AnNyung Official Homepage Home > Update [ 1.2 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1174237651
업데이트 : 2007.03.19


상세내용

* update 5.1.6-3
* security fix

CVE-2007-0906:
A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer
overflow could occur in memory allocation. If a script used the
imap_mail_compose() function to create a new MIME message based on an
input body from an untrusted source, it could result in a heap overflow.
An attacker with access to a PHP application affected by any these issues
could trigger the flaws and possibly execute arbitrary code as the
'apache' user. 

CVE-2007-0907:
A one byte memory read always occurs before the beginning of a buffer.
This could be triggered, for example, by any use of the header() function
in a script. However it is unlikely that this would have any effect.

CVE-2007-0908:
If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory.

CVE-2007-0909:
If the odbc_result_all() function was used to display data from a
database, and the database table contents were under an attacker's
control, a format string vulnerability was possible which could allow
arbitrary code execution.

CVE-2007-0910:
Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. 

CVE-2007-0988:
When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop, consuming
CPU resources for a limited time, until the script timeout alarm aborted
execution of the script.

CVE-2007-1285:
An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.

CVE-2006-4812:
An attacker can exploit this vulnerability to execute arbitrary code in the context
of the affected application. Failed exploit attempts will likely cause
denial-of-service conditions.

CVE-2006-5465:
An attacker could exploit these issues to have arbitrary code execute in the context
of an affected webserver. This may lead to the compromise of the webserver. Failed
exploit attempts could cause denial-of-service conditions, denying access to legitimate
users.


Autoupdates 지원 :
  1.2 Update 종료. 1.3 으로 migration 후 pkgadd 를 이용하십시오.
  http://annyung.oops.org/?m=white&p=migration


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.1.6-3.i686.rpm
    .
    . php-5.1.6-3.i686.rpm
    . php-devel-5.1.6-3.i686.rpm
    . php-gd-5.1.6-3.i686.rpm
    . php-mssql-5.1.6-3.i686.rpm
    . php-bcmath-5.1.6-3.i686.rpm
    . php-geoip-5.1.6-3.i686.rpm
    . php-mysql-5.1.6-3.i686.rpm
    . php-gettext-5.1.6-3.i686.rpm
    . php-mysqli-5.1.6-3.i686.rpm
    . php-bz2-5.1.6-3.i686.rpm
    . php-hash-5.1.6-3.i686.rpm
    . php-openssl-5.1.6-3.i686.rpm
    . php-calendar-5.1.6-3.i686.rpm
    . php-iconv-5.1.6-3.i686.rpm
    . php-pdo-5.1.6-3.i686.rpm
    . php-curl-5.1.6-3.i686.rpm
    . php-imap-5.1.6-3.i686.rpm
    . php-pdo-mysql-5.1.6-3.i686.rpm
    . php-dba-5.1.6-3.i686.rpm
    . php-korean-5.1.6-3.i686.rpm
    . php-pdo-pgsql-5.1.6-3.i686.rpm
    . php-krisp-5.1.6-3.i686.rpm
    . php-pgsql-5.1.6-3.i686.rpm
    . php-eaccelerator-5.1.6-3.i686.rpm
    . php-mbstring-5.1.6-3.i686.rpm
    . php-rrd-5.1.6-3.i686.rpm
    . php-exif-5.1.6-3.i686.rpm
    . php-mcrypt-5.1.6-3.i686.rpm
    . php-sockets-5.1.6-3.i686.rpm
    . php-fileinfo-5.1.6-3.i686.rpm
    . php-memcache-5.1.6-3.i686.rpm
    . php-sqlite-5.1.6-3.i686.rpm
    . php-ftp-5.1.6-3.i686.rpm
    . php-mhash-5.1.6-3.i686.rpm
    . php-zlib-5.1.6-3.i686.rpm


  SRPMS :

    . php-extension-5.1.6-3.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285




    



 Home > Update [ 1.2 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10