-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2012-14 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- アナウンス日 : 2012/07/02 最終更新日 : 2012/07/02 パッケージ名 : php タイトル : php に複数の弱点 概要 : PHP は、 HTML ファイル内に記述するタイプのスクリプト言語です。 php に複数の弱点が存在します。 影響 : 詳細は、関連文章を参照して下さい。 影響製品 : - Turbolinux Client 2008 - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server 対策方法 : 下記パッケージにアップデートを行って下さい。 [Turbolinux Client 2008 の場合] アップデートは、KDE デスクトップのパネルの通知アイコンをクリックし メニューから [アップデートの参照] を選択し行って下さい。 [Turbolinux 11 Server, Turbolinux 11 Server x64 Edition の場合] アップデートは、ディスクトップメニュー「パネルの左端のメニュー」をクリックし Turbo プラス を起動し行って下さい。 [Turbolinux Appliance Server の場合] アップデートは、 TLAS Server Desktop 上から行って下さい。 コンソールから実行する場合 ---------------------------------------- [Turbolinux 11 Server の場合] # turbo+ --cui もしくは、 # turbo+ -u php php-bcmath php-cli php-common php-dba php-embedded php-gd \ php-imap php-ldap php-mbstring php-mcrypt php-mhash php-mssql \ php-mysql php-ncurses php-odbc php-pdo php-pgsql php-snmp \ php-soap php-tidy php-xml ---------------------------------------- Source Packages Size: MD5 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-source/php-5.2.4-21.src.rpm 7713144 2b6d97f3a8ea737294dc194378f158db Binary Packages Size: MD5 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/php-5.2.4-21.i586.rpm 4080894 e1dbbf11dc519fb9a7479652e1296811 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/php-cli-5.2.4-21.i586.rpm 2653822 95fd1ce2360809dd839d51fd4a0d4c27 http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/php-common-5.2.4-21.i586.rpm 280442 1cdf9c6f12788a2b7e757df64c1777bc http://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Client/12/turbolinux-updates/php-devel-5.2.4-21.i586.rpm 552783 7c5aca34c54322c4e448aec739ea8b5d Source Packages Size: MD5 php-5.2.4-21.src.rpm 7729875 3f46d8386cdcbf85aaecae224e951d67 Binary Packages Size: MD5 php-5.2.4-21.x86_64.rpm 4175311 bf56a314132b7b2a0006633a785b97d5 php-bcmath-5.2.4-21.x86_64.rpm 47541 fa729b37f4d78fa0c3432e45e7f4d04d php-cli-5.2.4-21.x86_64.rpm 2638733 86723fc780b5567aad864340a0de6070 php-common-5.2.4-21.x86_64.rpm 285782 bac3c57c3eb4004b329b83385d7b0780 php-dba-5.2.4-21.x86_64.rpm 62195 93a13b470781f3036ea942c0910d1941 php-embedded-5.2.4-21.x86_64.rpm 1376167 ca4cc35ddeee995ce98cad78cd4326a0 php-gd-5.2.4-21.x86_64.rpm 215087 10a31346816c99df7cfc7050e10de8fc php-imap-5.2.4-21.x86_64.rpm 88558 cab82e3961460e6554ee4b73408940e9 php-ldap-5.2.4-21.x86_64.rpm 52338 56037976eb797512be74f0c7cb1dc199 php-mbstring-5.2.4-21.x86_64.rpm 2167493 b55c05cba4bb451215313e19ae624d29 php-mcrypt-5.2.4-21.x86_64.rpm 40098 e7206e8ad13ed9bf96e47fa27b14e2fe php-mhash-5.2.4-21.x86_64.rpm 21394 ac1c89df8ba9d9a831a93d1704ec3a77 php-mssql-5.2.4-21.x86_64.rpm 55736 d2753d8085c48062b87ffee1f3df9f36 php-mysql-5.2.4-21.x86_64.rpm 158437 dbcbf563923579098b2f82184a969ff9 php-ncurses-5.2.4-21.x86_64.rpm 61987 f202390e34c2b09be753d620fe416050 php-odbc-5.2.4-21.x86_64.rpm 86670 4968a05fafc14b2ec382f93ef0555e75 php-pdo-5.2.4-21.x86_64.rpm 113136 77997027c33534873ebe350b0459afb9 php-pgsql-5.2.4-21.x86_64.rpm 124139 23888dd0baf37a1bb580187b0f366a59 php-snmp-5.2.4-21.x86_64.rpm 32901 04858aa608f0f045111b6a62260b9dcc php-soap-5.2.4-21.x86_64.rpm 272026 f556a650b4d2b5b48b6646f40379a9e7 php-tidy-5.2.4-21.x86_64.rpm 47607 4fc2f2993ec07f3099c035c0eb06dc54 php-xml-5.2.4-21.x86_64.rpm 190665 4670f5eabe3002f1f32532a1f67dfc5d php-xmlrpc-5.2.4-21.x86_64.rpm 91315 7dbf5ae8cc4a28a0b82e1105e9cfb215 