[bluewhite64-security] php (BW64SA:20080508-01)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[bluewhite64-security] php (BW64SA:20080508-01)

New php packages are available for Bluewhite64 11.0, 12.0, 12.1,
and -current to fix security issues.

Note that PHP5 is not the default PHP for Bluewhite64 11.0 (those use
PHP4), so if your PHP code is not ready for PHP5, don't upgrade until it is
or you'll (by definition) run into problems.

More details about one of the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599


Here are the details from the Bluewhite64 12.1 ChangeLog:
+--------------------------+
PATCHES/packages/php-5.2.6-x86_64-1.tgz:
Upgraded to php-5.2.6.
This version of PHP contains many fixes and enhancements. Some of the fixes
are security related, and the PHP release announcement provides this list:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by
Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd()
identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
When last checked, CVE-2008-0599 was not yet open. However, additional
information should become available at this URL:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
The list reproduced above, as well as additional information about other
fixes in PHP 5.2.6 may be found in the PHP release announcement here:
http://www.php.net/releases/5_2_6.php
[*** Security fix ***]
+--------------------------+



Where to find the new packages:
+-----------------------------+
See the "Get Bluewhite64" section on http://bluewhite64.com for additional
mirror sites near you.

Updated package for Bluewhite64 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/extra/php5/php-5.2.6-x86_64-1.tgz

Updated package for Bluewhite64 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/php-5.2.6-x86_64-1.tgz

Updated package for Bluewhite64 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/php-5.2.6-x86_64-1.tgz

Updated package for Bluewhite64 -current:
http://data.bluewhite64.com/bluewhite64-current/bluewhite64/n/php-5.2.6-x86_64-1.tgz



MD5 signatures:
+-------------+
Bluewhite64 11.0 package:
46a17073749c1b14d7c576359cf2a17e php-5.2.6-x86_64-1.tgz

Bluewhite64 12.0 package:
eb72e4447980ed8ae2bfd9e0d49f5ef8 php-5.2.6-x86_64-1.tgz

Bluewhite64 12.1 package:
fbfa4bc5a90c4107f4631ce73605ce2c php-5.2.6-x86_64-1.tgz

Bluewhite64 -current package:
fbfa4bc5a90c4107f4631ce73605ce2c php-5.2.6-x86_64-1.tgz



Installation instructions:
+------------------------+

First, stop Apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-5.2.6-x86_64-1.tgz

Finally, restart Apache:
# apachectl start

Or, for Apache 1.3.x versions using SSL:
# apachectl startssl



+-----+
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
-email-


+-------------------------------------------------------+
| To leave the bluewhite64-security mailing list:
+-------------------------------------------------------+
| Send a blank email to
|
| -email-
|
| You will get a confirmation message back containing
| instructions to complete the process.
|
| Please do not reply to this email address.
+--------------------------------------------------------+



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkgjZXEACgkQpTOsxuDdlY7eRACfZwk8uqA2NihWzPLw3IwjCUBA
r5AAn12re9x5eQLniB/wXlOnoQNnUD8g
=LJHh
-----END PGP SIGNATURE-----






The Bluewhite64 name and logo is a registered trademark of BIN-SH SRL
Without written permission from our company, you are not allowed to use the Bluewhite64 name in any other software or domain name.
Hosting & Solutii Linux | Linux Flash Stick | Stiri ITC | Online Shop | Blog | Web Design
Linux Chicks