AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1177419233
업데이트 : 2007.04.24


상세내용

* update 5.1.6-4
* add mod_yp  : use yp-tools command with php function
* add mod_nis : use NIS authorization on PHP
* update Fileinfo extension to 1.0.4
* update memcache extension to 2.1.2
* support fastcgi in php core package
* security fix

* 주의 사항
  1. php-zlib 함수가 gd extension 에서 압축된 flash 를 지원하기 위하여
     코어 패키지로 포함이 되었습니다. php-zlib 가 설치 되어 있다면 삭제
     하십시오.

* Security Fix

CVE-2007-0455:
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD 
raphics Library 2.0.33 and earlier allows remote attackers to cause
a denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font.

CVE-2007-1001:
Multiple integer overflows in the (1) createwbmp and (2) readwbmp
functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through
4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to
execute arbitrary code via Wireless Bitmap (WBMP) images with large
width or height values.

CVE-2007-1583:
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 sets the internal register_globals flag and does not disable it
in certain cases when a script terminates, which allows remote attackers
to invoke available PHP scripts with register_globals functionality that
is not detectable by these scripts, as demonstrated by forcing a
memory_limit violation.

CVE-2007-1718:
CRLF injection vulnerability in the mail function in PHP 4.0.0 through
4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary
e-mail headers and possibly conduct spam attacks via a control character
immediately following folding of the (1) Subject or (2) To parameter, as
demonstrated by a parameter containing a "\r\n\t\n" sequence, related to
an increment bug in the SKIP_LONG_HEADER_SEP macro.


Autoupdates 지원 : 일부 지원
  pkgsysupdate -v

  pkgadd -F "php*"


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.1.6-4.i686.rpm
    .
    . php-5.1.6-4.i686.rpm
    . php-devel-5.1.6-4.i686.rpm
    . php-gd-5.1.6-4.i686.rpm
    . php-mssql-5.1.6-4.i686.rpm
    . php-bcmath-5.1.6-4.i686.rpm
    . php-geoip-5.1.6-4.i686.rpm
    . php-mysql-5.1.6-4.i686.rpm
    . php-gettext-5.1.6-4.i686.rpm
    . php-mysqli-5.1.6-4.i686.rpm
    . php-bz2-5.1.6-4.i686.rpm
    . php-hash-5.1.6-4.i686.rpm
    . php-openssl-5.1.6-4.i686.rpm
    . php-calendar-5.1.6-4.i686.rpm
    . php-iconv-5.1.6-4.i686.rpm
    . php-pdo-5.1.6-4.i686.rpm
    . php-curl-5.1.6-4.i686.rpm
    . php-imap-5.1.6-4.i686.rpm
    . php-pdo-mysql-5.1.6-4.i686.rpm
    . php-dba-5.1.6-4.i686.rpm
    . php-korean-5.1.6-4.i686.rpm
    . php-pdo-pgsql-5.1.6-4.i686.rpm
    . php-krisp-5.1.6-4.i686.rpm
    . php-pgsql-5.1.6-4.i686.rpm
    . php-eaccelerator-5.1.6-4.i686.rpm
    . php-mbstring-5.1.6-4.i686.rpm
    . php-rrd-5.1.6-4.i686.rpm
    . php-exif-5.1.6-4.i686.rpm
    . php-mcrypt-5.1.6-4.i686.rpm
    . php-sockets-5.1.6-4.i686.rpm
    . php-fileinfo-5.1.6-4.i686.rpm
    . php-memcache-5.1.6-4.i686.rpm
    . php-sqlite-5.1.6-4.i686.rpm
    . php-ftp-5.1.6-4.i686.rpm
    . php-mhash-5.1.6-4.i686.rpm
    . php-yp-5.1.6-4.i686.rpm
    . php-nis-5.1.6-4.i686.rpm


  SRPMS :

    . php-extension-5.1.6-4.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718




    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10