Friday, December 5, 2008

Security Update: PHP

A new version of PHP has been released and Patrick has done quick update on this one and release it as security update, because it's not only contains improvements, but also security updates as well. Along with PHP update, there are also JRE and JDK updates and also slackpkg and wicd. Here's the latest -Current changelog which is getting closer to the final Slackware 12.2 big grin
Thu Dec 4 23:01:59 CST 2008
ap/slackpkg-2.70.5-noarch-1.tgz: Upgraded to slackpkg-2.70.5-noarch-1.
Thanks to Piter Punk.

l/jre-6u11-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Runtime Environment Version 6.0 update 11.

n/php-5.2.7-i486-1.tgz: Upgraded to php-5.2.7.
In addition to improvements and bug fixes, this new version of PHP also addresses several security issues, including:
Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658).
Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659).
Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666.
Crash with URI/file..php (filename contains 2 dots). (Fixes CVE-2008-3660).
rfc822.c legacy routine buffer overflow. (Fixes CVE-2008-2829).
Fixed extraction of zip files or directories when the entry name is a relative path:
These are the URLs to get more information:
(* Security fix *)

extra/jdk-6/jdk-6u11-i586-1.tgz: Upgraded to Java(TM) 2 Platform Standard Edition Development Kit Version 6.0 update 11.

extra/wicd/wicd-1.5.6-noarch-1.tgz: Upgraded to wicd-1.5.6.