AnNyung Official Homepage Home > Update [ 1.2 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1131044965
업데이트 : 2005.11.04


상세내용

* update 5.0.5

- Fixed memory allocation bug
- Additinal fix for bug #34277 (array_filter() crashes with references
  and objects)
- fix #34450 (Segfault when calling mysqli_close() in destructor)
- Fixed shutdown order.
- Fixed access to uninitialized value
- fix crash on restarting static PHP having session modules loaded
- Remove HTML fragments from phpcredits() in CLI mode
- Backport stream_socket_enable_crypto()
- Fixed memory corryption
- fix #32081 (mysqli_real_connect(): mysqli.default_socket in php.ini
  has no effect) for real
- fix #33220, infinite loop while loading invalid GIF (nlopees)
- Fixed bug #32937 (open_basedir looses trailing / in the limiter).
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().
- Fixed possible crash and/or memory corruption in import_request_variables()
- Fixed potential GLOBALS overwrite via import_request_variables().
- GLOBALS protection for extract() function.
- fix #32179 (xmlrpc_encode() segfaults with recursive references)
- fix #34731
- fix #34723 (array_count_values() strips leading zeroes)
- Missing safe_mode/open_basedir checks for file uploads.
- Fix #34557 php -m exits with "error" 1
- Added missing safe_mode checks.
- Fix issue (endless loop) with temp/memory streams
- Bugfix #34704 (Infinite recursion due to corrupt JPEG)
- fix #33383 (crash when retrieving empty LOBs)
- fix #34810 (mysqli::init() and others use wrong  pointer without
  checks)
- Fixed bug #34790 (preg_match_all(), named capturing groups, variable
  assignment/return => crash)
- fix #34757 (iconv_substr() gives "Unknown error" when offset > string
  length)
- Fixed an error in mysqli_fetch_fields (returned NULL instead of an
  array when row number > field_count). (Georg)
- Further URL validations in safe_mode/open_basedir configs.
- fix mime_magic problems with ZTS
- use php_error_docref() instead of php_error() everywhere
- backport Ilia's fix for #34884
- fixed bug #29983 (PHP does not explicitly set mime type & charset)
  + call sapi_deactivate() when called with -m switch
- Fixed bug #34782 (token_get_all() gives wrong result)
- fix possible crash in dns_get_record() cleanup code a bit (partly
  fixes #34938)
- fix #34938 (dns_get_record() doesn't resolve long hostnames and leaks)
- apply workaround for the leak only when GLIBC is used
- fix #34996 (ImageTrueColorToPalette() crashes when ncolors is zero)
- Fixed bug #34982 (array_walk_recursive() modifies elements outside
  function scope)
- Fix #35037. Selecting a uniqueidentifier would return unknown data
  type when used with freetds.
- chagned allow_url_fopen INI_ALL
- changed semaphore order to avoid leak
- libsqlite version update to 2.8.16


* php 4.4.1 update

- Added missing safe_mode checks for image* functions and cURL.
- Added missing safe_mode/open_basedir checks for file uploads.
- Fixed a memory corruption bug regarding included files.
- Fixed possible INI setting leak via virtual() in Apache 2 sapi.
- Fixed possible crash and/or memory corruption in import_request_variables().
- Fixed potential GLOBALS overwrite via import_request_variables().
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().


Autoupdates 지원 : 일부 지원
  Autoupdate 대상 :
    . php-binary
    . php-devel
    . php-pear

  Autoupdate 비 대상 :

    . 나머지 패키지들
    . pkgadd -F php* 명령으로 업데이트 가능 또는 pkginfo -u 옵션으로 업데이트 대상
      확인

  추가 정보 :
    . php 4 패키지는 자동 업데이트 및 Packages System 대상이 아니며, 수동으로 업데이트
      해 주어야 함. (php 5 로 업데이트를 하지 못하는 유저들을 위해 임시 지원)
    . php 4 는 보안 버그 관련 패키지만 업데이트 지원 (revision 은 달라도 운영상 상관은
      없으나, shared extension 의 경우 php.ini 에서 등록 확인 要.)


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.0.5-1.i686.rpm
    . php-devel-5.0.5-1.i686.rpm
    . php-pear-5.0.5-1.i686.rpm

    . php-5.0.5-1.i686.rpm
    . php-bcmath-5.0.5-1.i686.rpm
    . php-calendar-5.0.5-1.i686.rpm
    . php-curl-5.0.5-1.i686.rpm
    . php-dba-5.0.5-1.i686.rpm
    . php-eaccelerator-5.0.5-1.i686.rpm
    . php-exif-5.0.5-1.i686.rpm
    . php-ftp-5.0.5-1.i686.rpm
    . php-gd-5.0.5-1.i686.rpm
    . php-gettext-5.0.5-1.i686.rpm
    . php-iconv-5.0.5-1.i686.rpm
    . php-imap-5.0.5-1.i686.rpm
    . php-korean-5.0.5-1.i686.rpm
    . php-mbstring-5.0.5-1.i686.rpm
    . php-mcrypt-5.0.5-1.i686.rpm
    . php-mhash-5.0.5-1.i686.rpm
    . php-mssql-5.0.5-1.i686.rpm
    . php-mysql-5.0.5-1.i686.rpm
    . php-mysqli-5.0.5-1.i686.rpm
    . php-openssl-5.0.5-1.i686.rpm
    . php-pgsql-5.0.5-1.i686.rpm
    . php-rrd-5.0.5-1.i686.rpm
    . php-sockets-5.0.5-1.i686.rpm
    . php-sqlite-5.0.5-1.i686.rpm
    . php-zlib-5.0.5-1.i686.rpm


    + PHP4
    . php-binary-4.4.1-1.i686.rpm
    . php-devel-4.4.1-1.i686.rpm
    . php-pear-4.4.1-1.i686.rpm

    . php-4.4.1-1.i686.rpm
    . php-iconv-4.4.1-1.i686.rpm
    . php-mbstring-4.4.1-1.i686.rpm

  SRPMS :

    . php-4.4.1-1.src.rpm


참고 :
http://www.hardened-php.net/advisory_202005.79.html
http://www.hardened-php.net/index.76.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_182005.77.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
http://itpro.nikkeibp.co.jp/article/NEWS/20051102/223939/




    



 Home > Update [ 1.2 ]

Copyright 2015 OOPS Development Organization 
LAST MODIFIED: 2014/10/07