Slackware 10.1: 2005-242-02 Critical: PHP Buffer Overflow Fix

slackware

August 30, 2005

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues

Summary

Here are the details from the Slackware 10.1 ChangeLog: patches/packages/php-4.3.11-i486-3.tgz: Relinked with the system PCRE library, as the builtin library has a buffer overflow that could be triggered by the processing of a specially crafted regular expression. Note that this change requires the pcre package to be installed. For more information, see: https://www.cve.org/CVERecord?id=CAN-2005-2491 (* Security fix *) Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the insecure eval() function. For more information, see: https://www.cve.org/CVERecord?id=CAN-2005-2498 (* Security fix *)

Topics Covered

security advisory package update Slackware PHP overflow issue PEAR upgrade

Where Find New Packages

Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/php-4.3.11-i386-4.tgz
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/php-4.3.11-i386-4.tgz
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/php-4.3.11-i486-4.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/php-4.3.11-i486-3.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/php-4.3.11-i486-3.tgz
Updated package for Slackware -current:

MD5 Signatures

Slackware 8.1 package: 06ae1e8f982f2c8142194eb4691cb2c0 php-4.3.11-i386-4.tgz
Slackware 9.0 package: 41d878638bca9f1fd13086ab1c3b5528 php-4.3.11-i386-4.tgz
Slackware 9.1 package: 28c5d2d4a1f16ff7656606962b6c05b5 php-4.3.11-i486-4.tgz
Slackware 10.0 package: da1920c127a633a38efc49035307f069 php-4.3.11-i486-3.tgz
Slackware 10.1 package: 5f7efa91b92ca0239b6dc413a2cc6a41 php-4.3.11-i486-3.tgz
Slackware -current package: e60c975944a7ee9709819918d65d4699 php-4.4.0-i486-3.tgz

Severity

critical

Lowest

Low

Medium

High

Critical

Topics Covered

security advisory package update Slackware PHP overflow issue PEAR upgrade

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: First, stop apache: # apachectl stop Next, upgrade to the new PHP package: # upgradepkg php-4.3.11-i486-3.tgz Finally, restart apache: # apachectl start (or: apachectl startssl)

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 10.1: 2005-242-02 Critical: PHP Buffer Overflow Fix

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Slackware 10.1: 2005-242-02 Critical: PHP Buffer Overflow Fix

Summary

Topics Covered

Where Find New Packages

MD5 Signatures

Topics Covered

Get the latest News and Insights

Installation Instructions

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!