php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1177419233
업데이트 : 2007.04.24
상세내용
* update 5.1.6-4
* add mod_yp : use yp-tools command with php function
* add mod_nis : use NIS authorization on PHP
* update Fileinfo extension to 1.0.4
* update memcache extension to 2.1.2
* support fastcgi in php core package
* security fix
* 주의 사항
1. php-zlib 함수가 gd extension 에서 압축된 flash 를 지원하기 위하여
코어 패키지로 포함이 되었습니다. php-zlib 가 설치 되어 있다면 삭제
하십시오.
* Security Fix
CVE-2007-0455:
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
raphics Library 2.0.33 and earlier allows remote attackers to cause
a denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font.
CVE-2007-1001:
Multiple integer overflows in the (1) createwbmp and (2) readwbmp
functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through
4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to
execute arbitrary code via Wireless Bitmap (WBMP) images with large
width or height values.
CVE-2007-1583:
The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 sets the internal register_globals flag and does not disable it
in certain cases when a script terminates, which allows remote attackers
to invoke available PHP scripts with register_globals functionality that
is not detectable by these scripts, as demonstrated by forcing a
memory_limit violation.
CVE-2007-1718:
CRLF injection vulnerability in the mail function in PHP 4.0.0 through
4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary
e-mail headers and possibly conduct spam attacks via a control character
immediately following folding of the (1) Subject or (2) To parameter, as
demonstrated by a parameter containing a "\r\n\t\n" sequence, related to
an increment bug in the SKIP_LONG_HEADER_SEP macro.
Autoupdates 지원 : 일부 지원
pkgsysupdate -v
pkgadd -F "php*"
update 패키지
RPMS :
+ PHP5
. php-binary-5.1.6-4.i686.rpm
.
. php-5.1.6-4.i686.rpm
. php-devel-5.1.6-4.i686.rpm
. php-gd-5.1.6-4.i686.rpm
. php-mssql-5.1.6-4.i686.rpm
. php-bcmath-5.1.6-4.i686.rpm
. php-geoip-5.1.6-4.i686.rpm
. php-mysql-5.1.6-4.i686.rpm
. php-gettext-5.1.6-4.i686.rpm
. php-mysqli-5.1.6-4.i686.rpm
. php-bz2-5.1.6-4.i686.rpm
. php-hash-5.1.6-4.i686.rpm
. php-openssl-5.1.6-4.i686.rpm
. php-calendar-5.1.6-4.i686.rpm
. php-iconv-5.1.6-4.i686.rpm
. php-pdo-5.1.6-4.i686.rpm
. php-curl-5.1.6-4.i686.rpm
. php-imap-5.1.6-4.i686.rpm
. php-pdo-mysql-5.1.6-4.i686.rpm
. php-dba-5.1.6-4.i686.rpm
. php-korean-5.1.6-4.i686.rpm
. php-pdo-pgsql-5.1.6-4.i686.rpm
. php-krisp-5.1.6-4.i686.rpm
. php-pgsql-5.1.6-4.i686.rpm
. php-eaccelerator-5.1.6-4.i686.rpm
. php-mbstring-5.1.6-4.i686.rpm
. php-rrd-5.1.6-4.i686.rpm
. php-exif-5.1.6-4.i686.rpm
. php-mcrypt-5.1.6-4.i686.rpm
. php-sockets-5.1.6-4.i686.rpm
. php-fileinfo-5.1.6-4.i686.rpm
. php-memcache-5.1.6-4.i686.rpm
. php-sqlite-5.1.6-4.i686.rpm
. php-ftp-5.1.6-4.i686.rpm
. php-mhash-5.1.6-4.i686.rpm
. php-yp-5.1.6-4.i686.rpm
. php-nis-5.1.6-4.i686.rpm
SRPMS :
. php-extension-5.1.6-4.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
|