Re: Did I miss a PHP update for FC4?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2005-12-03 at 00:46 -0600, Gilbert Sebenste wrote:
> A few weeks ago some major security holes were announced in regards to the 
> PHP packages. Was there an update I missed? I see the current version on a 
> system I am running it on is php-5.0.4-10.5.
I'm not sure exactly if these are the security issues you refer to, but
the RPM's changelog for php-5.0.4-10.5 says:

* Fri Nov 04 2005 Joe Orton <[email protected]> 5.0.4-10.5
- add security fixes from upstream:
 * XSS issues in phpinfo() (CVE-2005-3388, #172212)
 * GLOBALS handling (CVE-2005-3390, #172207)
 * parse_str() enabling register_globals (CVE-2005-3389, #172209)
 * exif: infinite recursion on corrupt JPEG (CVE-2005-3353)
- add unserializer fix for x86_64 (upstream #34435)

-- 
Peter Gordon (codergeek42)
GnuPG Public Key: 0xDA3634D7

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux