php-5.3.3-3.AXS4.6
エラータID: AXSA:2012-101:02
リリース日:
2012/02/08 Wednesday - 12:25
題名:
php-5.3.3-3.AXS4.6
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHP の php_variables.c の php_register_variable_ex 関数には,大量の変数を含むリクエストによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。なお,この脆弱性は CVE-2011-4885 の誤った修正によるものです。(CVE-2012-0830)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.3.3-3.AXS4.6.src.rpm
MD5: e57b9b381780c144788dfb492787203d
SHA-256: c54c04fde823c47c46515ef986b8fe3cd3de1ebbc6444c98c217e52f4f1fa658
Size: 10.23 MB
Asianux Server 4 for x86
- php-5.3.3-3.AXS4.6.i686.rpm
MD5: d67ffaa999c912b3e3d7641e99ac0f90
SHA-256: d1e2a90d2cd8ce9c6b191de147f764a3f25159a0e20c3f733421799d010d179e
Size: 1.11 MB - php-cli-5.3.3-3.AXS4.6.i686.rpm
MD5: b22b16ccbb6da97c9ed6ecee8f52fee5
SHA-256: 0589f7159219d5990ec7dc1cc9cf459399f5d6bb47af59d02005c74ab432bcd1
Size: 2.22 MB - php-common-5.3.3-3.AXS4.6.i686.rpm
MD5: 21e131bdcec22cf7d565fbd345d0757c
SHA-256: 25217d3757d3f653cc42a70d0ba1ea61e0433d03e933b26861e6a488ab0bca58
Size: 522.20 kB - php-gd-5.3.3-3.AXS4.6.i686.rpm
MD5: 39eaa1c66501eed3f4133da9a6605901
SHA-256: 99f04426ffd39608d1fb91d0fc73871e88f238d40378135c920432b97616ae48
Size: 101.63 kB - php-ldap-5.3.3-3.AXS4.6.i686.rpm
MD5: 54d1c833502ff5f626ec16b2ff330407
SHA-256: e080f38f245ecaa36312e3d9682fe045407e56947fc456c77bd3aef9c7507c9b
Size: 34.57 kB - php-mbstring-5.3.3-3.AXS4.6.i686.rpm
MD5: 7976132a55c80a8f21af18a47b73bcfa
SHA-256: 4f21fc3a693fa44486c632959ecc757a671a93f7665268cafd84f2c7e9e43d08
Size: 451.93 kB - php-mysql-5.3.3-3.AXS4.6.i686.rpm
MD5: 240368857f6d4a360f69fa907fca20fb
SHA-256: fc891a885d3dc76fce8ea38348dea9b9abb903b393c95c14e4f629db9b8fd655
Size: 75.67 kB - php-odbc-5.3.3-3.AXS4.6.i686.rpm
MD5: b75486cb1492bd19f301a19cb27bff66
SHA-256: 8fe43f0f764ee38220eeac101470f3722240a7d18ada6f29f49eb25d27c9455d
Size: 47.10 kB - php-pdo-5.3.3-3.AXS4.6.i686.rpm
MD5: 211d3253960d16ed61a81ac09e1f6cf4
SHA-256: f9250d6ecd5bf94070dbf5bda3f123428cfd16f9a17d8a929e1e643bac6c8ed4
Size: 71.24 kB - php-pgsql-5.3.3-3.AXS4.6.i686.rpm
MD5: 4115f70fc5e3c414b1895cae52bf8adf
SHA-256: 12451c5cb8f0864ae449295f5fd75033fecdd05303d135054fe9486a91ffad6a
Size: 66.12 kB - php-soap-5.3.3-3.AXS4.6.i686.rpm
MD5: 97c7bf894d095d0b88892560824b21f9
SHA-256: 948424f0f2ea5be0f617cff1e9f78dad7ea003aa345edc94a7bcc2fc22adaddb
Size: 138.20 kB - php-xml-5.3.3-3.AXS4.6.i686.rpm
MD5: ace1b1fcf5062ad5cc3be599256ef8bd
SHA-256: a804a71f3d661bc3eb98879fbd191d1539a92e9194dcf715918153eb24b1d7ef
Size: 97.64 kB - php-xmlrpc-5.3.3-3.AXS4.6.i686.rpm
MD5: 6a9aa5eefcae7ac42a8559b8855b7e18
SHA-256: be62139380f8de44588b0f10279bf6c6570d97a75124d3fd496ea71bfc4a697a
Size: 50.29 kB
Asianux Server 4 for x86_64
- php-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 67751ff863cce3be181a140400622990
SHA-256: c2e960ce42228b20c757a4fbff078fe164746114637bc762af15f588a9eece53
Size: 1.12 MB - php-cli-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 6a3bf656b894b37fd376ed9ab1edd5df
SHA-256: cc41f0158e6739ba97a09f3f2d09ed56841cee467ce2ff53a3900c50786968b6
Size: 2.17 MB - php-common-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 22bd7a188687e987b9c5a4182f8d6b8d
SHA-256: f972a3be67e3650bbf9833f19ffc008f34e6000610362bd92f8aaa713fd4992e
Size: 520.99 kB - php-gd-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 61945480b1ad6fc150e6ca97fdfe6f84
SHA-256: bf86115c81e5a54e53edef9c2b82e40de7f6989863b6b48d53ef05b9c99099e2
Size: 102.71 kB - php-ldap-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 114f4ccd603efb9c44cf9995d8455863
SHA-256: 5023e24f5e21442e5d9268c35f701c9f7442a9d506ea8b3b8043437175311273
Size: 34.93 kB - php-mbstring-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 114b061f969c0b49df1749c1a69c3ac4
SHA-256: b7310e5c3d58cac91f38063f2f33eb6fe7caaf27254aa2ed33bb49fb1590ab79
Size: 451.86 kB - php-mysql-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 5d0e60ce436eb5c24e72c2a3c778e480
SHA-256: 8995020852761595a78cc85fc01bf086f919601f7b49a90a8d2ffeeb1f1f604d
Size: 77.84 kB - php-odbc-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 936b63f17938d4dc6660a8f45090799a
SHA-256: 3b012c9247422ecb5f9a893e10fa361182e38aa43992b4c07b1af17e8954f87f
Size: 47.39 kB - php-pdo-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 8dfe8460b43d3e31955766176e3b51a5
SHA-256: 6a21320f8e3c056ac4474dd4aaff9bd8ba80ca3750095a95f9ac22b8e67d5e8e
Size: 71.85 kB - php-pgsql-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 436d687279ca1753658285f9e4da312f
SHA-256: 608d1b4383b1349f0fe87f8353721ddf1ff01dd5e10e2b887979330afd12f4bb
Size: 66.86 kB - php-soap-5.3.3-3.AXS4.6.x86_64.rpm
MD5: fc42d1e9ae0caaaac682b5b2559f6215
SHA-256: a87c9197317ddf4048e634333ed2e146b51e8d16319485c85e303a188e05d470
Size: 136.73 kB - php-xml-5.3.3-3.AXS4.6.x86_64.rpm
MD5: 6ac890d7b456385cad80c4389c064b68
SHA-256: 30a3694c5715548da4bb31545b966a63b3d3d9559357ed256648edab64f6f1aa
Size: 99.15 kB - php-xmlrpc-5.3.3-3.AXS4.6.x86_64.rpm
MD5: b51c3150d58db9d93125d3d832027d31
SHA-256: 8246e505e87cfe14918e422d2aabcb4aec735acd1547fca8f0fa26beb38ea452
Size: 49.18 kB