drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php5
Name: |
Mehrere Probleme in php5 |
|
ID: |
SSA:2007-152-01 |
|
Distribution: |
Slackware |
|
Plattformen: |
Slackware -current, Slackware 10.2, Slackware 11.0 |
|
Datum: |
Fr, 1. Juni 2007, 23:39 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[slackware-security] php5 (SSA:2007-152-01)
New php5 packages are available for Slackware 10.2, 11.0, and -current to fix security issues. PHP5 was considered a test package in Slackware 10.2, and an "extra" package in Slackware 11.0. If you are currently running PHP4 you may wish to stick with that, as upgrading to PHP5 will probably require changes to your system's configuration and/or web code.
More details about the issues affecting Slackware's PHP5 may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
One CVE-issued vulnerability (CVE-2007-1887) does not affect Slackware as we do not ship an unbundled sqlite2 library.
Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ extra/php5/php-5.2.3-i486-1_slack11.0.tgz: Upgraded to php-5.2.3. Here's some basic information about the release from php.net: "This release continues to improve the security and the stability of the 5.X branch as well as addressing two regressions introduced by the previous 5.2 releases. These regressions relate to the timeout handling over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in certain conditions. All users are encouraged to upgrade to this release." For more complete information, see: http://www.php.net/releases/5_2_3.php http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 (* Security fix *) +--------------------------+
Where to find the new packages: +-----------------------------+
HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 10.2: php-5.2.3-i486-1_slack10.2.tgz
Updated package for Slackware 11.0: php-5.2.3-i486-1_slack11.0.tgz
Updated package for Slackware -current: php-5.2.3-i486-1.tgz
MD5 signatures: +-------------+
Slackware 10.2 package: 9f399433ff6cf9c6627476e298cc4e39 php-5.2.3-i486-1_slack10.2.tgz
Slackware 11.0 package: 8ee13bfe55814bed9898ef92c0f25b6c php-5.2.3-i486-1_slack11.0.tgz
Slackware -current package: ecdc3dbd5c5766f0ebaa05327d8a2fea php-5.2.3-i486-1.tgz
Installation instructions: +------------------------+
First, stop apache: # apachectl stop
Next, upgrade to the new PHP package: # upgradepkg php-5.2.3-i486-1_slack11.0.tgz
Finally, restart apache: # apachectl start (or: apachectl startssl)
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGYHxfakRjwEAQIjMRAos2AJ9PLzRsgFtU6v8sAx03y2L9aPGIVgCfcsXm GglnRzWyN1/FMUqy/LdJyNU= =o4tu -----END PGP SIGNATURE-----
|
|
|
|