php 보안 업데이트
업데이트 : 2013.03.14
이름 : php-10:5.4.12-1.an2
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- update 5.4.12
- add fpm server api
- Fixed bug #64124 (IPv6 malformed)
- Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended)
- Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs)
- Fixed bug #61930 (openssl corrupts ssl key resource when using
openssl_get_publickey())
- New SSL stream context option to prevent CRIME attack vector.
- Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses
wrong alloc for stmt->param_bind).
- mb_split() can now handle empty matches like preg_split() does
- Fixed bug #64128 (buit-in web server is broken on ppc64)
- Fixed bug #64142 (dval to lval different behavior on ppc64)
- Fixed bug #64354 (Unserialize array of objects whose class can't
be autoloaded fail)
- Implemented FR #64175 (Added HTTP codes as of RFC 6585)
- Fixed bug #64197 (_Offsetof() macro used but not defined on ARM/Clang)
- Fixed bug #64070 (Inheritance with Traits failed with error)
- Fixed bug #64235 (Insteadof not work for class method in 5.4.11)
- security issues
. CVE-2013-1643
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows
remote attackers to read arbitrary files via a SOAP WSDL file
containing an XML external entity declaration in conjunction with an
entity reference, related to an XML External Entity (XXE) issue in the
soap_xmlParseFile and soap_xmlParseMemory functions.
. CVE-2013-1635
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not
validate the relationship between the soap.wsdl_cache_dir directive
and the open_basedir directive, which allows remote attackers to bypass
intended access restrictions by triggering the creation of cached SOAP
WSDL files in an arbitrary directory.
주의사항
php 5.5가 지원이 되고, php 5.4에서 php 5.5로의 업그레이드는 큰 변화가
없기 때문에 php 5.4의 지원은 더이상 하지 않습니다.
php 5.4를 사용하시는 분들은 php54-repos package를 삭제 하신 후에,
php55-repos package를 설치 하시고 업데이트를 하시기 바랍니다.
만약 php 5.5 패키지로 업그레이드를 하려면 다음의 순서를 따르십시오.
shell> yum remove php54-repos; yum install php55-repos;
shell> yum clean all; yum update
주의할 것은 php-common 패키지에 있는 /etc/php.d 의 php 설정 파일들은 php
5.4에서 사용할 수 있는 파일들이 *.rpmnew와 같이 생성이 되게 됩니다. 이
파일들을 설정 파일 이름으로 rename 하신 후에 새로 설정을 하셔야 합니다.
업데이트 패키지
SRPMS:
. php-5.4.12-1.an2.src.rpm
|