php 보안 업데이트
업데이트 : 2019.06.10
이름 : php-1:5.3.28-24.an2
벤더 : AnNyung Packaging Team
설명 :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most
common use of PHP coding is probably as a replacement for CGI
scripts. The mod_php module enables the Apache web server to
understand and process the embedded PHP language in web pages.
Building option:
--with no_goto : if don't add vm kind option with goto..
변경사항
- security issues
. CVE-2019-9021 Phar: heap buffer overflow in phar_detect_phar_fname_ext (#77247)
. CVE-2017-11147 Phar: Seg fault when loading hostile phar (#73773)
. CVE-2018-20783 Phar: Heap Buffer Overflow (READ: 4) in phar_parse_pharfile (#77143)
. CVE-2016-7411 Standard: Memory Corruption in During Deserialized-object Destruction (#73052)
. CVE-2017-11145 Core: wddx_deserialize() heap out-of-bound read via php_parse_date() (#74819)
. CVE-2017-11628 Core: PHP INI Parsing Stack Buffer Overflow Vulnerability (#74603)
. CVE-2017-12933 Core: Heap buffer overread (READ: 1) finish_nested_data from unserialize (#74111)
. CVE-2017-11144 OpenSSL: negative-size-param (-1) in memcpy in zif_openssl_seal() (#74651)
. CVE-2017-16642 Date: Out-Of-Bounds Read in timelib_meridian() (#75055)
. CVE-2016-1283 PCRE: applied upstream patch for (#75207)
. CVE-2018-17082 Apache2: XSS due to the header Transfer-Encoding: chunked (#76582)
. CVE-2018-19518 IMAP: imap_open allows to run arbitrary shell commands via mailbox parameter (#77153)
. CVE-2019-9023 Mbstring: Buffer overflow on mb regex functions - fetch_token (#77370)
. CVE-2019-9023 Mbstring: heap buffer overflow in mb regex functions - compile_string_node (#77371)
. CVE-2019-9023 Mbstring: heap buffer overflow in multibyte match_at (#77381)
. CVE-2019-9023 Mbstring: heap buffer overflow due to incorrect length in expand_case_fold_string (#77382)
. CVE-2019-9023 Mbstring: buffer overflow in fetch_token (#77385)
. CVE-2019-9023 Mbstring: Buffer overflow in multibyte case folding - unicode (#77394)
. CVE-2019-9023 Mbstring: Heap overflow in utf32be_mbc_to_code (#77418)
. CVE-2019-9020 Xmlrpc: heap out of bounds read in xmlrpc_decode() (#77242)
. CVE-2019-9024 Xmlrpc: Global out of bounds read in xmlrpc base64 code (#77380)
. CVE-2019-11034 EXIF: Heap-buffer-overflow in php_ifd_get32s (#77753)
. CVE-2019-11035 EXIF: Heap-buffer-overflow in exif_iif_add_value (#77831)
. CVE-2019-11036 EXIF: Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG (#77950)
. CVE-2019-11040 EXIF: heap-buffer-overflow on php_jpg_get16 (#77988)
. CVE-2018-14883 EXIF: Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c (#76423)
. CVE-2018-14851 EXIF: heap-buffer-overflow (READ of size 48) while reading exif data (#76557)
. CVE-2018-5711 GD: Potential infinite loop in gdImageCreateFromGifCtx (#75571)
. CVE-2019-6977 GD: imagecolormatch Out Of Bounds Write on Heap (#77270)
. CVE-2019-11038 GD: Uninitialized read in gdImageCreateFromXbm (#77973)
. CVE-2019-11039 Iconv: Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to int overflow (#78069)
. CVE-2017-11143 WDDX: wddx parsing empty boolean tag leads to SIGSEGV (#74145)
주의사항
php54-repos 또는 php55-repos 패키지를 설치하면 yum update 명령 실행시에
php 버전이 5.4 또는 5.5로 업데이트가 됩니다. php 5.3.x 를 사용하는 경우에는
php54-repos 또는 php55-repos 패키지를 설치 하지 마십시오!
업데이트 패키지
SRPMS:
. php-5.3.28-24.an2.src.rpm
x86_64:
. php-fpm-5.3.28-24.an2.x86_64.rpm
. php-5.3.28-24.an2.x86_64.rpm
. php-devel-5.3.28-24.an2.x86_64.rpm
. php-extension-5.3.28-24.an2.x86_64.rpm
. php-cli-5.3.28-24.an2.x86_64.rpm
i686:
. php-fpm-5.3.28-24.an2.i686.rpm
. php-5.3.28-24.an2.i686.rpm
. php-extension-5.3.28-24.an2.i686.rpm
. php-devel-5.3.28-24.an2.i686.rpm
. php-cli-5.3.28-24.an2.i686.rpm
|