LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices



Reply
 
Search this Thread
Old 02-02-2012, 03:40 PM   #106
GazL
Senior Member
 
Registered: May 2008
Posts: 3,502

Rep: Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024Reputation: 1024

Quote:
Originally Posted by ponce View Post
php-5.3.9: SlackBuild (edited to change the VERSION number, you'll need also alpine's SlackBuild) - source
Fixes:
- http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-4885
- http://cve.mitre.org/cgi-bin/cvename...=CVE-2011-3379

nothing broke so far.
Looks like php isn't quite fixed yet:
http://www.h-online.com/security/new...d-1427316.html
 
Old 02-02-2012, 04:12 PM   #107
ponce
Senior Member
 
Registered: Aug 2004
Location: Pisa, Italy
Distribution: Slackware
Posts: 2,498

Rep: Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912Reputation: 912
I was about posting that I just updated to 3.5.10 (looks like is not officially announced yet, but it's already on the mirrors): from the NEWS file

Code:
PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
02 Feb 2012, PHP 5.3.10

- Core:
  . Fixed arbitrary remote code execution vulnerability reported by Stefan 
    Esser, CVE-2012-0830. (Stas, Dmitry)
here I applied also another little thingie to the slackbuild to avoid junk (it's everywhere! ) in /usr/lib${LIBDIRSUFFIX}/php and /usr/lib${LIBDIRSUFFIX}/build

Code:
--- php.SlackBuild.orig 2011-08-24 01:57:25.000000000 +0200
+++ php.SlackBuild      2012-02-02 21:25:36.048785243 +0100
@@ -24,7 +24,7 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
-VERSION=5.3.8
+VERSION=5.3.10
 ALPINE=2.00
 BUILD=${BUILD:-1}
 
@@ -249,8 +249,9 @@
   rm -rf .channels .depdb .depdblock .filemap .lock .registry
 )
 
-# Fix $PKG/usr/lib/php perms:
+# Clean other junk and fix $PKG/usr/lib/php perms:
 ( cd $PKG/usr/lib${LIBDIRSUFFIX}/php
+  rm -rf ../build .channels .depdb .depdblock .filemap .lock .registry
   find . \
    \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
    -exec chmod 755 {} \; -o \

Last edited by ponce; 02-02-2012 at 04:26 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How do I get the updates and security updates wenall Debian 3 07-10-2011 05:17 PM
what does @updates mean in yum list? rtaft Linux - Software 3 05-04-2010 03:00 PM
Whats the security updates now for the sources.list for etch/Debian? steelheat Linux - Newbie 7 12-15-2007 07:45 PM
urpmi list.Updates zaphod_es Linux - Software 18 10-20-2003 03:48 PM
urpmi list.updates missing zaphod_es Mandriva 7 09-20-2003 05:13 PM


All times are GMT -5. The time now is 07:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration