php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1179068265
업데이트 : 2007.05.13
상세내용
* update 5.1.6-5
* security fix
* 주의 사항
1. php-zlib 함수가 gd extension 에서 압축된 flash 를 지원하기 위하여
코어 패키지로 포함이 되었습니다. php-zlib 가 설치 되어 있다면 삭제
하십시오.
* Security Fix
CVE-2007-1864:
Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x
before 5.2.2, has unknown impact and remote attack vectors.
CVE-2007-2509:
CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7,
and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands
via CRLF sequences in the parameters to earlier FTP commands.
CVE-2007-2510:
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has
unknown impact and remote attack vectors, possibly related to "/" (slash)
characters.
Autoupdates 지원 : 일부 지원
pkgsysupdate -v
pkgadd -F "php*"
update 패키지
RPMS :
+ PHP5
. php-binary-5.1.6-5.i686.rpm
. php-5.1.6-5.i686.rpm
. php-devel-5.1.6-5.i686.rpm
. php-gd-5.1.6-5.i686.rpm
. php-mssql-5.1.6-5.i686.rpm
. php-bcmath-5.1.6-5.i686.rpm
. php-geoip-5.1.6-5.i686.rpm
. php-mysql-5.1.6-5.i686.rpm
. php-gettext-5.1.6-5.i686.rpm
. php-mysqli-5.1.6-5.i686.rpm
. php-bz2-5.1.6-5.i686.rpm
. php-hash-5.1.6-5.i686.rpm
. php-openssl-5.1.6-5.i686.rpm
. php-calendar-5.1.6-5.i686.rpm
. php-iconv-5.1.6-5.i686.rpm
. php-pdo-5.1.6-5.i686.rpm
. php-curl-5.1.6-5.i686.rpm
. php-imap-5.1.6-5.i686.rpm
. php-pdo-mysql-5.1.6-5.i686.rpm
. php-dba-5.1.6-5.i686.rpm
. php-korean-5.1.6-5.i686.rpm
. php-pdo-pgsql-5.1.6-5.i686.rpm
. php-krisp-5.1.6-5.i686.rpm
. php-pgsql-5.1.6-5.i686.rpm
. php-eaccelerator-5.1.6-5.i686.rpm
. php-mbstring-5.1.6-5.i686.rpm
. php-rrd-5.1.6-5.i686.rpm
. php-exif-5.1.6-5.i686.rpm
. php-mcrypt-5.1.6-5.i686.rpm
. php-sockets-5.1.6-5.i686.rpm
. php-fileinfo-5.1.6-5.i686.rpm
. php-memcache-5.1.6-5.i686.rpm
. php-sqlite-5.1.6-5.i686.rpm
. php-ftp-5.1.6-5.i686.rpm
. php-mhash-5.1.6-5.i686.rpm
. php-yp-5.1.6-5.i686.rpm
. php-nis-5.1.6-5.i686.rpm
SRPMS :
. php-extension-5.1.6-5.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510
|