php-5.3.3-27.AXS4
エラータID: AXSA:2014-029:01
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module which adds support for the PHP language to Apache HTTP Server.
Security issues fixed with this release:
• CVE-2006-7243
PHP before 5.3.4 accepts the character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php.jpg at the end of the argument to the file_exists function.
• CVE-2013-1643
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
• CVE-2013-4248
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Fixed bugs:
• Previously, a virtual host on the Apache server could crash if the allow_call_time_pass_reference setting was disabled. This has been fixed.
• Previously, the fclose(), file_put_contents(), or copy() functions did not report their error, leading to potential dataloss. This has been fixed and they now report any error
• Previously, a buffer overflow occurred when some calls exceeded the 5 characters limit of the internal buffer for the SQLSTATE error code. This has been fixed and messages longer than 5 characters are replaced with the default "HY000" string.
Enhancement:
• Added the following rpm macros to the php package: %__php, %php_inidir, %php_incldir.
Update packages.
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-1824.
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
N/A
SRPMS
- php-5.3.3-27.AXS4.src.rpm
MD5: 3ce90a4b2aebf551656868cb53ff662b
SHA-256: 1c99a3546ac5bbdcaaa8bcea8a4ee60819d1e57a5c507f9ee5383be4915beb3e
Size: 10.36 MB
Asianux Server 4 for x86
- php-5.3.3-27.AXS4.i686.rpm
MD5: c864d46109f58257d4138ecb32a835e6
SHA-256: 84ac2d407989aaf637351dc047bb916cc09c07a44c23991fb429d503ef50bbff
Size: 1.12 MB - php-bcmath-5.3.3-27.AXS4.i686.rpm
MD5: 82e1b6f4caedaa293f873bbb9d4d5bc1
SHA-256: 46bc7cbe94333af3c400182755e1dba27500ad491653b51478a983abafb40e54
Size: 34.20 kB - php-cli-5.3.3-27.AXS4.i686.rpm
MD5: eb18ccbbc0a9a30a18101ffdb4ce3f4b
SHA-256: 770e4ad3f98d907380f6a0949ee8190ef2b72d814e8b6b495cd38f1df217ff4f
Size: 2.22 MB - php-common-5.3.3-27.AXS4.i686.rpm
MD5: cd015321345bff45d1d13d567eef62aa
SHA-256: cc98f882e0cb96afe9690586ba47edd3a6bbb3f5350c13d77d9ee7123cd4e09a
Size: 525.23 kB - php-gd-5.3.3-27.AXS4.i686.rpm
MD5: 390c4e0fefcdf18511814e28a2b7e579
SHA-256: 6a8cbb4c55bc38ba64cdd2a3982f6b17aee0ed0ffd123f698f477689fe51db5b
Size: 104.43 kB - php-ldap-5.3.3-27.AXS4.i686.rpm
MD5: 3f15edb6bf8399f69f583fbdbaa7f2fa
SHA-256: 909311f4299d12d6ce022d053cc5b8b5f0d495a7e840dedbbac642f89041c879
Size: 37.22 kB - php-mbstring-5.3.3-27.AXS4.i686.rpm
MD5: 131c4088616c747828131b98ab7bb18a
SHA-256: e331c687dbde75573cce00ad969cc771dfd69d5566c2b0477fd230a27f51bc42
Size: 454.90 kB - php-mysql-5.3.3-27.AXS4.i686.rpm
MD5: be4a272308c3a4cb6a6e98ea63901f8f
SHA-256: 056bdfbb1a1d4b7ee5102f762d0bc247e275bbcb27180d0ac2e895f19bbd12de
Size: 78.51 kB - php-odbc-5.3.3-27.AXS4.i686.rpm
MD5: 1269a54ec7afd274f477d36da7999f22
SHA-256: bc4e4bb3cddf8b5bf09569d1b2a542d8127169f07883a2655fbb569d9357b0f0
Size: 49.83 kB - php-pdo-5.3.3-27.AXS4.i686.rpm
MD5: 5f1e6ed0a5869c6036dc809e9937fec5