Source Packages Size: MD5 php-5.2.4-21.src.rpm 7729875 3f46d8386cdcbf85aaecae224e951d67 Binary Packages Size: MD5 php-5.2.4-21.i686.rpm 3841409 4dbfe7fe486483ef20682c7e540eb815 php-bcmath-5.2.4-21.i686.rpm 37124 5d1096fc41a2b7c4a2de465757bf546d php-cli-5.2.4-21.i686.rpm 2497388 9cb6e994eab0f969b51b71adcdd25490 php-common-5.2.4-21.i686.rpm 273438 4882c434dd28049c0fcab92670731cba php-dba-5.2.4-21.i686.rpm 57725 c4dd53f3d0ea864266f114cef8f189f5 php-embedded-5.2.4-21.i686.rpm 1266134 d7995905229b6091e311d2018cbce0b2 php-gd-5.2.4-21.i686.rpm 201574 2ec82835d0770052ddc9ae2de62819c9 php-imap-5.2.4-21.i686.rpm 81238 0056d27d881a153af8a0b04af75b2894 php-ldap-5.2.4-21.i686.rpm 48015 c4238c4a1dd6be71e19d5702758fba25 php-mbstring-5.2.4-21.i686.rpm 2124017 b96ccc3c2439b386ac2490e19efa03f6 php-mcrypt-5.2.4-21.i686.rpm 33528 0690139f2f233a9449ae4a59a1dee0c0 php-mhash-5.2.4-21.i686.rpm 20574 3b79e6df29707ec2424984dd4d6cd0be php-mssql-5.2.4-21.i686.rpm 52182 5e59b77affcd07fe40ff951dd9a71ed2 php-mysql-5.2.4-21.i686.rpm 141364 3dbcf8c9e2f26fb7275be7344979ba0c php-ncurses-5.2.4-21.i686.rpm 55634 3239197337a17ff87300129f4176f119 php-odbc-5.2.4-21.i686.rpm 78749 19e5327ca53d964b206f82914c244a74 php-pdo-5.2.4-21.i686.rpm 104840 4a96194690230e6947370274b38a1f15 php-pgsql-5.2.4-21.i686.rpm 112482 36839abf31e72e1f22a7cbab56524b43 php-snmp-5.2.4-21.i686.rpm 30400 efd274bb921f6977f3b3004fc3c0e5e0 php-soap-5.2.4-21.i686.rpm 267538 498cf0c572732c9f2520b95ac3e90c17 php-tidy-5.2.4-21.i686.rpm 44313 e6f3c1575c74f57c9acba601514160b1 php-xml-5.2.4-21.i686.rpm 166960 0825940f1a283ba1e73c8688e4d0fb3c php-xmlrpc-5.2.4-21.i686.rpm 84741 ba6f02cc56babd2a98e685b4e0c6ac9d Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/php-5.2.4-21.src.rpm 7729875 3f46d8386cdcbf85aaecae224e951d67 Binary Packages Size: MD5 php-5.2.4-21.x86_64.rpm 4175311 bf56a314132b7b2a0006633a785b97d5 php-bcmath-5.2.4-21.x86_64.rpm 47541 fa729b37f4d78fa0c3432e45e7f4d04d php-cli-5.2.4-21.x86_64.rpm 2638733 86723fc780b5567aad864340a0de6070 php-common-5.2.4-21.x86_64.rpm 285782 bac3c57c3eb4004b329b83385d7b0780 php-dba-5.2.4-21.x86_64.rpm 62195 93a13b470781f3036ea942c0910d1941 php-devel-5.2.4-21.x86_64.rpm 572378 634654f2eb3978a3cfeca567edc02422 php-embedded-5.2.4-21.x86_64.rpm 1376167 ca4cc35ddeee995ce98cad78cd4326a0 php-gd-5.2.4-21.x86_64.rpm 215087 10a31346816c99df7cfc7050e10de8fc php-imap-5.2.4-21.x86_64.rpm 88558 cab82e3961460e6554ee4b73408940e9 php-ldap-5.2.4-21.x86_64.rpm 52338 56037976eb797512be74f0c7cb1dc199 php-mbstring-5.2.4-21.x86_64.rpm 2167493 b55c05cba4bb451215313e19ae624d29 php-mcrypt-5.2.4-21.x86_64.rpm 40098 e7206e8ad13ed9bf96e47fa27b14e2fe php-mhash-5.2.4-21.x86_64.rpm 21394 ac1c89df8ba9d9a831a93d1704ec3a77 php-mssql-5.2.4-21.x86_64.rpm 55736 d2753d8085c48062b87ffee1f3df9f36 php-mysql-5.2.4-21.x86_64.rpm 158437 dbcbf563923579098b2f82184a969ff9 php-ncurses-5.2.4-21.x86_64.rpm 61987 f202390e34c2b09be753d620fe416050 php-odbc-5.2.4-21.x86_64.rpm 86670 4968a05fafc14b2ec382f93ef0555e75 php-pdo-5.2.4-21.x86_64.rpm 113136 77997027c33534873ebe350b0459afb9 php-pgsql-5.2.4-21.x86_64.rpm 124139 23888dd0baf37a1bb580187b0f366a59 php-snmp-5.2.4-21.x86_64.rpm 32901 04858aa608f0f045111b6a62260b9dcc php-soap-5.2.4-21.x86_64.rpm 272026 f556a650b4d2b5b48b6646f40379a9e7 php-tidy-5.2.4-21.x86_64.rpm 47607 4fc2f2993ec07f3099c035c0eb06dc54 php-xml-5.2.4-21.x86_64.rpm 190665 4670f5eabe3002f1f32532a1f67dfc5d php-xmlrpc-5.2.4-21.x86_64.rpm 91315 