php-5.3.3-22.AXS4

エラータID: AXSA:2013-117:01

Release date: 
Wednesday, March 6, 2013 - 12:08
Subject: 
php-5.3.3-22.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP language to Apache HTTP Server.

Security issues fixed with this release:

• CVE-2011-1398
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.

• CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.

• CVE-2012-2688
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."

Solution: 

Update packages.

CVEs: 
CVE-2012-2688
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
CVE-2011-1398
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome.




Additional Info: 

N/A

Download: 

SRPMS
  1. php-5.3.3-22.AXS4.src.rpm
    MD5: 4e376b5e3abbba9b2eaee8ec4f852455
    SHA-256: 868d810c3a4689b7dd44903bd5c897f49cf51542764d1a4377f52ddd05794562
    Size: 10.34 MB

Asianux Server 4 for x86
  1. php-5.3.3-22.AXS4.i686.rpm
    MD5: 3ea5dd070b5afcf1437d5986b586eaf9
    SHA-256: 114a8f040f0cdf2a903c0135c529a1a7cd5ffe5861d541a0d0410d70dea04bff
    Size: 1.11 MB
  2. php-bcmath-5.3.3-22.AXS4.i686.rpm
    MD5: cdeef18d35130625f5ca89bdb2d1a3d1
    SHA-256: ecfd83e4d775526d00517c1bf4e495b6436f00a6a2f5d9bd5b2f7813a807c9ba
    Size: 33.41 kB
  3. php-cli-5.3.3-22.AXS4.i686.rpm
    MD5: d8b761cfff94f9e2c3d5421d8e50c95e
    SHA-256: 81f725ead0503f2d509a145519691fe29010643acab71056f76e388cdec8b9d3
    Size: 2.22 MB
  4. php-common-5.3.3-22.AXS4.i686.rpm
    MD5: ca57a22a49000510366cd171b23a9232
    SHA-256: d48c3ab8ac2a3860820ab8a9d5e92b925b64449d51f4488e7ca56da6bb40138d
    Size: 524.23 kB
  5. php-gd-5.3.3-22.AXS4.i686.rpm
    MD5: 036790a224802e450fe519090c36cd4e
    SHA-256: 92875f4917282dbf26d65c7b454c525915e03783ea592f12d1ab216f64f72d3f
    Size: 103.55 kB
  6. php-ldap-5.3.3-22.AXS4.i686.rpm
    MD5: e1456bc99e0b2f13b6002845bcb8898a
    SHA-256: dc827f32762372446db40103db9a24c9ebe47fc06c203e64c7083d57bce0f7db
    Size: 36.43 kB
  7. php-mbstring-5.3.3-22.AXS4.i686.rpm
    MD5: 3c6f374c08dac1108cdd6a6ecf4259ce
    SHA-256: c57d40e5f949f547176a55ce2362b567ab5be0615b3f8ba66c54a98151ec3117
    Size: 453.81 kB
  8. php-mysql-5.3.3-22.AXS4.i686.rpm
    MD5: 75961060d38f5cd3cb8cbecf20df8b27
    SHA-256: df12870f45ae7df7b07a7dc07a834655c5b6c4d2f1e441120e9f3bba1083fd49
    Size: 77.57 kB
  9. php-odbc-5.3.3-22.AXS4.i686.rpm
    MD5: 15c32217bb07b6aeb68d4b047e3a2ebd
    SHA-256: 9d3a439c053d4703cadc0e4ce5f0a0ecf69f6de7016e76941135a2ff4e3a1f46
    Size: 49.02 kB
  10. php-pdo-5.3.3-22.AXS4.i686.rpm
    MD5: e1d1c80c2752296a921844e3d84e5fd0
    SHA-256: 3d3910a3991bdc4617bfe8b56a43df06dd561bf6c28a94021a2e277cc8bdd416
    Size: 73.11 kB
  11. php-pgsql-5.3.3-22.AXS4.i686.rpm
    MD5: 427c158fbc6e05d27fcc0faed369b5ac
    SHA-256: 1f96f074f17a282335d83742d8592924f65a07d3231808ac258c1b15d20a48d8
    Size: 68.02 kB
  12. php-soap-5.3.3-22.AXS4.i686.rpm
    MD5: d809bfb2fb418f78643c2e007d46791a
    SHA-256: 35d53d2c5d94907b2839ba19f457abdbe735a5fcfd9cf6e75f305927d74e6122
    Size: 140.10 kB
  13. php-xml-5.3.3-22.AXS4.i686.rpm
    MD5: 7b8e4bb3038304a764752c8f1ef0792e
    SHA-256: 950c136868853a1732330e62db801d21b26ec89693024c8d47212e636e3bf912
    Size: 100.14 kB
  14. php-xmlrpc-5.3.3-22.AXS4.i686.rpm
    MD5: 87898c92f597ec3cf9b8ad4ddd8e16db
    SHA-256: dd634c638278eec56b69467279027b3332179f2e837793326e7e67a71583d1b0
    Size: 52.17 kB

