php-5.3.3-3.AXS4.8
エラータID: AXSA:2012-547:03
リリース日:
2012/05/15 Tuesday - 18:37
題名:
php-5.3.3-3.AXS4.8
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHP の sapi/cgi/cgi_main.c は CGI スクリプトとして設定されている場合,= (イコール記号) のないクエリの文字列を適切に処理できず,クエリ文字列にコマンドラインオプションを置くことで,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2012-1823)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.3.3-3.AXS4.8.src.rpm
MD5: a0e23607be35d3c482ef5f6e4b864dd1
SHA-256: 288074147f4ac63f712f92e70d7b19511d98981059204bd5844571641230a207
Size: 10.23 MB
Asianux Server 4 for x86
- php-5.3.3-3.AXS4.8.i686.rpm
MD5: 1c81b75216d5a359969d3ab0fc89d2b5
SHA-256: 5949698392a712479dbacb409db0e3aea8df748ee9a78bcf99f7549f3325224b
Size: 1.11 MB - php-cli-5.3.3-3.AXS4.8.i686.rpm
MD5: 67b5a25f3eeed8e5ace99e7ce4209964
SHA-256: 76cf31f5a8d939cc97effa1a077003b24731da27848a0ba19dae184f6fe3c898
Size: 2.22 MB - php-common-5.3.3-3.AXS4.8.i686.rpm
MD5: cc3b1bf9c447b8f15caa09793b0e3eed
SHA-256: 3b5cd598b8447133bc0691c06df8105ea7d5d979f2ca5e63a03908f9050e89a8
Size: 522.40 kB - php-gd-5.3.3-3.AXS4.8.i686.rpm
MD5: 95d397694a6f39552df3f80f4f995da2
SHA-256: 5aec257fd8dc22d71af96714700ff36fbc8471b8a58543d67f7883ec8b5f0024
Size: 101.82 kB - php-ldap-5.3.3-3.AXS4.8.i686.rpm
MD5: c7336b69888b8a1443bf35c781743a1e
SHA-256: 2b5901b7e5f5f8f587e976a463499dbc94845a1f602fc7e7fb8785ebdb803b67
Size: 34.75 kB - php-mysql-5.3.3-3.AXS4.8.i686.rpm
MD5: a2f06d9fa809c26ee9fa53e40e6e92f9
SHA-256: 3c6da807960167d5117e9207d8405f2554a2156163b57de5f1c21424a90efb04
Size: 75.86 kB - php-odbc-5.3.3-3.AXS4.8.i686.rpm
MD5: 919e40391c68595432f6ef2f87b5f14b
SHA-256: 537891c2e4b67aba57f7b903903b1daba7b184ad18956b94c494d74d7de8ea06
Size: 47.28 kB - php-pdo-5.3.3-3.AXS4.8.i686.rpm
MD5: 800153c1ae5ba3998e7963aebedbf015
SHA-256: c7f9134ce28fa4ca3e04423cd40acd1d2431c76296890952396bbc97750af225
Size: 71.42 kB - php-pgsql-5.3.3-3.AXS4.8.i686.rpm
MD5: 9a4c14062229eff9bcfddf6bfd08b5e9
SHA-256: 2ced43156198174f40021f2ba81d9fd65b7d05e771dfebb9d412e26f40e11eac
Size: 66.41 kB - php-soap-5.3.3-3.AXS4.8.i686.rpm
MD5: 9dfdc327b63c73b9c83beac22c7ed494
SHA-256: e1e07548bedc9def54b9ce32310c752cd74639fe4b42a396069b570d9e887026
Size: 138.39 kB - php-xml-5.3.3-3.AXS4.8.i686.rpm
MD5: 0df0e6f0b39a1bb2673cbf991872755f
SHA-256: 415d2edc118db702f2e44355f116c86a6b1b238f42c0a454bfb4b3766e54d6f7
Size: 97.82 kB - php-xmlrpc-5.3.3-3.AXS4.8.i686.rpm
MD5: 127df1a286ee24d39bd6cf44d39c4e43
SHA-256: f763bdf8362b8efe44c2f6270fc3c86566a313a2b29f5f50633a78ad005ae068
Size: 50.48 kB
Asianux Server 4 for x86_64
- php-5.3.3-3.AXS4.8.x86_64.rpm
MD5: fa5a50a05f1c16c64421d37fd0c0fcd5
SHA-256: 32fa0130b711da6d44879557175b4347f80facf3828934db2f558cb308cc8423
Size: 1.12 MB - php-cli-5.3.3-3.AXS4.8.x86_64.rpm
MD5: dbc849ce1cd67b8d09f3cde5e35a25a5
SHA-256: 4fee3fcb9e480b78acbfbaa48d85691833dc2682c85afb16d0c883879c0cfb9a
Size: 2.17 MB - php-common-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 8116e81ad65f87f7c521f7e40a3a0b26
SHA-256: 620770434d65dd9a3cb389aee2497b4926a5f73a1f9328ab64325c89fc34d794
Size: 521.16 kB - php-gd-5.3.3-3.AXS4.8.x86_64.rpm
MD5: abebcb0aabddc9b47babf2183c3a706e
SHA-256: 361139de05d459d1fb73eeb157034ac8d50a1b284d559f9f4ae42c5fbd717848
Size: 102.90 kB - php-ldap-5.3.3-3.AXS4.8.x86_64.rpm
MD5: ee0a1904ed7e102952cba4d0e58b481a
SHA-256: ec22d4b643e68f6cb690a004556c80a8ccf64704d387c768ba740e1f9a889fc5
Size: 35.11 kB - php-mysql-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 1968755b226dbcfc3bc760f7e08dd1f3
SHA-256: 3586af784c197f0214e20503a8666ec919d965062e33c977c07ada45fd305979
Size: 78.04 kB - php-odbc-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 100e43e2217c8bed72cac149364d8340
SHA-256: a76695f9a219bd44de801526992481f58fb38af7ce1c8c5570f0a53c75c5a49d
Size: 47.59 kB - php-pdo-5.3.3-3.AXS4.8.x86_64.rpm
MD5: e5d108a99f886b49d6ed1e4d8bf55359
SHA-256: e2854d21c394bf6819f8ed8a45fc8bc86670375a899b0ebd3ee6f2b14ce85fc4
Size: 72.03 kB - php-pgsql-5.3.3-3.AXS4.8.x86_64.rpm
MD5: db9cc5a60adcb20c4d0f5280a3b2dca1
SHA-256: f0538ecc4802eac97669051caca81f3a0910508e7e6a195dc19a0e17fc17f38e
Size: 67.05 kB - php-soap-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 008c9c7c43b0264c5c5854a9e1e0c74a
SHA-256: 7b675b18c95a8b449625e7cad152cfc9f5089c56adce0e6e713198f968d4c030
Size: 136.91 kB - php-xml-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 5417ff89d42b1ba80564240166c5608b
SHA-256: b4a3434347356e0470ea5af61cfd6bec68317bb7f9c81e0a3ce7ff159037ced5
Size: 99.34 kB - php-xmlrpc-5.3.3-3.AXS4.8.x86_64.rpm
MD5: 0d0c7b944309054989ecb1d5f12df61f
SHA-256: f232ba318ea42fd94679d873348cfab5af83cfdccb21612341f9f4dd22dd931f
Size: 49.36 kB