Ustanovljeno je više ranjivosti u programskom paketu PHP. Potencijalni napadači su ih mogli iskoristiti za izmjenu podataka, proizvoljno izvršavanje programskog koda i DoS napad.
| Paket: | PHP 5.1.x, PHP 5.3.x |
| Operacijski sustavi: | CentOS |
| Problem: | cjelobrojno prepisivanje, pogreška u programskoj funkciji, pogreška u programskoj komponenti |
| Iskorištavanje: | udaljeno |
| Posljedica: | izmjena podataka, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| Izvorni ID preporuke: | 2012:1047 |
| Izvor: | CentOS |
| Problem: | |
| Uočena je greška u programskoj komponenti XSL, programskim funkcijama "strtotime()", "zend_strndup()" i "crypt()", te cjelobrojno prepisivanje. |
|
| Posljedica: | |
| Zlonamjerni napadači mogu iskoristiti propuste za izmjenu podataka, proizvoljno izvršavanje programskog koda i napad uskraćivanjem usluga (DoS). |
|
| Rješenje: | |
| Savjetuje se nadogradnja paketa. |
|
Izvorni tekst preporuke
CentOS Errata and Security Advisory 2012:1047 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1047.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
94e43b11f7ffb3529d84045abe5f6bdb6146c6dbd8f231a9d09ede9d83e7a71c
php53-5.3.3-13.el5_8.i386.rpm
9946a89bbe3cbc44a92643fc5068a3b143aa45887e07034f0917e2e8a4a7812e
php53-bcmath-5.3.3-13.el5_8.i386.rpm
094451e9968fc0db081cc141c70fd67cb6bb5b878f53d3a243700dd15d5cd3c8
php53-cli-5.3.3-13.el5_8.i386.rpm
8470b60885f5611b90bc4e95e0ad8ebce05b7451700563d21857dfd9c9dd823a
php53-common-5.3.3-13.el5_8.i386.rpm
8c46b3901e6af538152ab3b08e1b5708c0cbb22369810bbb28c17e1f41aa4a2d
php53-dba-5.3.3-13.el5_8.i386.rpm
0bf41a778defdec5c684bfb5a31340f020a051767aac48cef2908bee44a9dc51
php53-devel-5.3.3-13.el5_8.i386.rpm
d9590c9bed9be0ba8387e7378325101295877aad17438a561f61c9c6026a4846
php53-gd-5.3.3-13.el5_8.i386.rpm
471db95d8fbae54636546bbd85e3c25696d347b4ddabaeba1290230d5408fe90
php53-imap-5.3.3-13.el5_8.i386.rpm
cf9fca3573f05dd02349d6c56f5370cf04e68e2b8d994c591f2627003f0fe041
php53-intl-5.3.3-13.el5_8.i386.rpm
0897e200e93ebc323919bd04f363f74e3b53cf26fa93f22330703d692cab8bce
php53-ldap-5.3.3-13.el5_8.i386.rpm
db37a1df4c766d5aab9cfe69fb2eccc74191c6aec5126caac7160f0b88405b6f
php53-mbstring-5.3.3-13.el5_8.i386.rpm
62b573fde25240a427429908a614522969e6dde82fd595df346ebeac753ed499
php53-mysql-5.3.3-13.el5_8.i386.rpm
e508cfc7d76681ddbfe503cd633608c01d9a6ccc6a7114cdb784dbd3bf8d3c5c
php53-odbc-5.3.3-13.el5_8.i386.rpm
