AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 보안 업데이트 
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1190539265
업데이트 : 2007.09.23


상세내용

* update 5.2.4-1 and addjust php news issue until #46228
* security fix

* 주의 사항
  1. php 5.1 용 eaccelerator 와 호환되지 않습니다.
  2. php-mbstring 이 php package 로 포함이 되었습니다. 기존의
     php-mbstring package 가 설치되어 있다면 삭제하십시오.

* Security Fix

CVE-2007-4783 :
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers
to cause (1) a denial of service (application crash) via a long string in the charset
parameter, probably also requiring a long string in the str parameter; or (2) a denial
of service (temporary application hang) via a long string in the str parameter.
NOTE: this might not be a vulnerability in most web server environments that support
multiple threads, unless these issues can be demonstrated for code execution.

CVE-2007-4840 :
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service
(application crash) via (1) a long string in the out_charset parameter to the iconv
function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers,
(3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a
vulnerability in most web server environments that support multiple threads, unless
these issues can be demonstrated for code execution.


Autoupdates 지원 : 일부 지원
  pkgsysupdate -v

  pkgadd -F "php*"


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.2.4-1.i686.rpm

    . php-5.2.4-1.i686.rpm
    . php-devel-5.2.4-1.i686.rpm
    . php-gd-5.2.4-1.i686.rpm
    . php-mssql-5.2.4-1.i686.rpm
    . php-bcmath-5.2.4-1.i686.rpm
    . php-geoip-5.2.4-1.i686.rpm
    . php-mysql-5.2.4-1.i686.rpm
    . php-gettext-5.2.4-1.i686.rpm
    . php-mysqli-5.2.4-1.i686.rpm
    . php-bz2-5.2.4-1.i686.rpm
    . php-hash-5.2.4-1.i686.rpm
    . php-openssl-5.2.4-1.i686.rpm
    . php-calendar-5.2.4-1.i686.rpm
    . php-iconv-5.2.4-1.i686.rpm
    . php-pdo-5.2.4-1.i686.rpm
    . php-curl-5.2.4-1.i686.rpm
    . php-imap-5.2.4-1.i686.rpm
    . php-pdo-mysql-5.2.4-1.i686.rpm
    . php-dba-5.2.4-1.i686.rpm
    . php-korean-5.2.4-1.i686.rpm
    . php-pdo-pgsql-5.2.4-1.i686.rpm
    . php-krisp-5.2.4-1.i686.rpm
    . php-pgsql-5.2.4-1.i686.rpm
    . php-eaccelerator-5.2.4-1.i686.rpm
    . php-rrd-5.2.4-1.i686.rpm
    . php-exif-5.2.4-1.i686.rpm
    . php-mcrypt-5.2.4-1.i686.rpm
    . php-sockets-5.2.4-1.i686.rpm
    . php-fileinfo-5.2.4-1.i686.rpm
    . php-memcache-5.2.4-1.i686.rpm
    . php-sqlite-5.2.4-1.i686.rpm
    . php-ftp-5.2.4-1.i686.rpm
    . php-mhash-5.2.4-1.i686.rpm
    . php-yp-5.2.4-1.i686.rpm
    . php-nis-5.2.4-1.i686.rpm


  SRPMS :

    . php-extension-5.2.4-1.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840


    

 Home > Update [ 1.3 ]
Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10