AnNyung Official Homepage Home > Update [ 1.2 ]  

What is AnNyung
Packages System
White Paper
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]

  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15

php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1174237651
업데이트 : 2007.03.19


* update 5.1.6-3
* security fix

A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer
overflow could occur in memory allocation. If a script used the
imap_mail_compose() function to create a new MIME message based on an
input body from an untrusted source, it could result in a heap overflow.
An attacker with access to a PHP application affected by any these issues
could trigger the flaws and possibly execute arbitrary code as the
'apache' user. 

A one byte memory read always occurs before the beginning of a buffer.
This could be triggered, for example, by any use of the header() function
in a script. However it is unlikely that this would have any effect.

If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap

If the odbc_result_all() function was used to display data from a
database, and the database table contents were under an attacker's
control, a format string vulnerability was possible which could allow
arbitrary code execution.

Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. 

When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop, consuming
CPU resources for a limited time, until the script timeout alarm aborted
execution of the script.

An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.

An attacker can exploit this vulnerability to execute arbitrary code in the context
of the affected application. Failed exploit attempts will likely cause
denial-of-service conditions.

An attacker could exploit these issues to have arbitrary code execute in the context
of an affected webserver. This may lead to the compromise of the webserver. Failed
exploit attempts could cause denial-of-service conditions, denying access to legitimate

Autoupdates 지원 :
  1.2 Update 종료. 1.3 으로 migration 후 pkgadd 를 이용하십시오.

update 패키지

  RPMS :

    + PHP5

    . php-binary-5.1.6-3.i686.rpm
    . php-5.1.6-3.i686.rpm
    . php-devel-5.1.6-3.i686.rpm
    . php-gd-5.1.6-3.i686.rpm
    . php-mssql-5.1.6-3.i686.rpm
    . php-bcmath-5.1.6-3.i686.rpm
    . php-geoip-5.1.6-3.i686.rpm
    . php-mysql-5.1.6-3.i686.rpm
    . php-gettext-5.1.6-3.i686.rpm
    . php-mysqli-5.1.6-3.i686.rpm
    . php-bz2-5.1.6-3.i686.rpm
    . php-hash-5.1.6-3.i686.rpm
    . php-openssl-5.1.6-3.i686.rpm
    . php-calendar-5.1.6-3.i686.rpm
    . php-iconv-5.1.6-3.i686.rpm
    . php-pdo-5.1.6-3.i686.rpm
    . php-curl-5.1.6-3.i686.rpm
    . php-imap-5.1.6-3.i686.rpm
    . php-pdo-mysql-5.1.6-3.i686.rpm
    . php-dba-5.1.6-3.i686.rpm
    . php-korean-5.1.6-3.i686.rpm
    . php-pdo-pgsql-5.1.6-3.i686.rpm
    . php-krisp-5.1.6-3.i686.rpm
    . php-pgsql-5.1.6-3.i686.rpm
    . php-eaccelerator-5.1.6-3.i686.rpm
    . php-mbstring-5.1.6-3.i686.rpm
    . php-rrd-5.1.6-3.i686.rpm
    . php-exif-5.1.6-3.i686.rpm
    . php-mcrypt-5.1.6-3.i686.rpm
    . php-sockets-5.1.6-3.i686.rpm
    . php-fileinfo-5.1.6-3.i686.rpm
    . php-memcache-5.1.6-3.i686.rpm
    . php-sqlite-5.1.6-3.i686.rpm
    . php-ftp-5.1.6-3.i686.rpm
    . php-mhash-5.1.6-3.i686.rpm
    . php-zlib-5.1.6-3.i686.rpm


    . php-extension-5.1.6-3.src.rpm

참고 :


 Home > Update [ 1.2 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10