Detalji
Kreirano: 11 Srpanj 2012
Ispravljeni su brojni nedostaci PHP paketa. Posljedice ovih propusta su spremanje datoteka na neispravnu lokaciju, izvođenje proizvoljnog koda s većim ovlastima, gubitak podataka te DoS napad.
Paket:
PHP 5.3.x
Operacijski sustavi:
Red Hat Enterprise Linux 6
Kritičnost:
6.8
Problem:
nepravilno rukovanje lozinkama, pogreška u programskoj funkciji, pogreška u programskoj komponenti, preljev međuspremnika
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, izmjena podataka, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS), zaobilaženje postavljenih ograničenja
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0781, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386
Izvorni ID preporuke:
2012:1046
Izvor:
CentOS
Problem:
U DES algoritmu postoji problem kojim se krivo izračunava hash vrijednost lozinke korisnika. Nedostatak se javlja i prilikom provjere imena datoteke te kod rukovanja s TAR i PHAR datotekama. Prilikom poziva funkcije strtotime() može doći do curenja memorije, a prilikom korištenja funkcije tidy_diagnose() vraća se NULL pokazivač. Za funkciju zend_strndup() se ponekad nije provjeravala povratna vrijednost. U biblioteci libxslt nisu ograničene mogućnosti pisanja datoteka ektenzije XSL.
Posljedica:
Posljedice ovih propusta su moguće gašenje PHP aplikacije, pohrana datoteka na neželjenu lokaciju te izvođenje proizvoljnog koda s povećanim ovlastima.
Rješenje:
Korisnici bi trebali instalirati dostupne nadogradnje paketa.
Izvorni tekst preporuke
CentOS Errata and Security Advisory 2012:1046 Moderate
Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-1046.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
56995c05f8e0c0a9b1c7f40c750e894442d838ba6f998a74c0cffda702c70f31
php-5.3.3-14.el6_3.i686.rpm
ecc579cd557af2411556935e4af3d3776ed72a66b31e51931554aad8a800d63d
php-bcmath-5.3.3-14.el6_3.i686.rpm
865d5b90a73d15cdafd094aa2e3cc3d0efa8f0379c7571729f6373af903401d1
php-cli-5.3.3-14.el6_3.i686.rpm
7c294904da7fc803bf553e9a83465398252e75d793efe57bbc1783d3098c72b4
php-common-5.3.3-14.el6_3.i686.rpm
c398423872d9112c20b9db46fe90684328519c4c4ce045b4053b5c9068d4f698
php-dba-5.3.3-14.el6_3.i686.rpm
dfed13c72f90b8a5311372977856f7a7390e182594c53e78c7d467416e83a34e
php-devel-5.3.3-14.el6_3.i686.rpm
bb4c33554412b7535bdc87d5db52768d04e4022f981ee55a6095d1931fe28a84
php-embedded-5.3.3-14.el6_3.i686.rpm
27306b1b24184c52cc8312bd45422b9ec30184ca81bc2430f8678ac37dc6c121
php-enchant-5.3.3-14.el6_3.i686.rpm
3922970c9ed92eb3ee5c53d926fa745fdd1dde510f2d925d44340a2fcdc34b2a
php-gd-5.3.3-14.el6_3.i686.rpm
9488de02ee1ef308abb7d6f6adb991943796150d9c3f174beb86b4996a821397
php-imap-5.3.3-14.el6_3.i686.rpm
cf5a3e7724fc409ef0bdf81e1d6db6440b3614e060a8ce1f03af77dea4bab689
php-intl-5.3.3-14.el6_3.i686.rpm
2ce40c568fca5c383a7a388710158d7e8c27e85a4e1ea653fecc422b41fb2618
php-ldap-5.3.3-14.el6_3.i686.rpm
294fb880739ba8000f850c7cfd98fdcd89fd548d0cb6c9ae33447076b7ec4f9a
php-mbstring-5.3.3-14.el6_3.i686.rpm
c5ac6bd134b380ceae1fbf82866ecd4ce4c66ab16243054826ffaf624e814724
php-mysql-5.3.3-14.el6_3.i686.rpm
c1cdb00eb1619331509487b836727662434c4538c1ff0a90cbd8a2839467a1e4
php-odbc-5.3.3-14.el6_3.i686.rpm
6784142c2e4a3f15b81617b8e8d8dce3cbd75b92ea2025c0823265e6106b77dc
php-pdo-5.3.3-14.el6_3.i686.rpm
052ccb2bde0b1070c35917c578d87615fd9db2680f79e96b109c0e7ff67c5fb6
php-pgsql-5.3.3-14.el6_3.i686.rpm
3ba453d5f7bc4b4634c3097326ac471df5d0e95570bcfd99b6de06e6afebd2fd
php-process-5.3.3-14.el6_3.i686.rpm
b51974cf0479584acf4ecc64306907b365cfa07c0cbc1f7b7154ea17c3028953
php-pspell-5.3.3-14.el6_3.i686.rpm
153f5998ce7664652304f2149d31c40822720dec1c17030d4213194fac4ca101
