[bluewhite64-security] php (BW64SA:20081205-01)
Hash: SHA1
[bluewhite64-security] php (BW64SA:20081205-01)
New php packages are available for Bluewhite64 12.0, 12.1, and -current to
fix security issues, as well as make improvements and fix bugs.
Here are the details from the Bluewhite64 12.1 ChangeLog:
+--------------------------+
PATCHES/packages/php-5.2.7-x86_64-1.tgz: Upgraded to php-5.2.7.
In addition to improvements and bug fixes, this new version of PHP also
addresses several security issues, including:
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660).
rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
Fixed extraction of zip files or directories when the entry name is a
relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt
These are the URLs to get more information:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
http://www.sektioneins.de/advisories/SE-2008-06.txt
[*** Security fix ***]
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://www.bluewhite64.com for additional
mirror sites near you.
Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/php-5.2.7-x86_64-1.tgz
Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/php-5.2.7-x86_64-1.tgz
Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/php-5.2.7-x86_64-1.tgz
MD5 signatures:
+-------------+
Bluewhite64 12.0 package:
e9572f6249cf10ac7c5a2f33054c5c96 php-5.2.7-x86_64-1.tgz
Bluewhite64 12.1 package:
e567375287494e7e0ded8ef4c0a95705 php-5.2.7-x86_64-1.tgz
Bluewhite64 -current package:
87292c5a9adf6a682d1a52607ea77d27 php-5.2.7-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.2.7-x86_64-1.tgz
Then, restart the web server.
+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| bluewhite64-security-unsubscribe©bluewhite64.com
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+-------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkk5g6QACgkQpTOsxuDdlY6LcgCfXWgfUnGkdVSiVmoVxeANUTwj
o/0AnAhsTmm1HHM7maUhiUEiFNbxCYQQ
=9ezn
-----END PGP SIGNATURE-----