Slackware 2011-237-01 Critical: PHP Buffer Overflow Issues Fix
slackware
August 25, 2011
New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues
Summary
Here are the details from the Slackware 13.37 ChangeLog: patches/packages/php-5.3.8-i486-1_slack13.37.txz: Upgraded. Security fixes vs. 5.3.6 (5.3.7 was not usable): Updated crypt_blowfish to 1.2. (CVE-2011-2483) Fixed crash in error_log(). Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt(). Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) Fixed stack buffer overflow in socket_connect(). (CVE-2011-1938) Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) For more information, see: https://www.cve.org/CVERecord?id=CVE-2011-1148 https://www.cve.org/CVERecord?id=CVE-2011-1938 https://www.cve.org/CVERecord?id=CVE-2011-2202 https://www.cve.org/CVERecord?id=CVE-2011-2483 For those upgrading from PHP 5.2.x, be aware that quite a bit has changed, and it will very likely not 'drop in', but PHP 5.2.x is not supported by
Read the Full Advisory
Topics Covered
Where Find New Packages
Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/extra/php5/php-5.3.8-i486-1_slack11.0.tgz
Updated package for Slackware 12.0:
Updated package for Slackware 12.1:
Updated package for Slackware 12.2:
Updated package for Slackware 13.0:
Updated package for Slackware x86_64 13.0:
Updated package for Slackware 13.1:
Updated package for Slackware x86_64 13.1:
Updated package for Slackware 13.37:
Updated package for Slackware x86_64 13.37:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:
MD5 Signatures
Slackware 11.0 package:
9c68e64817dc0303a098463f3449d457 php-5.3.8-i486-1_slack11.0.tgz
Slackware 12.0 package:
e87e96a218cfc61be65c5662dc51af88 php-5.3.8-i486-1_slack12.0.tgz
Slackware 12.1 package:
83de1f7eee73c4b84c890e39b7a587d6 php-5.3.8-i486-1_slack12.1.tgz
Slackware 12.2 package:
68995a7d24e2fb0666cab69310f2c2b4 php-5.3.8-i486-1_slack12.2.tgz
Slackware 13.0 package:
ccf32b94bf48fdc5ed96ab5fa80cfd14 php-5.3.8-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
8e7fed1682a30dffb25b5ebe5bf2f8d1 php-5.3.8-x86_64-1_slack13.0.txz
Slackware 13.1 package:
4c9be7c00bb297bad6dd2aeae759f116 php-5.3.8-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
4f8f56e6f70a89712d96dac2380d8c85 php-5.3.8-x86_64-1_slack13.1.txz
Slackware 13.37 package:
c44bb52de43ed2ff2cf00fd4ba5b218a php-5.3.8-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
54149726aef87ef3da9b5abe5fe27252 php-5.3.8-x86_64-1_slack13.37.txz
Slackware -current package:
839c90cc461aad85586cdf5d69a9781e n/php-5.3.8-i486-1.txz
Slackware x86_64 -current package:
330aeaa4a2bff8723641b208678e3d0b n/php-5.3.8-x86_64-1.txz
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Installation Instructions
Installation instructions: Upgrade the package as root: # upgradepkg php-5.3.8-i486-1_slack13.37.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!