Jump to content
Compatible Support Forums
Sign in to follow this  
news

[slackware-security] php (SSA:2013-197-01)

Recommended Posts

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

[slackware-security] php (SSA:2013-197-01)

 

New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37,

14.0, and -current to fix a security issue.

 

 

Here are the details from the Slackware 14.0 ChangeLog:

+--------------------------+

patches/packages/php-5.4.17-i486-1_slack14.0.txz: Upgraded.

This update fixes an issue where XML in PHP does not properly consider

parsing depth, which allows remote attackers to cause a denial of service

(heap memory corruption) or possibly have unspecified other impact via a

crafted document that is processed by the xml_parse_into_struct function.

For more information, see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4113

(* Security fix *)

+--------------------------+

 

 

Where to find the new packages:

+-----------------------------+

 

Thanks to the friendly folks at the OSU Open Source Lab

(http://osuosl.org) for donating FTP and rsync hosting

to the Slackware project! :-)

 

Also see the "Get Slack" section on http://slackware.com for

additional mirror sites near you.

 

Updated package for Slackware 12.1:

ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/php-5.3.27-i486-1_slack12.1.tgz

 

Updated package for Slackware 12.2:

ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/php-5.3.27-i486-1_slack12.2.tgz

 

Updated package for Slackware 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/php-5.3.27-i486-1_slack13.0.txz

 

Updated package for Slackware x86_64 13.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/php-5.3.27-x86_64-1_slack13.0.txz

 

Updated package for Slackware 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/php-5.3.27-i486-1_slack13.1.txz

 

Updated package for Slackware x86_64 13.1:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/php-5.3.27-x86_64-1_slack13.1.txz

 

Updated package for Slackware 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/php-5.3.27-i486-1_slack13.37.txz

 

Updated package for Slackware x86_64 13.37:

ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/php-5.3.27-x86_64-1_slack13.37.txz

 

Updated package for Slackware 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.17-i486-1_slack14.0.txz

 

Updated package for Slackware x86_64 14.0:

ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.17-x86_64-1_slack14.0.txz

 

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.4.17-i486-1.txz

 

Updated package for Slackware x86_64 -current:

ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.4.17-x86_64-1.txz

 

 

MD5 signatures:

+-------------+

 

Slackware 12.1 package:

085d55c6b01cc65cfbf28e3bc4859886 php-5.3.27-i486-1_slack12.1.tgz

 

Slackware 12.2 package:

a39f1e4919283763ea7f96ab76d97e74 php-5.3.27-i486-1_slack12.2.tgz

 

Slackware 13.0 package:

526f7e5fbc91eb9c77846a7665ff7952 php-5.3.27-i486-1_slack13.0.txz

 

Slackware x86_64 13.0 package:

9c9f30b0faefd03b1f4e5a5ee1cf0c98 php-5.3.27-x86_64-1_slack13.0.txz

 

Slackware 13.1 package:

4410fafd158d51e135a063a23a4eb7a9 php-5.3.27-i486-1_slack13.1.txz

 

Slackware x86_64 13.1 package:

8b76077d090702bb4acbde69d22e30ce php-5.3.27-x86_64-1_slack13.1.txz

 

Slackware 13.37 package:

aa950c3641ae93a80c3a555176c222be php-5.3.27-i486-1_slack13.37.txz

 

Slackware x86_64 13.37 package:

6959e80fbc2332e73962dbcfbc6d11b0 php-5.3.27-x86_64-1_slack13.37.txz

 

Slackware 14.0 package:

e08e5d2c7a0911e65d13acbd03c10136 php-5.4.17-i486-1_slack14.0.txz

 

Slackware x86_64 14.0 package:

1270cada2c7bfc4af7743f489683d8c8 php-5.4.17-x86_64-1_slack14.0.txz

 

Slackware -current package:

fa8047a34a388ecfc2ffecae9c700a90 n/php-5.4.17-i486-1.txz

 

Slackware x86_64 -current package:

9439336bfb58b642306ed3c2246e3dae n/php-5.4.17-x86_64-1.txz

 

 

Installation instructions:

+------------------------+

 

Upgrade the package as root:

# upgradepkg php-5.4.17-i486-1_slack14.0.txz

 

Then, restart Apache httpd:

# /etc/rc.d/rc.httpd stop

# /etc/rc.d/rc.httpd start

 

 

+-----+

 

Slackware Linux Security Team

http://slackware.com/gpg-key

security ( -at -) slackware.com

 

+------------------------------------------------------------------------+

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×