php 5.x 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1264412505
업데이트 : 2010.01.25
상세내용
* 보안 버그 fix
. CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows
remote attackers to cause a denial of service (crash) via a malformed JPEG
image with invalid offset fields, a different issue than CVE-2005-3353.
. CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does
not properly perform certificate validation, which has unknown impact and
attack vectors, probably related to an ability to spoof certificates.
. CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has
unknown impact and attack vectors related to "missing sanity checks around
exif processing."
. CVE-2009-3546
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1,
and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct buffer overflow
or buffer over-read attacks via a crafted GD file, a different vulnerability
than CVE-2009-3293. NOTE: some of these details are obtained from third party
information.
. CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of
temporary files created when handling a multipart/form-data POST request,
which allows remote attackers to cause a denial of service (resource
exhaustion), and makes it easier for remote attackers to exploit local file
inclusion vulnerabilities, via multiple requests, related to lack of support
for the max_file_uploads directive.
. CVE-2009-4142
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1)
overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid
EUC-JP sequences, which allows remote attackers to conduct cross-site scripting
(XSS) attacks by placing a crafted byte sequence before a special character.
* sqlrelqy 0.41 update
Autoupdates 지원 : 일부 지원
pkgsysupdate -v
pkgadd -F "php*"
update 패키지
RPMS :
+ PHP5
. php-binary-5.2.6-6.i686.rpm
. php-5.2.6-6.i686.rpm
. php-fcgi-5.2.6-6.i686.rpm
. php-devel-5.2.6-6.i686.rpm
. php-gd-5.2.6-6.i686.rpm
. php-mssql-5.2.6-6.i686.rpm
. php-bcmath-5.2.6-6.i686.rpm
. php-geoip-5.2.6-6.i686.rpm
. php-mysql-5.2.6-6.i686.rpm
. php-gettext-5.2.6-6.i686.rpm
. php-mysqli-5.2.6-6.i686.rpm
. php-bz2-5.2.6-6.i686.rpm
. php-hash-5.2.6-6.i686.rpm
. php-openssl-5.2.6-6.i686.rpm
. php-calendar-5.2.6-6.i686.rpm
. php-iconv-5.2.6-6.i686.rpm
. php-pdo-5.2.6-6.i686.rpm
. php-curl-5.2.6-6.i686.rpm
. php-imap-5.2.6-6.i686.rpm
. php-pdo-mysql-5.2.6-6.i686.rpm
. php-dba-5.2.6-6.i686.rpm
. php-korean-5.2.6-6.i686.rpm
. php-pdo-pgsql-5.2.6-6.i686.rpm
. php-krisp-5.2.6-6.i686.rpm
. php-pgsql-5.2.6-6.i686.rpm
. php-eaccelerator-5.2.6-6.i686.rpm
. php-rrd-5.2.6-6.i686.rpm
. php-exif-5.2.6-6.i686.rpm
. php-mcrypt-5.2.6-6.i686.rpm
. php-sockets-5.2.6-6.i686.rpm
. php-fileinfo-5.2.6-6.i686.rpm
. php-memcache-5.2.6-6.i686.rpm
. php-sqlite-5.2.6-6.i686.rpm
. php-ftp-5.2.6-6.i686.rpm
. php-mhash-5.2.6-6.i686.rpm
. php-yp-5.2.6-6.i686.rpm
. php-nis-5.2.6-6.i686.rpm
. php-json-5.2.6-6.i686.rpm
SRPMS :
. php-extension-5.2.6-6.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142
|