allows context-dependent
attackers to cause a denial of service (crash) and possibly execute arbitrary code
via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack
modification vulnerability."
CVE-2006-4336:
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows
context-dependent attackers to execute arbitrary code via a crafted leaf count
table that causes a write to a negative index.
CVE-2006-4337:
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5
allows context-dependent attackers to execute arbitrary code via a crafted
decoding table in a GZIP archive.
CVE-2006-4338:
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers
to cause a denial of service (infinite loop) via a crafted GZIP archive.
Autoupdates 지원 : 지원
update 패키지
RPMS :
. gzip-1.3.3-16.i686.rpm
SRPMS :
. gzip-1.3.3-16.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
|