php 보안 업데이트
업데이트 : 2015.09.22
이름 : php-1:5.3.28-13.an2
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- security issues
. CVE-2015-6834 core: Use After Free Vulnerability in unserialize() (#70172, #70365)
. CVE-2015-6835 core: Use after free vulnerability in session deserializer (#70219)
. CVE-2015-6836 soap: serialize_function_call() type confusion / RCE (#70388)
. CVE-2015-6837 xslt: NULL pointer dereference (#69782)
. CVE-2015-6838 xslt: NULL pointer dereference (#69782)
. #70385 exif: Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes
. #70312 hash: HAVAL gives wrong hashes in specific cases
. #70345 pcre: Multiple vulnerabilities related to PCRE functions
. #70350 zip: ZipArchive::extractTo allows for directory traversal when creating directories
주의사항
php54-repos 또는 php55-repos 패키지를 설치하면 yum update 명령 실행시에
php 버전이 5.4 또는 5.5로 업데이트가 됩니다. php 5.3.x 를 사용하는 경우에는
php54-repos 또는 php55-repos 패키지를 설치 하지 마십시오!
업데이트 패키지
SRPMS:
. php-5.3.28-13.an2.src.rpm
x86_64:
. php-fpm-5.3.28-13.an2.x86_64.rpm
. php-cli-5.3.28-13.an2.x86_64.rpm
. php-devel-5.3.28-13.an2.x86_64.rpm
. php-extension-5.3.28-13.an2.x86_64.rpm
. php-5.3.28-13.an2.x86_64.rpm
i686:
. php-devel-5.3.28-13.an2.i686.rpm
. php-fpm-5.3.28-13.an2.i686.rpm
. php-extension-5.3.28-13.an2.i686.rpm
. php-cli-5.3.28-13.an2.i686.rpm
. php-5.3.28-13.an2.i686.rpm
|