php 보안 업데이트
Web Browser 로는 FTP 접속이 불가능 합니다.
문서번호 : 1190539265
업데이트 : 2007.09.23
상세내용
* update 5.2.4-1 and addjust php news issue until #46228
* security fix
* 주의 사항
1. php 5.1 용 eaccelerator 와 호환되지 않습니다.
2. php-mbstring 이 php package 로 포함이 되었습니다. 기존의
php-mbstring package 가 설치되어 있다면 삭제하십시오.
* Security Fix
CVE-2007-4783 :
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers
to cause (1) a denial of service (application crash) via a long string in the charset
parameter, probably also requiring a long string in the str parameter; or (2) a denial
of service (temporary application hang) via a long string in the str parameter.
NOTE: this might not be a vulnerability in most web server environments that support
multiple threads, unless these issues can be demonstrated for code execution.
CVE-2007-4840 :
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service
(application crash) via (1) a long string in the out_charset parameter to the iconv
function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers,
(3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a
vulnerability in most web server environments that support multiple threads, unless
these issues can be demonstrated for code execution.
Autoupdates 지원 : 일부 지원
pkgsysupdate -v
pkgadd -F "php*"
update 패키지
RPMS :
+ PHP5
. php-binary-5.2.4-1.i686.rpm
. php-5.2.4-1.i686.rpm
. php-devel-5.2.4-1.i686.rpm
. php-gd-5.2.4-1.i686.rpm
. php-mssql-5.2.4-1.i686.rpm
. php-bcmath-5.2.4-1.i686.rpm
. php-geoip-5.2.4-1.i686.rpm
. php-mysql-5.2.4-1.i686.rpm
. php-gettext-5.2.4-1.i686.rpm
. php-mysqli-5.2.4-1.i686.rpm
. php-bz2-5.2.4-1.i686.rpm
. php-hash-5.2.4-1.i686.rpm
. php-openssl-5.2.4-1.i686.rpm
. php-calendar-5.2.4-1.i686.rpm
. php-iconv-5.2.4-1.i686.rpm
. php-pdo-5.2.4-1.i686.rpm
. php-curl-5.2.4-1.i686.rpm
. php-imap-5.2.4-1.i686.rpm
. php-pdo-mysql-5.2.4-1.i686.rpm
. php-dba-5.2.4-1.i686.rpm
. php-korean-5.2.4-1.i686.rpm
. php-pdo-pgsql-5.2.4-1.i686.rpm
. php-krisp-5.2.4-1.i686.rpm
. php-pgsql-5.2.4-1.i686.rpm
. php-eaccelerator-5.2.4-1.i686.rpm
. php-rrd-5.2.4-1.i686.rpm
. php-exif-5.2.4-1.i686.rpm
. php-mcrypt-5.2.4-1.i686.rpm
. php-sockets-5.2.4-1.i686.rpm
. php-fileinfo-5.2.4-1.i686.rpm
. php-memcache-5.2.4-1.i686.rpm
. php-sqlite-5.2.4-1.i686.rpm
. php-ftp-5.2.4-1.i686.rpm
. php-mhash-5.2.4-1.i686.rpm
. php-yp-5.2.4-1.i686.rpm
. php-nis-5.2.4-1.i686.rpm
SRPMS :
. php-extension-5.2.4-1.src.rpm
참고 :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840
|