php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1159388307
업데이트 : 2006.09.28
상세내용
* update 5.1.6-1
* security fix
CVE-2006-4020:
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent
attackers to execute arbitrary code via a sscanf PHP function call that performs
argument swapping, which increments an index past the end of an array and triggers
a buffer over-read.
CVE-2006-4482:
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions
in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have
unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
CVE-2006-4484:
Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD
extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via
a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow
when initializing the table array.
CVE-2006-4486:
Integer overflow in memory allocation routines in PHP before 5.1.6, when running on
a 64-bit system, allows context-dependent attackers to bypass the memory_limit
restriction.
* add official patch to 40729
fixed bug #38687 (sockaddr local storage insufficient for all sock families)
fixed bug #38112 (not MFH'ed correctly (or reintroduced))
Autoupdates 지원 : 일부 지원
Autoupdate 대상 :
. php-binary
. php-devel
Autoupdate 비 대상 :
. 나머지 패키지들
. pkgadd -F php* 명령으로 업데이트 가능 또는 pkginfo -u 옵션으로 업데이트 대상
확인
update 패키지
RPMS :
+ PHP5
. php-binary-5.1.6-1.i686.rpm
. php-devel-5.1.6-1.i686.rpm
. php-5.1.6-1.i686.rpm
. php-bcmath-5.1.6-1.i686.rpm
. php-bz2-5.1.6-1.i686.rpm
. php-calendar-5.1.6-1.i686.rpm
. php-curl-5.1.6-1.i686.rpm
. php-dba-5.1.6-1.i686.rpm
. php-eaccelerator-5.1.6-1.i686.rpm
. php-exif-5.1.6-1.i686.rpm
. php-fileinfo-5.1.6-1.i686.rpm
. php-ftp-5.1.6-1.i686.rpm
. php-gd-5.1.6-1.i686.rpm
. php-gettext-5.1.6-1.i686.rpm
. php-hash-5.1.6-1.i686.rpm
. php-iconv-5.1.6-1.i686.rpm
. php-imap-5.1.6-1.i686.rpm
. php-korean-5.1.6-1.i686.rpm
. php-mbstring-5.1.6-1.i686.rpm
. php-mcrypt-5.1.6-1.i686.rpm
. php-memcache-5.1.6-1.i686.rpm
. php-mhash-5.1.6-1.i686.rpm
. php-mssql-5.1.6-1.i686.rpm
. php-mysql-5.1.6-1.i686.rpm
. php-mysqli-5.1.6-1.i686.rpm
. php-openssl-5.1.6-1.i686.rpm
. php-pdo-5.1.6-1.i686.rpm
. php-pdo-mysql-5.1.6-1.i686.rpm
. php-pdo-pgsql-5.1.6-1.i686.rpm
. php-pgsql-5.1.6-1.i686.rpm
. php-rrd-5.1.6-1.i686.rpm
. php-sockets-5.1.6-1.i686.rpm
. php-sqlite-5.1.6-1.i686.rpm
. php-zlib-5.1.6-1.i686.rpm
SRPMS :
. php-extension-5.1.6-1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
|