Asianux Server 4 for x86_64
  1. php-5.3.3-22.AXS4.x86_64.rpm
    MD5: 2aa62ba5e4b8fd2f44b80aca1295b4bc
    SHA-256: d61cd833d792ed4e50bf3c69d6563be6559b34cabb61044d47bf84e593d44848
    Size: 1.12 MB
  2. php-bcmath-5.3.3-22.AXS4.x86_64.rpm
    MD5: 318e7bde46c94073cf719a47c618c368
    SHA-256: 5c8bf650371152b29e5d4c35aee96010c2e7c4631da9cdef15353067f372d309
    Size: 33.17 kB
  3. php-cli-5.3.3-22.AXS4.x86_64.rpm
    MD5: 02aae612504c0d3d6c862f618a72ed96
    SHA-256: 48fc6384d7240f4a5366893bd47b4278bafd646165282265ceadb668ccbfb10e
    Size: 2.17 MB
  4. php-common-5.3.3-22.AXS4.x86_64.rpm
    MD5: dc2b5d90a196334ab7c28337d8bd3baa
    SHA-256: 56d9a425b7b200c4986c67b4f525bcaefc70d8b6e4717d302672edfdd2f0d26b
    Size: 522.99 kB
  5. php-gd-5.3.3-22.AXS4.x86_64.rpm
    MD5: d0144da3f5b734e01705e41ecd1087cd
    SHA-256: c1e277294097990cc9497b1b9fcddc7260a88dd512f6a049003e139e6b04c4c4
    Size: 104.71 kB
  6. php-ldap-5.3.3-22.AXS4.x86_64.rpm
    MD5: af171f89686bba80d35d63a0e102ae7b
    SHA-256: 23d9f79c2f386b83a5277ab210533e78bdd882cbc67ceb99d5ae68fe9e284f76
    Size: 36.80 kB
  7. php-mbstring-5.3.3-22.AXS4.x86_64.rpm
    MD5: 5bcbeb1ec682cdfc636a5d8f0bb0153c
    SHA-256: 92c2211964e6511759818098a0c589aa7b7b0c51b16b96a90ed1fbd1474e62e4
    Size: 453.74 kB
  8. php-mysql-5.3.3-22.AXS4.x86_64.rpm
    MD5: 26cb0506046778f02924601c69338c6a
    SHA-256: 53cb5dd77a058f9b5849be795204bb0649fdddc9c2542c959c13931ed968930f
    Size: 79.74 kB
  9. php-odbc-5.3.3-22.AXS4.x86_64.rpm
    MD5: 098ba0518fe91e2e7ff606b6a51f19a5
    SHA-256: 0055c7e0cac9a71e7839f9a8d51695c0480e2c067d21e7ecfa5d9f2fa3a4bea3
    Size: 49.30 kB
  10. php-pdo-5.3.3-22.AXS4.x86_64.rpm
    MD5: e83e793f8e8caa6812afcfb62c60e68b
    SHA-256: 1385f5c938e719b26f2ac1bdbd5f1a2ecc102a5c62d1ecd4684be1c78fcd1b82
    Size: 73.73 kB
  11. php-pgsql-5.3.3-22.AXS4.x86_64.rpm
    MD5: ad14c322fb1e379cb8f0713ee95af0d1
    SHA-256: 56e3295e4f6b6fae357205859e6ab80d63ce9dc4d74531a9c2c424e81506f515
    Size: 68.75 kB
  12. php-soap-5.3.3-22.AXS4.x86_64.rpm
    MD5: cec4758d321ab86b38d429f17c34a2c7
    SHA-256: 5b5c3b39aade13b14727784c33218e812137f3e190aa4e3bbfbe721e0ef092bd
    Size: 138.61 kB
  13. php-xml-5.3.3-22.AXS4.x86_64.rpm
    MD5: 05fd5b852997a4f2210d4cf36450df47
    SHA-256: c72d58d00eb4ac27cbf6076a147fbec64de9ddc49f14052253f1bfffe7497d80
    Size: 101.75 kB
  14. php-xmlrpc-5.3.3-22.AXS4.x86_64.rpm
    MD5: ee29a547f6bc09999d192a4f23fcbcee
    SHA-256: c6c08267505a1ebd74881b88f8016e0dd147bc83bc57908018e7507d075c1ded
    Size: 51.06 kB