[sflack-security] php (SFSA:2007-053-01)
In according to slackware-security a new php packages are available
for Sflack 11.0 to improve the stability and security of PHP.
Quite a few bugs were fixed -- please see http://www.php.net for a
detailed list. All sites that use PHP are encouraged to upgrade.
Please note that we haven't tested all PHP applications for backwards
compatibility with this new upgrade, so you should have the old package
on hand just in case.
Some of these issues have been assigned CVE numbers and may be referenced
in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
2007-03-01 patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz:
* Upgraded to php-5.2.1 which improves stability and security.
For imformation about some of the security fixes, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Updated packages for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.1-x86_64-1_sflack11.0.tgz
MD5 signatures:
+-------------+
Sflack 11.0 packages:
0ad5c808ce1a90e8d8d5d391f0d2bfd0 php-5.2.1-x86_64-1_sflack11.0.tgz
Installation instructions:
+------------------------+
First, stop apache:
# apachectl stop
Next, upgrade to the new PHP package:
# upgradepkg php-5.2.1-x86_64-1_sflack11.0.tgz
Finally, restart apache:
# apachectl start (or: apachectl startssl)
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
Correlati