drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in php
Name: |
Pufferüberlauf in php |
|
ID: |
SSA:2006-230-02 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 10.2 |
|
Datum: |
Fr, 18. August 2006, 10:16 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] php (SSA:2006-230-02)
New php packages are available for Slackware 10.2 and -current to fix security and other issues.
More details about these issues may be found on the PHP website:
http://www.php.net
Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/php-4.4.4-i486-1_slack10.2.tgz: Upgraded to php-4.4.4. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) testing/packages/php-5.1.5/php-5.1.5-i486-1_slack10.2.tgz: Usually packages in /testing aren't patched or upgraded after a release, but since quite a few people have probably deployed this one, and it is a network service, an upgraded package is being provided. Upgraded to php-5.1.5. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5 with realpath cache. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Updated packages for Slackware 10.2: php-4.4.4-i486-1_slack10.2.tgz php-5.1.5-i486-1_slack10.2.tgz
Updated packages for Slackware -current: php-4.4.4-i486-1.tgz php-5.1.5-i486-1.tgz
MD5 signatures: +-------------+
Slackware 10.2 packages: c7e6c918828be69380a0b6cc86a311be php-4.4.4-i486-1_slack10.2.tgz c8895a309e785de5234ece30600a6617 php-5.1.5-i486-1_slack10.2.tgz
Slackware -current packages: cd87305b9576669ecb58df181acf316c php-4.4.4-i486-1.tgz 1b15cbd166f2be08c1adaad6a19409b9 php-5.1.5-i486-1.tgz
Installation instructions: +------------------------+
Upgrade the package as root: # upgradepkg php-4.4.4-i486-1_slack10.2.tgz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux)
iD8DBQFE5VYBakRjwEAQIjMRArjmAJ9cALUQMnocNVb855E9otcRkpasqwCghIX5 kr+rNcmjyPfCOCyTVkME8tA= =e9xG -----END PGP SIGNATURE-----
|
|
|
|