AnNyung Official Homepage Home > Update [ 1.2 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1131044965
업데이트 : 2005.11.04


상세내용

* update 5.0.5

- Fixed memory allocation bug
- Additinal fix for bug #34277 (array_filter() crashes with references
  and objects)
- fix #34450 (Segfault when calling mysqli_close() in destructor)
- Fixed shutdown order.
- Fixed access to uninitialized value
- fix crash on restarting static PHP having session modules loaded
- Remove HTML fragments from phpcredits() in CLI mode
- Backport stream_socket_enable_crypto()
- Fixed memory corryption
- fix #32081 (mysqli_real_connect(): mysqli.default_socket in php.ini
  has no effect) for real
- fix #33220, infinite loop while loading invalid GIF (nlopees)
- Fixed bug #32937 (open_basedir looses trailing / in the limiter).
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().
- Fixed possible crash and/or memory corruption in import_request_variables()
- Fixed potential GLOBALS overwrite via import_request_variables().
- GLOBALS protection for extract() function.
- fix #32179 (xmlrpc_encode() segfaults with recursive references)
- fix #34731
- fix #34723 (array_count_values() strips leading zeroes)
- Missing safe_mode/open_basedir checks for file uploads.
- Fix #34557 php -m exits with "error" 1
- Added missing safe_mode checks.
- Fix issue (endless loop) with temp/memory streams
- Bugfix #34704 (Infinite recursion due to corrupt JPEG)
- fix #33383 (crash when retrieving empty LOBs)
- fix #34810 (mysqli::init() and others use wrong  pointer without
  checks)
- Fixed bug #34790 (preg_match_all(), named capturing groups, variable
  assignment/return => crash)
- fix #34757 (iconv_substr() gives "Unknown error" when offset > string
  length)
- Fixed an error in mysqli_fetch_fields (returned NULL instead of an
  array when row number > field_count). (Georg)
- Further URL validations in safe_mode/open_basedir configs.
- fix mime_magic problems with ZTS
- use php_error_docref() instead of php_error() everywhere
- backport Ilia's fix for #34884
- fixed bug #29983 (PHP does not explicitly set mime type & charset)
  + call sapi_deactivate() when called with -m switch
- Fixed bug #34782 (token_get_all() gives wrong result)
- fix possible crash in dns_get_record() cleanup code a bit (partly
  fixes #34938)
- fix #34938 (dns_get_record() doesn't resolve long hostnames and leaks)
- apply workaround for the leak only when GLIBC is used
- fix #34996 (ImageTrueColorToPalette() crashes when ncolors is zero)
- Fixed bug #34982 (array_walk_recursive() modifies elements outside
  function scope)
- Fix #35037. Selecting a uniqueidentifier would return unknown data
  type when used with freetds.
- chagned allow_url_fopen INI_ALL
- changed semaphore order to avoid leak
- libsqlite version update to 2.8.16


* php 4.4.1 update

- Added missing safe_mode checks for image* functions and cURL.
- Added missing safe_mode/open_basedir checks for file uploads.
- Fixed a memory corruption bug regarding included files.
- Fixed possible INI setting leak via virtual() in Apache 2 sapi.
- Fixed possible crash and/or memory corruption in import_request_variables().
- Fixed potential GLOBALS overwrite via import_request_variables().
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().


Autoupdates 지원 : 일부 지원
  Autoupdate 대상 :
    . php-binary
    . php-devel
    . php-pear

  Autoupdate 비 대상 :

    . 나머지 패키지들
    . pkgadd -F php* 명령으로 업데이트 가능 또는 pkginfo -u 옵션으로 업데이트 대상
      확인

  추가 정보 :
    . php 4 패키지는 자동 업데이트 및 Packages System 대상이 아니며, 수동으로 업데이트
      해 주어야 함. (php 5 로 업데이트를 하지 못하는 유저들을 위해 임시 지원)
    . php 4 는 보안 버그 관련 패키지만 업데이트 지원 (revision 은 달라도 운영상 상관은
      없으나, shared extension 의 경우 php.ini 에서 등록 확인 要.)


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.0.5-1.i686.rpm
    . php-devel-5.0.5-1.i686.rpm
    . php-pear-5.0.5-1.i686.rpm

    . php-5.0.5-1.i686.rpm
    . php-bcmath-5.0.5-1.i686.rpm
    . php-calendar-5.0.5-1.i686.rpm
    . php-curl-5.0.5-1.i686.rpm
    . php-dba-5.0.5-1.i686.rpm
    . php-eaccelerator-5.0.5-1.i686.rpm
    . php-exif-5.0.5-1.i686.rpm
    . php-ftp-5.0.5-1.i686.rpm
    . php-gd-5.0.5-1.i686.rpm
    . php-gettext-5.0.5-1.i686.rpm
    . php-iconv-5.0.5-1.i686.rpm
    . php-imap-5.0.5-1.i686.rpm
    . php-korean-5.0.5-1.i686.rpm
    . php-mbstring-5.0.5-1.i686.rpm
    . php-mcrypt-5.0.5-1.i686.rpm
    . php-mhash-5.0.5-1.i686.rpm
    . php-mssql-5.0.5-1.i686.rpm
    . php-mysql-5.0.5-1.i686.rpm
    . php-mysqli-5.0.5-1.i686.rpm
    . php-openssl-5.0.5-1.i686.rpm
    . php-pgsql-5.0.5-1.i686.rpm
    . php-rrd-5.0.5-1.i686.rpm
    . php-sockets-5.0.5-1.i686.rpm
    . php-sqlite-5.0.5-1.i686.rpm
    . php-zlib-5.0.5-1.i686.rpm


    + PHP4
    . php-binary-4.4.1-1.i686.rpm
    . php-devel-4.4.1-1.i686.rpm
    . php-pear-4.4.1-1.i686.rpm

    . php-4.4.1-1.i686.rpm
    . php-iconv-4.4.1-1.i686.rpm
    . php-mbstring-4.4.1-1.i686.rpm

  SRPMS :

    . php-4.4.1-1.src.rpm


참고 :
http://www.hardened-php.net/advisory_202005.79.html
http://www.hardened-php.net/index.76.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_182005.77.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
http://itpro.nikkeibp.co.jp/article/NEWS/20051102/223939/




    



 Home > Update [ 1.2 ]

Copyright 2014 OOPS Development Organization 
LAST MODIFIED: 2014/10/07