php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1131044965
업데이트 : 2005.11.04
상세내용
* update 5.0.5
- Fixed memory allocation bug
- Additinal fix for bug #34277 (array_filter() crashes with references
and objects)
- fix #34450 (Segfault when calling mysqli_close() in destructor)
- Fixed shutdown order.
- Fixed access to uninitialized value
- fix crash on restarting static PHP having session modules loaded
- Remove HTML fragments from phpcredits() in CLI mode
- Backport stream_socket_enable_crypto()
- Fixed memory corryption
- fix #32081 (mysqli_real_connect(): mysqli.default_socket in php.ini
has no effect) for real
- fix #33220, infinite loop while loading invalid GIF (nlopees)
- Fixed bug #32937 (open_basedir looses trailing / in the limiter).
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().
- Fixed possible crash and/or memory corruption in import_request_variables()
- Fixed potential GLOBALS overwrite via import_request_variables().
- GLOBALS protection for extract() function.
- fix #32179 (xmlrpc_encode() segfaults with recursive references)
- fix #34731
- fix #34723 (array_count_values() strips leading zeroes)
- Missing safe_mode/open_basedir checks for file uploads.
- Fix #34557 php -m exits with "error" 1
- Added missing safe_mode checks.
- Fix issue (endless loop) with temp/memory streams
- Bugfix #34704 (Infinite recursion due to corrupt JPEG)
- fix #33383 (crash when retrieving empty LOBs)
- fix #34810 (mysqli::init() and others use wrong pointer without
checks)
- Fixed bug #34790 (preg_match_all(), named capturing groups, variable
assignment/return => crash)
- fix #34757 (iconv_substr() gives "Unknown error" when offset > string
length)
- Fixed an error in mysqli_fetch_fields (returned NULL instead of an
array when row number > field_count). (Georg)
- Further URL validations in safe_mode/open_basedir configs.
- fix mime_magic problems with ZTS
- use php_error_docref() instead of php_error() everywhere
- backport Ilia's fix for #34884
- fixed bug #29983 (PHP does not explicitly set mime type & charset)
+ call sapi_deactivate() when called with -m switch
- Fixed bug #34782 (token_get_all() gives wrong result)
- fix possible crash in dns_get_record() cleanup code a bit (partly
fixes #34938)
- fix #34938 (dns_get_record() doesn't resolve long hostnames and leaks)
- apply workaround for the leak only when GLIBC is used
- fix #34996 (ImageTrueColorToPalette() crashes when ncolors is zero)
- Fixed bug #34982 (array_walk_recursive() modifies elements outside
function scope)
- Fix #35037. Selecting a uniqueidentifier would return unknown data
type when used with freetds.
- chagned allow_url_fopen INI_ALL
- changed semaphore order to avoid leak
- libsqlite version update to 2.8.16
* php 4.4.1 update
- Added missing safe_mode checks for image* functions and cURL.
- Added missing safe_mode/open_basedir checks for file uploads.
- Fixed a memory corruption bug regarding included files.
- Fixed possible INI setting leak via virtual() in Apache 2 sapi.
- Fixed possible crash and/or memory corruption in import_request_variables().
- Fixed potential GLOBALS overwrite via import_request_variables().
- Fixed possible GLOBALS variable override when register_globals are ON.
- Fixed possible register_globals toggle via parse_str().
Autoupdates 지원 : 일부 지원
Autoupdate 대상 :
. php-binary
. php-devel
. php-pear
Autoupdate 비 대상 :
. 나머지 패키지들
. pkgadd -F php* 명령으로 업데이트 가능 또는 pkginfo -u 옵션으로 업데이트 대상
확인
추가 정보 :
. php 4 패키지는 자동 업데이트 및 Packages System 대상이 아니며, 수동으로 업데이트
해 주어야 함. (php 5 로 업데이트를 하지 못하는 유저들을 위해 임시 지원)
. php 4 는 보안 버그 관련 패키지만 업데이트 지원 (revision 은 달라도 운영상 상관은
없으나, shared extension 의 경우 php.ini 에서 등록 확인 要.)
update 패키지
RPMS :
+ PHP5
. php-binary-5.0.5-1.i686.rpm
. php-devel-5.0.5-1.i686.rpm
. php-pear-5.0.5-1.i686.rpm
. php-5.0.5-1.i686.rpm
. php-bcmath-5.0.5-1.i686.rpm
. php-calendar-5.0.5-1.i686.rpm
. php-curl-5.0.5-1.i686.rpm
. php-dba-5.0.5-1.i686.rpm
. php-eaccelerator-5.0.5-1.i686.rpm
. php-exif-5.0.5-1.i686.rpm
. php-ftp-5.0.5-1.i686.rpm
. php-gd-5.0.5-1.i686.rpm
. php-gettext-5.0.5-1.i686.rpm
. php-iconv-5.0.5-1.i686.rpm
. php-imap-5.0.5-1.i686.rpm
. php-korean-5.0.5-1.i686.rpm
. php-mbstring-5.0.5-1.i686.rpm
. php-mcrypt-5.0.5-1.i686.rpm
. php-mhash-5.0.5-1.i686.rpm
. php-mssql-5.0.5-1.i686.rpm
. php-mysql-5.0.5-1.i686.rpm
. php-mysqli-5.0.5-1.i686.rpm
. php-openssl-5.0.5-1.i686.rpm
. php-pgsql-5.0.5-1.i686.rpm
. php-rrd-5.0.5-1.i686.rpm
. php-sockets-5.0.5-1.i686.rpm
. php-sqlite-5.0.5-1.i686.rpm
. php-zlib-5.0.5-1.i686.rpm
+ PHP4
. php-binary-4.4.1-1.i686.rpm
. php-devel-4.4.1-1.i686.rpm
. php-pear-4.4.1-1.i686.rpm
. php-4.4.1-1.i686.rpm
. php-iconv-4.4.1-1.i686.rpm
. php-mbstring-4.4.1-1.i686.rpm
SRPMS :
. php-4.4.1-1.src.rpm
참고 :
http://www.hardened-php.net/advisory_202005.79.html
http://www.hardened-php.net/index.76.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_182005.77.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=323585
http://itpro.nikkeibp.co.jp/article/NEWS/20051102/223939/
|