[Bluewhite64 Linux Security] php [BW64SA:20090409-02]
Hash: SHA1
[Bluewhite64 Linux Security] php [BW64SA:20090409-02]
New php packages are available for Bluewhite64 Linux 11.0, 12.0, 12.1, and
12.2 to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
Details from the Bluewhite64 Linux 12.2 ChangeLog:
- ---------------------------------------------------
PATCHES/packages/php-5.2.9-x86_64-1.tgz: Upgraded to php-5.2.9.
This update fixes a few security issues:
- Fixed a crash on extract in zip when files or directories entry names
contain a relative path.
- Fixed security issue in imagerotate(), background colour isn't validated
correctly with a non truecolour image. (CVE-2008-5498)
Reported by Hamid Ebadi, APA Laboratory.
- Fixed a segfault when malformed string is passed to json_decode().
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
[*** Security fix ***]
- ---------------------------------------------------
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/extra/php5/php-5.2.9-x86_64-1.tgz
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/php-5.2.9-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/php-5.2.9-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/php-5.2.9-x86_64-1.tgz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 Linux 11.0 packages:
eeb58f912dd4f1c01763176f8aec742c php-5.2.9-x86_64-1.tgz
Bluewhite64 Linux 12.0 packages:
a5bc1a1e868858501673c6b7e0989ad9 php-5.2.9-x86_64-1.tgz
Bluewhite64 Linux 12.1 packages:
d40f5854d7a2f6eefb26ad4d117089f4 php-5.2.9-x86_64-1.tgz
Bluewhite64 Linux 12.2 packages:
31f6bca9ca2b76a4e751d3c2415cf799 php-5.2.9-x86_64-1.tgz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg php-5.2.9-x86_64-1.tgz
Then, restart the web server.
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list send a
blank email to:
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkneA5cACgkQpTOsxuDdlY5/OwCdEz4PdqipHmrvCIuM4ZXNKM1l
8osAniXOIQmR1v0DjGqxV/LLpHE2XHhq
=WtAd
-----END PGP SIGNATURE-----