php 보안 업데이트
업데이트 : 2020.06.11
이름 : php-1:5.3.28-25.an2
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
. CVE-2020-7064 EXIF: Use-of-uninitialized-value in exif (#79282)
. CVE-2020-7066 Standard: get_headers() silently truncates after a null byte (#79329)
. CVE-2020-7063 Phar: Files added to tar with Phar::buildFromIterator have all-access permissions (#79082)
. CVE-2020-7059 Standard: OOB read in php_strip_tags_ex (#79099)
. CVE-2019-13224 MBString: don't allow different encodings for onig_new_deluxe (#78380)
. CVE-2019-11050 EXIF: Use-after-free in exif parsing under memory sanitizer (#78793)
. CVE-2019-11048 Core: Long variables in multipart/form-data cause OOM and temp files are not cleaned (#78876)
. CVE-2019-11048 Core: Long filenames cause OOM and temp files are not cleaned (#78875)
. CVE-2019-11047 EXIF: Heap-buffer-overflow READ in exif (#78910)
. CVE-2019-11046 Bcmath: Buffer underflow in bc_shift_addsub (#78878)
. CVE-2019-11045 Core: DirectoryIterator class silently truncates after a null byte (#78863)
. CVE-2019-11043 FPM: env_path_info underflow in fpm_main.c can lead to RCE (#78599)
. CVE-2019-11042 EXIF: heap-buffer-overflow on exif_process_user_comment (#78256)
. CVE-2019-11041 EXIF: heap-buffer-overflow on exif_scan_thumbnail (#78222)
주의사항
php54-repos 또는 php55-repos 패키지를 설치하면 yum update 명령 실행시에
php 버전이 5.4 또는 5.5로 업데이트가 됩니다. php 5.3.x 를 사용하는 경우에는
php54-repos 또는 php55-repos 패키지를 설치 하지 마십시오!
업데이트 패키지
SRPMS:
. php-5.3.28-25.an2.src.rpm
x86_64:
. php-fpm-5.3.28-25.an2.x86_64.rpm
. php-extension-5.3.28-25.an2.x86_64.rpm
. php-cli-5.3.28-25.an2.x86_64.rpm
. php-devel-5.3.28-25.an2.x86_64.rpm
. php-5.3.28-25.an2.x86_64.rpm
i686:
. php-fpm-5.3.28-25.an2.i686.rpm
. php-5.3.28-25.an2.i686.rpm
. php-cli-5.3.28-25.an2.i686.rpm
. php-extension-5.3.28-25.an2.i686.rpm
. php-devel-5.3.28-25.an2.i686.rpm
|