drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in php
Name: |
Pufferüberlauf in php |
|
ID: |
SSA:2019-038-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware x86_64 -current, Slackware 14.0, Slackware x86_64 14.0, Slackware 14.1, Slackware x86_64 14.1, Slackware 14.2, Slackware x86_64 14.2 |
|
Datum: |
Fr, 8. Februar 2019, 07:08 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] php (SSA:2019-038-01)
New php packages are available for Slackware 14.0, 14.1, 14.2 to fix security issues. A bugfix release for -current is also available.
Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/php-5.6.40-i586-1_slack14.2.txz: Upgraded. Several security bugs have been fixed in this release: GD: Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). Mbstring: Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). Fixed bug #77381 (heap buffer overflow in multibyte match_at). Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). Fixed bug #77385 (buffer overflow in fetch_token). Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). Phar: Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). Xmlrpc: Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). For more information, see: https://php.net/ChangeLog-5.php#5.6.40 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 14.0: php-5.6.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: php-5.6.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: php-5.6.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: php-5.6.40-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: php-5.6.40-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: php-5.6.40-x86_64-1_slack14.2.txz
Updated package for Slackware -current: php-7.2.15-i586-1.txz
Updated package for Slackware x86_64 -current: php-7.2.15-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 14.0 package: bcb848ec4441e1c9326b3a1db085505e php-5.6.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 9fc26fa58f2fb0ef5fb4cd7a8c1a213f php-5.6.40-x86_64-1_slack14.0.txz
Slackware 14.1 package: 9171862cf5c7f300f9647ca2a6ab473e php-5.6.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: eda09ba227a306b363e1ddfc33090e95 php-5.6.40-x86_64-1_slack14.1.txz
Slackware 14.2 package: a09c980f8725eee8b7d6c5175431fe48 php-5.6.40-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 16e5126eb40d443847ce62f40acaa964 php-5.6.40-x86_64-1_slack14.2.txz
Slackware -current package: 9a839180fa5a37150e5c9a8d1bb090da n/php-7.2.15-i586-1.txz
Slackware x86_64 -current package: 384910100ad49d38f7dbb4fec532200e n/php-7.2.15-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root: # upgradepkg php-5.6.40-i586-1_slack14.2.txz
Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAlxcsuIACgkQakRjwEAQIjM52wCeIzqI93rDq/QcATQz3bIPsfZh hnIAni2qL83jK7jO8NY7HWh4RPKPUvhN =99mu -----END PGP SIGNATURE-----
|
|
|
|