patch details: SWS-681

IT Resource Center


	»	Login
	»	Register
	»	My profile



	»	Search knowledge base
	»	Forums
	»	Patch database
	»	Download drivers, software and firmware
	»	Warranty check
	»	Support Case Manager
	»	Software Update Manager
	»	Training and Education
	»	More maintenance and support options



	»	Online help
	»	Site map

» view selected patch list

The most recent patch is : SWS-681

useful links

» Patch Family Tree

You may provide feedback on this document.

» title

» product

» source

» eco information

» eco kit summary

» known problems with the patch kit


<TITLE> HP Tru64 UNIX - SSRT080132 Buffer overflow in the imageloadfont 

Copyright (c) Hewlett-Packard Company 2008.  All rights reserved.


PRODUCT:    HP Internet Express for Tru64 UNIX
SOURCE:     Hewlett-Packard Company

ECO INFORMATION:

     ECO Name:   SWS-681.tar.gz 
     ECO Kit Approximate Size:  108MB
     Kit Applies To:  HP Internet Express for Tru64 UNIX 6.6, 6.7 and 6.8

     ECO Kit CHECKSUMS:
        /usr/bin/sum results:
        29532 105752 

        /usr/bin/cksum results:
        705273346 108289825 

        MD5 results:
        e246c29f305cfdb526e20672b6c3b05f 

        SHA1 results:
        50a894ed8d8fd0e038ea569d787a9268dbb0e88a


ECO KIT SUMMARY:

A setld-based patch kit exists for HP Internet Express for Tru64 UNIX 6.6, 6.7 and 6.8
(IX) that contains solutions to the following problems:

A potential security vulnerability has been reported on the HP Tru64 UNIX Operating
System or Internet Express (IX) whereby a buffer overflow in the imageloadfont
function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows
context-dependent attackers to cause a denial of service (crash) and possibly
execute arbitrary code via a crafted font file.

The patches in this kit will also be available in the next mainstream
patch kit - IX 6.9.


Special Installation Instructions

The kit "SWS-681.tar.gz" when untarred contains the following directories:
- doc (sws documentation)
- kit (installable kit)
- sources

Installing the kit


1. gunzip SWS-681.tar.gz

2. tar xvf SWS-681.tar

3. cd sws-681/kit

4. ls -R
        IAE.image     IAEAPAD681    IAEAPCH681    IAEAPDOC681   IAEHTTPD681   IAETOMCAT681  INSTCTRL      instctrl

        ./instctrl:
        IAE.image          IAEAPAD681.ctrl    IAEAPAD681.scp     IAEAPCH681.inv     IAEAPDOC681.ctrl   IAEAPDOC681.scp    IAEHTTPD681.inv    IAETOMCAT681.ctrl  
	IAETOMCAT681.scp   IAE681.comp        IAEAPAD681.inv     IAEAPCH681.ctrl    IAEAPCH681.scp     IAEAPDOC681.inv    IAEHTTPD681.ctrl   IAEHTTPD681.scp    IAETOMCAT681.inv

5. # setld -l .



SUPERSEDE INFORMATION:

  None


KNOWN PROBLEMS WITH THE PATCH KIT:

None.

This patch delivers the following files:

IAE.image     
IAEAPAD681    
IAEAPCH681    
IAEAPDOC681   
IAEHTTPD681   
IAETOMCAT681  
INSTCTRL

./instctrl/IAE.image          
./instctrl/IAEAPAD681.ctrl    
./instctrl/IAEAPAD681.scp     
./instctrl/IAEAPCH681.inv     
./instctrl/IAEAPDOC681.ctrl   
./instctrl/IAEAPDOC681.scp    
./instctrl/IAEHTTPD681.inv    
./instctrl/IAETOMCAT681.ctr
./instctrl/IAETOMCAT681.scp
./instctrl/IAE681.comp       
./instctrl/IAEAPAD681.inv     
./instctrl/IAEAPCH681.ctrl    
./instctrl/IAEAPCH681.scp     
./instctrl/IAEAPDOC681.inv    
./instctrl/IAEHTTPD681.ctrl   
./instctrl/IAEHTTPD681.scp    
./instctrl/IAETOMCAT681.inv

apache-tomcat-5.5.26, apache_1.3.39, httpd-2.2.6, php-4.4.9 sources and licenses


[R] UNIX is a registered trademark in the United States and other countries
licensed exclusively through X/Open Company Limited.

Copyright Hewlett-Packard Company 2008.  All Rights reserved.

» top of page

Printable version


Privacy statement	Using this site means you accept its terms

© 2009 Hewlett-Packard Development Company, L.P.