OOPS Development Organization Linux Distribution AnNyung Official Homepage

AnNyung Official Homepage
Home > Update [ 2 ]
HOME
What is AnNyung
Documents
Packages System
White Paper
Download
Update
  . 3.x [RSS]
  . 2.x [RSS]
  . 1.3 [RSS]
  . 1.2 [RSS]
  . 1.1 [RSS]
  . 1.0 [RSS]
FAQ
Hardware
RoadMap
Gallery
php 보안 업데이트

업데이트 : 2019.06.10
이름     : php-20:5.5.38-8.an2
벤더     : AnNyung Packaging Team

설명     :

    PHP is an HTML-embedded scripting language.  PHP attempts to make it
    easy for developers to write dynamically generated web pages.  PHP
    also offers built-in database integration for several commercial
    and non-commercial database management systems, so writing a
    database-enabled web page with PHP is fairly simple.  The most
    common use of PHP coding is probably as a replacement for CGI
    scripts.  The mod_php module enables the Apache web server to
    understand and process the embedded PHP language in web pages.
    
    Building option:
    	--with no_goto : if don't add vm kind option with goto..

변경사항

    - security issues
      . CVE-2016-4473  Phar: invalid free in phar_extract_file() (#72321)
      . CVE-2019-9021  Phar: heap buffer overflow in phar_detect_phar_fname_ext (#77247)
      . CVE-2017-11147 Phar: Seg fault when loading hostile phar (#73773)
      . CVE-2018-20783 Phar: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile (#77143)
      . CVE-2016-7411  Standard: Memory Corruption in During Deserialized-object Destruction (#73052)
      . CVE-2017-11145 Core: wddx_deserialize() heap out-of-bound read via php_parse_date() (#74819)
      . CVE-2017-11628 Core: PHP INI Parsing Stack Buffer Overflow Vulnerability (#74603)
      . CVE-2017-12933 Core: Heap buffer overread (READ: 1) finish_nested_data from unserialize (#74111)
      . CVE-2017-11144 OpenSSL: negative-size-param (-1) in memcpy in zif_openssl_seal() (#74651)
      . CVE-2017-16642 Date: Out-Of-Bounds Read in timelib_meridian() (#75055)
      . CVE-2016-1283  PCRE: applied upstream patch for (#75207)
      . CVE-2018-17082 Apache2: XSS due to the header Transfer-Encoding: chunked (#76582)
      . CVE-2018-19518 IMAP: imap_open allows to run arbitrary shell commands via mailbox parameter (#77153)
      . CVE-2019-9023  Mbstring: Buffer overflow on mb regex functions - fetch_token (#77370)
      . CVE-2019-9023  Mbstring: heap buffer overflow in mb regex functions - compile_string_node (#77371)
      . CVE-2019-9023  Mbstring: heap buffer overflow in multibyte match_at (#77381)
      . CVE-2019-9023  Mbstring: heap buffer overflow due to incorrect length in expand_case_fold_string (#77382)
      . CVE-2019-9023  Mbstring: buffer overflow in fetch_token (#77385)
      . CVE-2019-9023  Mbstring: Buffer overflow in multibyte case folding - unicode (#77394)
      . CVE-2019-9023  Mbstring: Heap overflow in utf32be_mbc_to_code (#77418)
      . CVE-2019-9020  Xmlrpc: heap out of bounds read in xmlrpc_decode() (#77242)
      . CVE-2019-9024  Xmlrpc: Global out of bounds read in xmlrpc base64 code (#77380)
      . CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
      . CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
      . CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
      . CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
      . CVE-2018-14883 EXIF: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (#76423)
      . CVE-2018-14851 EXIF: heap-buffer-overflow (READ of size 48) while reading exif data (#76557)
      . CVE-2018-5711  GD: Potential infinite loop in gdImageCreateFromGifCtx (#75571)
      . CVE-2019-6977  GD: imagecolormatch Out Of Bounds Write on Heap (#77270)
      . CVE-2016-10166 GD: efree() on uninitialized Heap data in imagescale leads to use-after-free (#77269)
      . CVE-2019-11038 GD: Uninitialized read in gdImageCreateFromXbm (#77973)
      . CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to int overflow (#78069)
      . CVE-2017-11143 WDDX: wddx parsing empty boolean tag leads to SIGSEGV (#74145)

주의사항

    php 5.5 package는 안녕 리눅스 2에서 기본으로 관리되는 패키지가 아니며,
    안녕 리눅스 2에서 기본으로 제공하는 5.3 패키지와 같이 설치할 수 없습니다.
    
    만약 php 5.5 패키지를 사용하고 싶다면 다음의 순서로 변경할 수 있습니다.
    
    shell> yum install php55-repos;
    shell> yum clean all; yum update
    
    주의할 것은 php-common 패키지에 있는 /etc/php.d 의 php 설정 파일들은 php
    5.5에서 사용할 수 있는 파일들이 *.rpmnew와 같이 생성이 되게 됩니다. 이
    파일들을 설정 파일 이름으로 rename 하신 후에 새로 설정을 하셔야 합니다.
    
    php 5.4 사용자 분들도 5.5로 업그레이드를 해 주셔야 합니다. 5.4에서 5.5로의
    업그레이드는 큰 변화가 없기 때문에 5.5로 업그레이드에 크게 무리가 없을
    것으로 보입니다.
    
    shell> yum remove php54-repos;
    shell> yum install php55-repos; yum update
    
    명령으로 업그레이드가 가능 합니다.


업데이트 패키지

    SRPMS:
        . php-5.5.38-8.an2.src.rpm

    x86_64:
        . php-extension-5.5.38-8.an2.x86_64.rpm
        . php-5.5.38-8.an2.x86_64.rpm
        . php-devel-5.5.38-8.an2.x86_64.rpm
        . php-fpm-5.5.38-8.an2.x86_64.rpm
        . php-cli-5.5.38-8.an2.x86_64.rpm
Home > Update [ 2 ]