php-recode-5.3.3-14.el6_3.i686.rpm
c09a441bceba04e842a975f7bf61156abe31dae8434804b39af8dbc41d265151
php-snmp-5.3.3-14.el6_3.i686.rpm
26d236b034717102bb59f7651af2d0c83b4ce1107764ad11d03502f5339af869
php-soap-5.3.3-14.el6_3.i686.rpm
56e485b33c974770cbfdabe6e5d023e7f6fbc01dde9016f955c1e1d122df5b06
php-tidy-5.3.3-14.el6_3.i686.rpm
213de99ecbad441f039400ecb777c9e88bf0eaab9d5b9954773e01fa6bc8f9db
php-xml-5.3.3-14.el6_3.i686.rpm
da4e0bcffba0dc1d09b9c1bae9ac79c7dd8fec9637a0ca1dcc20ece59c4aac44
php-xmlrpc-5.3.3-14.el6_3.i686.rpm
4f884aaa330386466c74f9153c43680f832a0c6deb53b2a8125af1ce10755799
php-zts-5.3.3-14.el6_3.i686.rpm
x86_64:
bb48c95a64626f0997440cb44d40008463297fcae04653a2a511eb879a7ce9ec
php-5.3.3-14.el6_3.x86_64.rpm
e1aba5b65165f9faf95211d6e20cfe629553d21eac79d7fb3185caf3fe372ec8
php-bcmath-5.3.3-14.el6_3.x86_64.rpm
4bc987e2920936413ba73b459506d3f0a172ad4ea8151e2f517b96630b355835
php-cli-5.3.3-14.el6_3.x86_64.rpm
91cfbac09292966b9e3978856229adc0a8d427a27161c1bea2cbc3e555c55009
php-common-5.3.3-14.el6_3.x86_64.rpm
63a71c59e7333097afd2ff995b55fc3b32cab9b7746458e60bcec3321836ab0c
php-dba-5.3.3-14.el6_3.x86_64.rpm
23a8b62cdaa36db4338210d35b8940e2a4969a942e562d66b6ab884efc177600
php-devel-5.3.3-14.el6_3.x86_64.rpm
f51e6ebf3682b089516e0daee6209eaa21901514ad6c7478ff56fb5bb841867f
php-embedded-5.3.3-14.el6_3.x86_64.rpm
488eda0e5335468939c3133e9e1175ab21c2d4a5f29673cca87aafb36bb3c7fa
php-enchant-5.3.3-14.el6_3.x86_64.rpm
5dbc9201d6eacc8982097d10118ffc17ee4c4b4b18f2b31c7305bea0aeffc01e
php-gd-5.3.3-14.el6_3.x86_64.rpm
270417b7c8f762ac5a93b3e5c511095bb0e3e43942154ada40b5ca0405066ccb
php-imap-5.3.3-14.el6_3.x86_64.rpm
9540923d62787436bde21273f4b3515e62f6ee8a279cf03b70c0c199e9076d8e
php-intl-5.3.3-14.el6_3.x86_64.rpm
dfb0adb54562de2882a0f8235c9e1bcdc86d7ddf6d6624e49fbbf156c5551b20
php-ldap-5.3.3-14.el6_3.x86_64.rpm
a9b8491ee0e00c9e5c93d2e847757639482e44909df7477d5c49b45deadf0893
php-mbstring-5.3.3-14.el6_3.x86_64.rpm
75a542546db001a8411695b482f60500f38b425d511eb5d879128cc77ee2c157
php-mysql-5.3.3-14.el6_3.x86_64.rpm
a2e90a0e5039bec9853c3c1886a567533d14a435dd7b69cbdec2c2e01e6bf82d
php-odbc-5.3.3-14.el6_3.x86_64.rpm
66a85a819d02255b180c42f2c9a0149d58ada3eaa336349f41f67bcdba25cdca
php-pdo-5.3.3-14.el6_3.x86_64.rpm
c45d4417159a1b436149bb47405c86ba1d78fd4a882e6296ea311b9149dce910
php-pgsql-5.3.3-14.el6_3.x86_64.rpm
1e00ac541a65b7e21d348269b56503ca817bc265c861d0ae214dee4ad1e41083
php-process-5.3.3-14.el6_3.x86_64.rpm
aa8c3e2b8ce7e9855248dc4ae2ae720c22ee21c2a09d2041e02c965f9b2301e6
php-pspell-5.3.3-14.el6_3.x86_64.rpm
0175fad763251bd99dd0b659b4fbd9895c8e0157cec699af29c457ae652ab597
php-recode-5.3.3-14.el6_3.x86_64.rpm
ee9cde4059645f66dddc6f88caeb8a5c27378002e22a49e57b87ce6af93b1e6e
php-snmp-5.3.3-14.el6_3.x86_64.rpm
60aac0a48bfe7f76580819c52a6f94e41621b49a1a2de8c9f3f25b16f4319de4
php-soap-5.3.3-14.el6_3.x86_64.rpm
b2201ff424e30aa720cc3c9c2ed10ab75c4f2b7fcc2b7f27015ac25166cafe02
php-tidy-5.3.3-14.el6_3.x86_64.rpm
31a05ad7b150f8e4336c826e910532d8c08a5a128d07fdb5edea992ed1966450
php-xml-5.3.3-14.el6_3.x86_64.rpm
eab808ddacfe80b14283a1aae6f847b4756746e9b0cd3467d7bf68cd89878e37
php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm
4d3888f83e344b1ef8944aa678bb7f0b658de358f85aa41c41a433993bb2703b
php-zts-5.3.3-14.el6_3.x86_64.rpm
Source:
76e8ef1ddc4e10cffd26f9c48442d2eccc8286644998b145023a266828c056d8
php-5.3.3-14.el6_3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
_______________________________________________
CentOS-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://lists.centos.org/mailman/listinfo/centos-announce
Posljednje sigurnosne preporuke