SHA-256: c5e62137d9b027808894023773570b06bed9760eff2923a8454a9ccfdc0c1fd8
Size: 73.80 kB - php-pgsql-5.3.3-27.AXS4.i686.rpm
MD5: 05c68817ec0972f4dcef0c29467d6068
SHA-256: ba1c6b67858102c1561f3f064f77014494c7895bd490042b7c767798213a837f
Size: 68.83 kB - php-soap-5.3.3-27.AXS4.i686.rpm
MD5: 64dab8d3be303fcae048f7d7ac8682ef
SHA-256: 84ea3e010899b83c3722990fbf2dc5a7149ef6f13a0bfc677c038f97333eac76
Size: 141.02 kB - php-xml-5.3.3-27.AXS4.i686.rpm
MD5: e24df3db332150b000b4a01672b12bea
SHA-256: cc85e9a042ab12944e98909505ebfb64f3d07bb36432a5f7d00ac12e852a1908
Size: 100.95 kB - php-xmlrpc-5.3.3-27.AXS4.i686.rpm
MD5: 2eb8334086ecb13af3fc55370ec98f5b
SHA-256: 7d9f3dcb973ee8e1862f1e2778537262d8e3cb62abddc68f5eec04b22472ce07
Size: 52.94 kB
Asianux Server 4 for x86_64
- php-5.3.3-27.AXS4.x86_64.rpm
MD5: 72a999f30b4f41694b329a662a392199
SHA-256: 844a2cd33464721d8601feb99fcaf692d7ecd9ec067b793de772dafe8e66ad1b
Size: 1.13 MB - php-bcmath-5.3.3-27.AXS4.x86_64.rpm
MD5: 850f78f8aa7b1b0d3eca21f5039117a9
SHA-256: 8ce22b8c7be14a5583e9e3e34d74d32c971ad2498bf3e814ba1dc3dc12c9f250
Size: 34.01 kB - php-cli-5.3.3-27.AXS4.x86_64.rpm
MD5: 3b17d7b9c20ad20c5777e2bd80b26bcb
SHA-256: 49431b355eb9951ca582bbeca23abf025a500947aa36cffea7d84dd985b83bdd
Size: 2.19 MB - php-common-5.3.3-27.AXS4.x86_64.rpm
MD5: 8eb4cd838cc397ffa249b770f6ac0b23
SHA-256: 65c823880074f9956c0ac5f1d45788976257d95360c011f9980ee9b7034fee4f
Size: 524.38 kB - php-gd-5.3.3-27.AXS4.x86_64.rpm
MD5: 71aef89f2b508ad861e58c375b0c8109
SHA-256: 43ac00d2fd9b8254eabb2cb337870ce93cb23f093aa86b95c1a8113e11b8d56e
Size: 105.94 kB - php-ldap-5.3.3-27.AXS4.x86_64.rpm
MD5: e7f879f8ab0a9ee5a3ca9f8fa87b1f65
SHA-256: 9ba11a7788ccc509b305d08a8c4e083dcacb87d9aa8c667ff2eba8462f0539e2
Size: 37.61 kB - php-mbstring-5.3.3-27.AXS4.x86_64.rpm
MD5: 1fc7607eb44170784c19d78c8792ac19
SHA-256: bbb419e00d3e3dd492b4b5bf55f80d9818813b2b5da351d55a2ca8203238c77f
Size: 455.01 kB - php-mysql-5.3.3-27.AXS4.x86_64.rpm
MD5: c11ef61a625d91f186a480090ee3c877
SHA-256: dc6617fc456a241ed0d29d0255ff0f033668385cdd0b8b6450b8244ca66cfe3b
Size: 80.76 kB - php-odbc-5.3.3-27.AXS4.x86_64.rpm
MD5: 9bd0498ff2324eb66475126f83d160d3
SHA-256: 8bbeece824b403e076e2f9ce6ac4b80567a76f95413326b678cbeba0729e24ca
Size: 50.19 kB - php-pdo-5.3.3-27.AXS4.x86_64.rpm
MD5: c3c3825ccfbe99c24e8e10c193a8eedc
SHA-256: c5e5e11a69a04549a499b6cb60b8b8eef43feb7ce2c096260191c1261a418ee5
Size: 74.72 kB - php-pgsql-5.3.3-27.AXS4.x86_64.rpm
MD5: 732e5831a8d22029577877bce5257a7f
SHA-256: 59d896843d130662c3d2a5add5d5b2ae9ffae6901c1c46be1183acd0aed21d71
Size: 69.64 kB - php-soap-5.3.3-27.AXS4.x86_64.rpm
MD5: 2ef39e391ed2fc97b61e5d49cf75b193
SHA-256: f82ed0868464287e2aae96e21b960fb1ff23ad2c1ef6a0db3e34e9fc934fa25a
Size: 139.73 kB - php-xml-5.3.3-27.AXS4.x86_64.rpm
MD5: 912a1671ab1e6979aba216e651746dfe
SHA-256: 4c0ba02fb73164aa7edd76b414c76c1516d880bc6ecd5be096d68f4fd73b56b7
Size: 102.99 kB - php-xmlrpc-5.3.3-27.AXS4.x86_64.rpm
MD5: a4f5841e2a26eaa9e5775c0f5cde7421
SHA-256: 40a25c89e588e772a2615cf2ef250fd5a411f93a447aa3c27b4c434ecacc93f0
Size: 52.04 kB
日本語