ddd975de17d0e4d8b509b3370e7f0f39d64a5d404b56baccdab5afdb6d69ee05
php53-pdo-5.3.3-13.el5_8.i386.rpm
43edef26f7c8479223a836edc0000f6f4324184766c91cca140f567826f83983
php53-pgsql-5.3.3-13.el5_8.i386.rpm
c55ea938b044da8f748af2ff6b49b3030849e6835e0a0b3a4b48fa1273b29a48
php53-process-5.3.3-13.el5_8.i386.rpm
2755869db486506384bb6d21c51d7a8ade15cc881f66968952ac98bb2fe151b3
php53-pspell-5.3.3-13.el5_8.i386.rpm
f453d46b8db04d396c7933dba3e96ee9dc7213785012dd7ee981b2c5df635ea1
php53-snmp-5.3.3-13.el5_8.i386.rpm
b684ad1aceb492a52ce30684099fe52740e76829d8054c6f987587e6a4fd5b87
php53-soap-5.3.3-13.el5_8.i386.rpm
60bd082014c79326007d7a6f6a33f0eaefe7e2c40a1236474663c3276d033e9c
php53-xml-5.3.3-13.el5_8.i386.rpm
3c0e2a0965f2163f4982cafff7cd74cc996a5507e91db4292948313e5c3c3ae4
php53-xmlrpc-5.3.3-13.el5_8.i386.rpm
x86_64:
11c56098eec183982c962cfa62373e59e6f193dbb5a22d3aba0a4b5e3b3317a0
php53-5.3.3-13.el5_8.x86_64.rpm
bf5b264af59394c635d705021a1e21e4cb81b4b29e691b339140515edced9f2f
php53-bcmath-5.3.3-13.el5_8.x86_64.rpm
9cd7ec176c14fb7d0b7eb30529f163e4e213ee5206b204e8b1e8244db85a3e6c
php53-cli-5.3.3-13.el5_8.x86_64.rpm
a3e14fd2a0facdea30f53bb236b8b25461859cd89ba80cde1a7cd72ba0f551b1
php53-common-5.3.3-13.el5_8.x86_64.rpm
0c168f6eac5f77f2baffeea8b7d76b71904cfbf5e751a7d9685c6bacf5ada5ba
php53-dba-5.3.3-13.el5_8.x86_64.rpm
5fc9d64602acb7c41359508d34885bb0539926edd8739611def3d069b9d4afe2
php53-devel-5.3.3-13.el5_8.x86_64.rpm
57854377f0ea837bb3056fb57cf4dc216ce002fc42f564d3ba9609aa02052651
php53-gd-5.3.3-13.el5_8.x86_64.rpm
25730ca11b315a4d5db915a07eb37ab3b054ca5e089c5796ba39f818cfb6cf15
php53-imap-5.3.3-13.el5_8.x86_64.rpm
b4f4bc133058573a0a417cc0d8a9dced2332e91cfeb758e8dd2b5b2a07255088
php53-intl-5.3.3-13.el5_8.x86_64.rpm
cfca591214ffe71c5ea71c6744b942ec364b30c0b45b8277b0e8f5411b927d44
php53-ldap-5.3.3-13.el5_8.x86_64.rpm
49832dc5a26c3eba990a488bf354838dca13c8cfea4229c089e6352ef441631f
php53-mbstring-5.3.3-13.el5_8.x86_64.rpm
f04609201cbfaebba1ea19ab18d02fb7cb30afb5cc74014f302fe2f4251e24e0
php53-mysql-5.3.3-13.el5_8.x86_64.rpm
d6164305e9802f70a9c97692581ff932b88c035f121345f2d10bcb1ea26d52e6
php53-odbc-5.3.3-13.el5_8.x86_64.rpm
470fc3b1989f7f70a126607c4cb9901315abab62cef113e2d2030768be827893
php53-pdo-5.3.3-13.el5_8.x86_64.rpm
75edce398380e04d0baa5406dc30e3e19b3b99f06f378682afc8e08dd0b17615
php53-pgsql-5.3.3-13.el5_8.x86_64.rpm
6a97e329413353fff689dd246a83f418bd41ea13595eb3f59be85f13a81c8181
