Gentoo Archives: gentoo-announce

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] UPDATE: [ GLSA 200605-08 ] PHP: Multiple vulnerabilities
Date: Sun, 30 Jul 2006 19:56:54
Message-Id: 200607302139.29626.jaervosz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory [UPDATE] GLSA 200605-08:02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: PHP: Multiple vulnerabilities
9 Date: May 08, 2006
10 Updated: July 24, 2006
11 Bugs: #127939, #128883, #131135, #133524
12 ID: 200605-08:02
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Update
17 ======
18
19 The initial fix did not properly fix the CVE-2006-1990 issue on 64 bit
20 systems.
21
22 The updated sections appear below.
23
24 Affected packages
25 =================
26
27 -------------------------------------------------------------------
28 Package / Vulnerable / Unaffected
29 -------------------------------------------------------------------
30 1 dev-lang/php < 5.1.4 >= 5.1.4
31 *>= 4.4.2-r2
32 2 dev-lang/php < 5.1.4-r4 >= 5.1.4-r4
33 *>= 4.4.2-r6
34 -------------------------------------------------------------------
35 # Package 1 only applies to ARM, HPPA, PPC, S390, SH, SPARC, x86
36 and x86-FBSD users.
37 # Package 2 only applies to ALPHA, AMD64, IA64 and PPC64 users.
38 -------------------------------------------------------------------
39 2 affected packages; please see the notes above...
40 -------------------------------------------------------------------
41
42 Resolution
43 ==========
44
45 All PHP users should upgrade to the latest version:
46
47 # emerge --sync
48 # emerge --ask --oneshot --verbose dev-lang/php
49
50 Availability
51 ============
52
53 This GLSA and any updates to it are available for viewing at
54 the Gentoo Security Website:
55
56 http://security.gentoo.org/glsa/glsa-200605-08.xml
57
58 Concerns?
59 =========
60
61 Security is a primary focus of Gentoo Linux and ensuring the
62 confidentiality and security of our users machines is of utmost
63 importance to us. Any security concerns should be addressed to
64 security@g.o or alternatively, you may file a bug at
65 http://bugs.gentoo.org.
66
67 License
68 =======
69
70 Copyright 2006 Gentoo Foundation, Inc; referenced text
71 belongs to its owner(s).
72
73 The contents of this document are licensed under the
74 Creative Commons - Attribution / Share Alike license.
75
76 http://creativecommons.org/licenses/by-sa/2.5