Slackware alert SSA:2013-197-01 (php)

2013 年 7 月 30 日3770

Weekly edition

Kernel

Security

Distributions

Search

Archives

Calendar

Subscribe

Write for LWN

LWN.net FAQ

Sponsors

Slackware alert SSA:2013-197-01 (php)













From:



Slackware Security Team <security@slackware.com>



To:



slackware-security@slackware.com



Subject:



[slackware-security] php (SSA:2013-197-01)



Date:



Tue, 16 Jul 2013 16:02:38 -0700 (PDT)



Message-ID:



<alpine.LNX.2.02.1307161602200.8618@connie.slackware.com>



Archive-link:



Article, Thread











-----BEGIN PGP SIGNED MESSAGE-----



Hash: SHA1







[slackware-security] php (SSA:2013-197-01)







New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,



14.0, and -current to fix a security issue.











Here are the details from the Slackware 14.0 ChangeLog:



+--------------------------+



patches/packages/php-5.4.17-i486-1_slack14.0.txz: Upgraded.



This update fixes an issue where XML in PHP does not properly consider



parsing depth, which allows remote attackers to cause a denial of service



(heap memory corruption) or possibly have unspecified other impact via a



crafted document that is processed by the xml_parse_into_struct function.



For more information, see:



http://http://www.zjjv.com///cgi-bin/cvename.cgi?name=CVE-2013-4113



(* Security fix *)



+--------------------------+











Where to find the new packages:



+-----------------------------+







Thanks to the friendly folks at the OSU Open Source Lab



(http://http://www.zjjv.com//) for donating FTP and rsync hosting



to the Slackware project! :-)







Also see the "Get Slack" section on http://http://www.zjjv.com// for



additional mirror sites near you.







Updated package for Slackware 12.1:



ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patc...







Updated package for Slackware 12.2:



ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patc...







Updated package for Slackware 13.0:



ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patc...







Updated package for Slackware x86_64 13.0:



ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/pa...







Updated package for Slackware 13.1:



ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patc...







Updated package for Slackware x86_64 13.1:



ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/pa...







Updated package for Slackware 13.37:



ftp://ftp.slackware.com/pub/slackware/slackware-13.37/pat...







Updated package for Slackware x86_64 13.37:



ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/p...







Updated package for Slackware 14.0:



ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patc...







Updated package for Slackware x86_64 14.0:



ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/pa...







Updated package for Slackware -current:



ftp://ftp.slackware.com/pub/slackware/slackware-current/s...







Updated package for Slackware x86_64 -current:



ftp://ftp.slackware.com/pub/slackware/slackware64-current...











MD5 signatures:



+-------------+







Slackware 12.1 package:



085d55c6b01cc65cfbf28e3bc4859886 php-5.3.27-i486-1_slack12.1.tgz







Slackware 12.2 package:



a39f1e4919283763ea7f96ab76d97e74 php-5.3.27-i486-1_slack12.2.tgz







Slackware 13.0 package:



526f7e5fbc91eb9c77846a7665ff7952 php-5.3.27-i486-1_slack13.0.txz







Slackware x86_64 13.0 package:



9c9f30b0faefd03b1f4e5a5ee1cf0c98 php-5.3.27-x86_64-1_slack13.0.txz







Slackware 13.1 package:



4410fafd158d51e135a063a23a4eb7a9 php-5.3.27-i486-1_slack13.1.txz







Slackware x86_64 13.1 package:



8b76077d090702bb4acbde69d22e30ce php-5.3.27-x86_64-1_slack13.1.txz







Slackware 13.37 package:



aa950c3641ae93a80c3a555176c222be php-5.3.27-i486-1_slack13.37.txz







Slackware x86_64 13.37 package:



6959e80fbc2332e73962dbcfbc6d11b0 php-5.3.27-x86_64-1_slack13.37.txz







Slackware 14.0 package:



e08e5d2c7a0911e65d13acbd03c10136 php-5.4.17-i486-1_slack14.0.txz







Slackware x86_64 14.0 package:



1270cada2c7bfc4af7743f489683d8c8 php-5.4.17-x86_64-1_slack14.0.txz







Slackware -current package:



fa8047a34a388ecfc2ffecae9c700a90 n/php-5.4.17-i486-1.txz







Slackware x86_64 -current package:



9439336bfb58b642306ed3c2246e3dae n/php-5.4.17-x86_64-1.txz











Installation instructions:



+------------------------+







Upgrade the package as root:



# upgradepkg php-5.4.17-i486-1_slack14.0.txz







Then, restart Apache httpd:



# /etc/rc.d/rc.httpd stop



# /etc/rc.d/rc.httpd start











+-----+







Slackware Linux Security Team



http://http://www.zjjv.com///gpg-key



security@slackware.com







+------------------------------------------------------------------------+



| To leave the slackware-security mailing list: |



+------------------------------------------------------------------------+



| Send an email to majordomo@slackware.com with this text in the body of |



| the email message: |



| |



| unsubscribe slackware-security |



| |



| You will get a confirmation message back containing instructions to |



| complete the process. Please do not reply to this email address. |



+------------------------------------------------------------------------+



-----BEGIN PGP SIGNATURE-----



Version: GnuPG v1.4.13 (GNU/Linux)







iEYEARECAAYFAlHluKsACgkQakRjwEAQIjNnJgCdFnrjWsg+CjJAAadLL2MvUrrX



/eAAn10h0KxgKY1cuCq9ff1DoxnS+DOO



=EwPA



-----END PGP SIGNATURE-----








(Log in to post comments)

0 0