php53-process-5.3.3-13.el5_8.x86_64.rpm
70969fc8f35bfc342a13bfec096c627bc0cd14abe0f070f521fa7f8e5f73aac6
php53-pspell-5.3.3-13.el5_8.x86_64.rpm
3a09b731eb9c92febab41cf1282ab34b6cd4c829a8e64e92173fb1ab97532d8d
php53-snmp-5.3.3-13.el5_8.x86_64.rpm
a5d5f61671ebf9c5aa051ffcc61ecb74b8095c747541798ca9fb09b0830b90fc
php53-soap-5.3.3-13.el5_8.x86_64.rpm
cccc5de3522439f544944bdd17c23539f86e3ac4dd345f1ccc7cce16516c48aa
php53-xml-5.3.3-13.el5_8.x86_64.rpm
49a3d8e5f0fc910818dcb79cd2887d7ad3773d8b1ff8b99462072292562bf260
php53-xmlrpc-5.3.3-13.el5_8.x86_64.rpm
Source:
7be2dca44cb73ee54fd8b4b5fbeb79e12011d1987174fdd1335c94fc388f661d
php53-5.3.3-13.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
CentOS Errata and Security Advisory 2012:1045 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1045.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
297de43b0f6b0c3969bcba8186fadfe6b184316944ed27fa57671ac3988af114
php-5.1.6-39.el5_8.i386.rpm
4176d10c165f4b9c4943eec0cbc19a1ae1424799d206abdbba9b51f14bde5462
php-bcmath-5.1.6-39.el5_8.i386.rpm
8b202d3d1e9e132acf52a0ea0910429e86f3db0f3658aa161fba4f3a9740a725
php-cli-5.1.6-39.el5_8.i386.rpm
b73132493ee9fc6b3a775de1f6d46fefaf8e1af6bc8d4c20eb988ea887b5431f
php-common-5.1.6-39.el5_8.i386.rpm
bad93bb0f3952232552490442f498c5558acfc181a130bb10fde0dff1ee26d06
php-dba-5.1.6-39.el5_8.i386.rpm
20eb6fdc667e77d756f89c891534c4e35577af7f1b683d353dd6dc3036fe1c54
php-devel-5.1.6-39.el5_8.i386.rpm
60a189b4191a717e914590a444972603108355bc690f31ef3c900cfd7cbd8088
php-gd-5.1.6-39.el5_8.i386.rpm
2d845270f7cb269fa1c167639dc0349f34aee5b99dbc094f6a997b76da54c536
php-imap-5.1.6-39.el5_8.i386.rpm
c414e53391fb3d28bc15513ef525623a4d0945a75e70de59f748ec86aad2f536
php-ldap-5.1.6-39.el5_8.i386.rpm
198df4e79076b07c6a3eae5e0240f8ecb19f1f48a6e2c6bb07c37c76e45e200b
php-mbstring-5.1.6-39.el5_8.i386.rpm
7dd6f4aaee92936a1e7b4d06e9f2284341f209a89100f7b45ec3e7087fc5997a
php-mysql-5.1.6-39.el5_8.i386.rpm
e428c6e76058183e7714d6f8f3774aa056f8bdb5911cb09619b2a10b1b6dec15
php-ncurses-5.1.6-39.el5_8.i386.rpm
f4e5e4027542b74d7c5bc3994ca3e10c3328ed9bd58450b8fd26227c97f9a995
php-odbc-5.1.6-39.el5_8.i386.rpm
441b0af0b120d4a88e84fe1b34efd8c627e801a7e585ac4bc76f748d077a1501
php-pdo-5.1.6-39.el5_8.i386.rpm
c81def604be5c0c75d6b35438037209327eed7b404b8399db7481c8f3439e662
php-pgsql-5.1.6-39.el5_8.i386.rpm
354b9aeee6cd8d2f0e576019c3fe52941225b9da103a4372e3ac956f90297f99
