php 보안 업데이트
업데이트 : 2014.08.06
이름 : php-1:5.3.28-5.an2
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- Official bug fix
. #66127 Segmentation fault with ArrayObject unset
. #67247 spl_fixedarray_resize integer overflow
. #67249 printf out-of-bounds read
. #67250 iptcparse out-of-bounds read
. #67252 convert_uudecode out-of-bounds read
. #67359 Segfault in recursiveDirectoryIterator
. #67390 insecure temporary file use in the configure script (CVE-2014-3981)
. #67399 putenv with empty variable may lead to crash
. #67492 unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion (CVE-2014-3515)
. #67498 phpinfo() Type Confusion Information Leak Vulnerability
. #67251 date_parse_from_format out-of-bounds read
. #67253 timelib_meridian_with_check out-of-bounds read
. #66307 Fileinfo crashes with powerpoint files
. #67326 fileinfo: cdf_read_short_sector insufficient boundary check (CVE-2014-0207)
. #67327 fileinfo: CDF infinite loop in nelements DoS (CVE-2014-0238)
. #67328 fileinfo: numerous file_printf calls resulting in performance degradation (CVE-2014-0237)
. #67410 fileinfo: mconvert incorrect handling of truncated pascal string size.
. #67411 fileinfo: cdf_check_stream_offset insufficient boundary check.
. #67412 fileinfo: cdf_count_chain insufficient boundary check.
. #67413 fileinfo: cdf_read_property_info insufficient boundary check.
. #67349 Locale::parseLocale Double Free
. #67397 Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)
. #67432 Fix potential segfault in dns_check_record()). (CVE-2014-4049)
. Fix missing type checks in various functions
- security issues
. CVE-2014-3981
. CVE-2014-3515
. CVE-2014-0207
. CVE-2014-0238
. CVE-2014-0237
. CVE-2014-4049
주의사항
php54-repos 또는 php55-repos 패키지를 설치하면 yum update 명령 실행시에
php 버전이 5.4 또는 5.5로 업데이트가 됩니다. php 5.3.x 를 사용하는 경우에는
php54-repos 또는 php55-repos 패키지를 설치 하지 마십시오!
업데이트 패키지
SRPMS:
. php-5.3.28-5.an2.src.rpm
x86_64:
. php-fpm-5.3.28-5.an2.x86_64.rpm
. php-extension-5.3.28-5.an2.x86_64.rpm
. php-5.3.28-5.an2.x86_64.rpm
. php-devel-5.3.28-5.an2.x86_64.rpm
. php-cli-5.3.28-5.an2.x86_64.rpm
i686:
. php-5.3.28-5.an2.i686.rpm
. php-fpm-5.3.28-5.an2.i686.rpm
. php-cli-5.3.28-5.an2.i686.rpm
. php-extension-5.3.28-5.an2.i686.rpm
. php-devel-5.3.28-5.an2.i686.rpm
|