php 5.x 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1278692546
업데이트 : 2010.07.10
상세내용
* 보안 버그 fix
. CVE-2010-0397
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing
methodName element in the first argument to the xmlrpc_decode_request
function, which allows context-dependent attackers to cause a denial
of service (NULL pointer dereference and application crash) and possibly
have unspecified other impact via a crafted argument.
. CVE-2010-2225
Use-after-free vulnerability in the SplObjectStorage unserializer in
PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to execute
arbitrary code or obtain sensitive information via serialized data,
related to the PHP unserialize function.
Autoupdates 지원 : 일부 지원
pkgsysupdate -v
pkgadd -F "php*"
update 패키지
RPMS :
+ PHP5
. php-binary-5.2.6-7.i686.rpm
. php-5.2.6-7.i686.rpm
. php-fcgi-5.2.6-7.i686.rpm
. php-devel-5.2.6-7.i686.rpm
. php-gd-5.2.6-7.i686.rpm
. php-mssql-5.2.6-7.i686.rpm
. php-bcmath-5.2.6-7.i686.rpm
. php-geoip-5.2.6-7.i686.rpm
. php-mysql-5.2.6-7.i686.rpm
. php-gettext-5.2.6-7.i686.rpm
. php-mysqli-5.2.6-7.i686.rpm
. php-bz2-5.2.6-7.i686.rpm
. php-hash-5.2.6-7.i686.rpm
. php-openssl-5.2.6-7.i686.rpm
. php-calendar-5.2.6-7.i686.rpm
. php-iconv-5.2.6-7.i686.rpm
. php-pdo-5.2.6-7.i686.rpm
. php-curl-5.2.6-7.i686.rpm
. php-imap-5.2.6-7.i686.rpm
. php-pdo-mysql-5.2.6-7.i686.rpm
. php-dba-5.2.6-7.i686.rpm
. php-korean-5.2.6-7.i686.rpm
. php-pdo-pgsql-5.2.6-7.i686.rpm
. php-krisp-5.2.6-7.i686.rpm
. php-pgsql-5.2.6-7.i686.rpm
. php-eaccelerator-5.2.6-7.i686.rpm
. php-rrd-5.2.6-7.i686.rpm
. php-exif-5.2.6-7.i686.rpm
. php-mcrypt-5.2.6-7.i686.rpm
. php-sockets-5.2.6-7.i686.rpm
. php-fileinfo-5.2.6-7.i686.rpm
. php-memcache-5.2.6-7.i686.rpm
. php-sqlite-5.2.6-7.i686.rpm
. php-ftp-5.2.6-7.i686.rpm
. php-mhash-5.2.6-7.i686.rpm
. php-yp-5.2.6-7.i686.rpm
. php-nis-5.2.6-7.i686.rpm
. php-json-5.2.6-7.i686.rpm
SRPMS :
. php-extension-5.2.6-7.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2225
|