[sflack-security] php (SFSA:2007-152-01)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[sflack-security] php (SFSA:2007-152-01)

New php packages are available for Sflack 11.0, and -current to
fix security issues.

More details about the issues affecting Sflack's PHP may be found in
the Common Vulnerabilities and Exposures (CVE) database:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872

One CVE-issued vulnerability (CVE-2007-1887) does not affect Sflack as
we do not ship an unbundled sqlite2 library.


Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/php-5.2.3-x86_64-1_sflack11.0.tgz:
Upgraded to php-5.2.3.
Here's some basic information about the release from php.net:
"This release continues to improve the security and the stability of the
5.X branch as well as addressing two regressions introduced by the
previous 5.2 releases. These regressions relate to the timeout handling
over non-blocking SSL connections and the lack of HTTP_RAW_POST_DATA in
certain conditions. All users are encouraged to upgrade to this release."
For more complete information, see:
http://www.php.net/releases/5_2_3.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
(* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.

Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/php-5.2.3-x86_64-1_sflack11.0.tgz

Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/n/php-5.2.3-x86_64-1.tgz


MD5 signatures:
+-------------+

Sflack 11.0 package:
f10ce6b7c0aab99dd2a1fb07dc97d6b9 php-5.2.3-x86_64-1_slack11.0.tgz

Sflack -current package:
725ab8a585540033d5299cfb042be2ea php-5.2.3-x86_64-1.tgz


Installation instructions:
+------------------------+

First, stop apache:
# apachectl stop

Next, upgrade to the new PHP package:
# upgradepkg php-5.2.3-x86_64-1_sflack11.0.tgz

Finally, restart apache:
# apachectl start (or: apachectl startssl)


+-----+

Sflack Linux Security Team
http://sflack.com/gpg-key
security at sflack.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGYs3cw79R6/xskD8RAmwoAJ44N8yma9b3pNN+G+tD88JhxapWjACg4U23
GwBGX52l82+2uFvc35WCT+4=
=GLEI
-----END PGP SIGNATURE-----