AnNyung Official Homepage Home > Update [ 1.3 ]  

HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery

  Go oops.org
  AnNyung banner 88x31

  AnNyung 1 banner 80x15
  AnNyung 2 banner 80x15
  AnNyung 3 banner 80x15
  AnNyung banner 80x15
  AnNyung banner 80x15



php 5.x 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.

문서번호 : 1264412505
업데이트 : 2010.01.25


상세내용

* 보안 버그 fix
  . CVE-2009-2687
  The exif_read_data function in the Exif module in PHP before 5.2.10 allows
  remote attackers to cause a denial of service (crash) via a malformed JPEG
  image with invalid offset fields, a different issue than CVE-2005-3353.

  . CVE-2009-3291
  The php_openssl_apply_verification_policy function in PHP before 5.2.11 does
  not properly perform certificate validation, which has unknown impact and
  attack vectors, probably related to an ability to spoof certificates.

  . CVE-2009-3292
  Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has
  unknown impact and attack vectors related to "missing sanity checks around
  exif processing."

  . CVE-2009-3546
  The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1,
  and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal
  structure member, which might allow remote attackers to conduct buffer overflow
  or buffer over-read attacks via a crafted GD file, a different vulnerability
  than CVE-2009-3293. NOTE: some of these details are obtained from third party
  information.

  . CVE-2009-4017
  PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of
  temporary files created when handling a multipart/form-data POST request,
  which allows remote attackers to cause a denial of service (resource
  exhaustion), and makes it easier for remote attackers to exploit local file
  inclusion vulnerabilities, via multiple requests, related to lack of support
  for the max_file_uploads directive.

  . CVE-2009-4142
  The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1)
  overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid
  EUC-JP sequences, which allows remote attackers to conduct cross-site scripting
  (XSS) attacks by placing a crafted byte sequence before a special character.


* sqlrelqy 0.41 update


Autoupdates 지원 : 일부 지원
  pkgsysupdate -v

  pkgadd -F "php*"


update 패키지

  RPMS :

    + PHP5

    . php-binary-5.2.6-6.i686.rpm

    . php-5.2.6-6.i686.rpm
    . php-fcgi-5.2.6-6.i686.rpm
    . php-devel-5.2.6-6.i686.rpm
    . php-gd-5.2.6-6.i686.rpm
    . php-mssql-5.2.6-6.i686.rpm
    . php-bcmath-5.2.6-6.i686.rpm
    . php-geoip-5.2.6-6.i686.rpm
    . php-mysql-5.2.6-6.i686.rpm
    . php-gettext-5.2.6-6.i686.rpm
    . php-mysqli-5.2.6-6.i686.rpm
    . php-bz2-5.2.6-6.i686.rpm
    . php-hash-5.2.6-6.i686.rpm
    . php-openssl-5.2.6-6.i686.rpm
    . php-calendar-5.2.6-6.i686.rpm
    . php-iconv-5.2.6-6.i686.rpm
    . php-pdo-5.2.6-6.i686.rpm
    . php-curl-5.2.6-6.i686.rpm
    . php-imap-5.2.6-6.i686.rpm
    . php-pdo-mysql-5.2.6-6.i686.rpm
    . php-dba-5.2.6-6.i686.rpm
    . php-korean-5.2.6-6.i686.rpm
    . php-pdo-pgsql-5.2.6-6.i686.rpm
    . php-krisp-5.2.6-6.i686.rpm
    . php-pgsql-5.2.6-6.i686.rpm
    . php-eaccelerator-5.2.6-6.i686.rpm
    . php-rrd-5.2.6-6.i686.rpm
    . php-exif-5.2.6-6.i686.rpm
    . php-mcrypt-5.2.6-6.i686.rpm
    . php-sockets-5.2.6-6.i686.rpm
    . php-fileinfo-5.2.6-6.i686.rpm
    . php-memcache-5.2.6-6.i686.rpm
    . php-sqlite-5.2.6-6.i686.rpm
    . php-ftp-5.2.6-6.i686.rpm
    . php-mhash-5.2.6-6.i686.rpm
    . php-yp-5.2.6-6.i686.rpm
    . php-nis-5.2.6-6.i686.rpm
    . php-json-5.2.6-6.i686.rpm


  SRPMS :

    . php-extension-5.2.6-6.src.rpm


참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142



    



 Home > Update [ 1.3 ]

Copyright 2024 OOPS Development Organization 
LAST MODIFIED: 2018/04/10