Slackware alert SSA:2006-230-02 (php)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] php (SSA:2006-230-02) | |
| Date: | Fri, 18 Aug 2006 01:01:39 -0700 (PDT) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2006-230-02) New php packages are available for Slackware 10.2 and -current to fix security and other issues. More details about these issues may be found on the PHP website: http://www.php.net Here are the details from the Slackware 10.2 ChangeLog: +--------------------------+ patches/packages/php-4.4.4-i486-1_slack10.2.tgz: Upgraded to php-4.4.4. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) testing/packages/php-5.1.5/php-5.1.5-i486-1_slack10.2.tgz: Usually packages in /testing aren't patched or upgraded after a release, but since quite a few people have probably deployed this one, and it is a network service, an upgraded package is being provided. Upgraded to php-5.1.5. Some of the security issues fixed in this release include: * Added missing safe_mode/open_basedir checks inside the error_log(), file_exists(), imap_open() and imap_reopen() functions. * Fixed possible open_basedir/safe_mode bypass in cURL extension and on PHP 5 with realpath cache. * Fixed a buffer overflow inside sscanf() function. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated packages for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.2/test... Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/t... MD5 signatures: +-------------+ Slackware 10.2 packages: c7e6c918828be69380a0b6cc86a311be php-4.4.4-i486-1_slack10.2.tgz c8895a309e785de5234ece30600a6617 php-5.1.5-i486-1_slack10.2.tgz Slackware -current packages: cd87305b9576669ecb58df181acf316c php-4.4.4-i486-1.tgz 1b15cbd166f2be08c1adaad6a19409b9 php-5.1.5-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg php-4.4.4-i486-1_slack10.2.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFE5VYBakRjwEAQIjMRArjmAJ9cALUQMnocNVb855E9otcRkpasqwCghIX5 kr+rNcmjyPfCOCyTVkME8tA= =e9xG -----END PGP SIGNATURE-----