Skip to content


给PHP5.2.*打上Hash冲突漏洞补丁

PHP5.2.通过构造Hash冲突可以实现拒绝服务攻击,针对此漏洞官方发布了PHP 5.3.9但不会为此发布PHP 5.2.18. 5.2. 可以打上下面的patch来解决此问题.

https://github.com/laruence/laruence.github.com/tree/master/php-5.2-max-input-vars

目前已知的受影响的语言以及版本有::

Java, 所有版本

JRuby <= 1.6.5

PHP <= 5.3.8, <= 5.4.0RC3

Python, 所有版本

Rubinius, 所有版本

Ruby <= 1.8.7-p356

Apache Geronimo, 所有版本

Apache Tomcat <= 5.5.34, <= 6.0.34, <= 7.0.22

Oracle Glassfish <= 3.1.1

Jetty, 所有版本

Plone, 所有版本

Rack, 所有版本

V8 JavaScript Engine, 所有版本

不受此影响的语言或者修复版本的语言有::

PHP >= 5.3.9, >= 5.4.0RC4

JRuby >= 1.6.5.1

Ruby >= 1.8.7-p357, 1.9.x

Apache Tomcat >= 5.5.35, >= 6.0.35, >= 7.0.23

Oracle Glassfish, N/A (Oracle reports that the issue is fixed in the main codeline and scheduled for a future CPU)

将php从5.2.14升级到5.2.17并打上补丁 下载patch https://github.com/laruence/laruence.github.com/zipball/master

到之前的php编译目录

cd src/lempelf/package/ wget http://www.php.net/get/php-5.2.17.tar.gz/from/kr.php.net/mirror wget http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz tar zxvf php-5.2.17.tar.gz gzip -cd php-5.2.17-fpm-0.5.14.diff.gz |patch -d php-5.2.17 -p1 patching file configure Hunk #7 succeeded at 110645 (offset 1324 lines). