Friday, December 5, 2008

Security Update: PHP

A new version of PHP has been released and Patrick has done quick update on this one and release it as security update, because it's not only contains improvements, but also security updates as well. Along with PHP update, there are also JRE and JDK updates and also slackpkg and wicd. Here's the latest -Current changelog which is getting closer to the final Slackware 12.2 big grin
Thu Dec 4 23:01:59 CST 2008
ap/slackpkg-2.70.5-noarch-1.tgz: Upgraded to slackpkg-2.70.5-noarch-1.
Thanks to Piter Punk.

l/jre-6u11-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 11.

n/php-5.2.7-i486-1.tgz: Upgraded to php-5.2.7.
In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including:
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660).
rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
Fixed extraction of zip files or directories when the entry name is a relative path: http://www.sektioneins.de/advisories/SE-2008-06.txt
These are the URLs to get more information:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2665
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
http://www.sektioneins.de/advisories/SE-2008-06.txt
(* Security fix *)

extra/jdk-6/jdk-6u11-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 11.

extra/wicd/wicd-1.5.6-noarch-1.tgz: Upgraded to wicd-1.5.6.