7dbf5ae8cc4a28a0b82e1105e9cfb215 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/php-5.2.4-21.src.rpm 7729875 3f46d8386cdcbf85aaecae224e951d67 Binary Packages Size: MD5 php-5.2.4-21.i686.rpm 3841409 4dbfe7fe486483ef20682c7e540eb815 php-bcmath-5.2.4-21.i686.rpm 37124 5d1096fc41a2b7c4a2de465757bf546d php-cli-5.2.4-21.i686.rpm 2497388 9cb6e994eab0f969b51b71adcdd25490 php-common-5.2.4-21.i686.rpm 273438 4882c434dd28049c0fcab92670731cba php-dba-5.2.4-21.i686.rpm 57725 c4dd53f3d0ea864266f114cef8f189f5 php-devel-5.2.4-21.i686.rpm 572706 25f29c812526082302d6dbca1e8e7d9c php-embedded-5.2.4-21.i686.rpm 1266134 d7995905229b6091e311d2018cbce0b2 php-gd-5.2.4-21.i686.rpm 201574 2ec82835d0770052ddc9ae2de62819c9 php-imap-5.2.4-21.i686.rpm 81238 0056d27d881a153af8a0b04af75b2894 php-ldap-5.2.4-21.i686.rpm 48015 c4238c4a1dd6be71e19d5702758fba25 php-mbstring-5.2.4-21.i686.rpm 2124017 b96ccc3c2439b386ac2490e19efa03f6 php-mcrypt-5.2.4-21.i686.rpm 33528 0690139f2f233a9449ae4a59a1dee0c0 php-mhash-5.2.4-21.i686.rpm 20574 3b79e6df29707ec2424984dd4d6cd0be php-mssql-5.2.4-21.i686.rpm 52182 5e59b77affcd07fe40ff951dd9a71ed2 php-mysql-5.2.4-21.i686.rpm 141364 3dbcf8c9e2f26fb7275be7344979ba0c php-ncurses-5.2.4-21.i686.rpm 55634 3239197337a17ff87300129f4176f119 php-odbc-5.2.4-21.i686.rpm 78749 19e5327ca53d964b206f82914c244a74 php-pdo-5.2.4-21.i686.rpm 104840 4a96194690230e6947370274b38a1f15 php-pgsql-5.2.4-21.i686.rpm 112482 36839abf31e72e1f22a7cbab56524b43 php-snmp-5.2.4-21.i686.rpm 30400 efd274bb921f6977f3b3004fc3c0e5e0 php-soap-5.2.4-21.i686.rpm 267538 498cf0c572732c9f2520b95ac3e90c17 php-tidy-5.2.4-21.i686.rpm 44313 e6f3c1575c74f57c9acba601514160b1 php-xml-5.2.4-21.i686.rpm 166960 0825940f1a283ba1e73c8688e4d0fb3c php-xmlrpc-5.2.4-21.i686.rpm 84741 ba6f02cc56babd2a98e685b4e0c6ac9d 関連文章 : CVE [CVE-2007-5900] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5900 [CVE-2009-4017] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 [CVE-2009-4018] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018 [CVE-2010-4697] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4697 [CVE-2010-4698] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4698 [CVE-2011-1148] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 [CVE-2011-2202] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 [CVE-2011-3182] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182 [CVE-2011-4153] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153 [CVE-2011-4566] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566 [CVE-2011-4885] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885 [CVE-2012-0057] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0057 [CVE-2012-0788] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788 [CVE-2012-0830] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830 [CVE-2012-0831] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831 [CVE-2012-1172] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172 [CVE-2012-1823] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 [CVE-2012-2311] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311 -------------------------------------------------------------------------- 更新履歴 初版 2012/07/02 -------------------------------------------------------------------------- Copyright(C) 2012 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAk/xBaAACgkQK0LzjOqIJMz/ngCgudZ9U5/aj5KpsLaPKudxgiK6 OusAoILteQgAOsMXMkHCfvH0TeITHvdp =rIjV -----END PGP SIGNATURE-----