php-snmp-5.1.6-39.el5_8.i386.rpm
6bc757c9119d9de3beae88fddf3619f108caa78e205bfe4eff869dc854468132
php-soap-5.1.6-39.el5_8.i386.rpm
4e93601de4dc65c758cdaefacc117ab116807128ddd9efc5defa71e940f708dc
php-xml-5.1.6-39.el5_8.i386.rpm
fbe5f89fe528b4b0eba1606735182145539958c0fab60fde7f9b963ad24da5a2
php-xmlrpc-5.1.6-39.el5_8.i386.rpm
x86_64:
e2309cf94b296253d126d8bc793d17647ce0f3a47370906adb61963c79c25899
php-5.1.6-39.el5_8.x86_64.rpm
0468b2d5136646c9857d55fa314bb614ea897dfc279fdd92594ecd2b6681468f
php-bcmath-5.1.6-39.el5_8.x86_64.rpm
3cb2aa1d9caeaba3d0b3b41719cb639ae69db92df13b3fa831f7989968fb4819
php-cli-5.1.6-39.el5_8.x86_64.rpm
a58118d9a642a2bad7b59692cc71680c55c31a6c3d112da4964996ed7e0ff1aa
php-common-5.1.6-39.el5_8.x86_64.rpm
e2b4407203d315893219d427d2525f8ac2a395ccad4bc477d0b9a44e71f37799
php-dba-5.1.6-39.el5_8.x86_64.rpm
241489e2086c27ea43ba66e9a1fab4af44734e131e07e68a0ed7175901b2a730
php-devel-5.1.6-39.el5_8.x86_64.rpm
e999adff7e27011ca4790ee6cbea11c81c8e2bf36a5cd7125df4f935c253ff69
php-gd-5.1.6-39.el5_8.x86_64.rpm
2628a668a5bea2e5e716919ee558f3f4d5f521f552f34cfb6bec8006af3899ae
php-imap-5.1.6-39.el5_8.x86_64.rpm
74912cdc5d95d82914fcf17c532a103269b040f4c6cbe871f368bab24f47088b
php-ldap-5.1.6-39.el5_8.x86_64.rpm
656b6de9b05bfd502d03dbed0f4cac4f3fdbf1a7cf4e1eb329ad7e30b3146e7b
php-mbstring-5.1.6-39.el5_8.x86_64.rpm
3fb9ae977430a9bd162683b1637c7adfa69564006d16d22673df6576f3b00a00
php-mysql-5.1.6-39.el5_8.x86_64.rpm
6a9f5e00533d549283e6489942c46e8ae6f113eb113e7b04cccc046af34ba97f
php-ncurses-5.1.6-39.el5_8.x86_64.rpm
d0210743831271a540d288847a34032cd4fdf1bcd7030b3f6db2865d5dec2efb
php-odbc-5.1.6-39.el5_8.x86_64.rpm
a585e2c412f239962a3dee38d0fb055992779f9acbb837a57007800666866cc1
php-pdo-5.1.6-39.el5_8.x86_64.rpm
7e4d012fd1a4d6021816e7a7ab35f1850414588874a02f5ebab269020328b2e2
php-pgsql-5.1.6-39.el5_8.x86_64.rpm
2365b41c457c991d1b2a7d96217c2382008783e519d76b2d1c03ef2a94dcf673
php-snmp-5.1.6-39.el5_8.x86_64.rpm
05ba1f9f214f31565553433f3f63fab5e46bdb0c7b691b00fc22de64e981dd35
php-soap-5.1.6-39.el5_8.x86_64.rpm
90fe8126907fd7ce99a5fabda4f80052f063204714fbd6b93bbe477f9aa1aeb0
php-xml-5.1.6-39.el5_8.x86_64.rpm
0d30d4c4045ccd5321ee08005c69793720504c672c40ea6de7d06b3a4fd0aec2
php-xmlrpc-5.1.6-39.el5_8.x86_64.rpm
Source:
b559ebe419a6fc20aa9c3fb6f625e046b8a0d0c5d0e5d4831a7dcf4a18d94d36
php-5.1.6-39.el5_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke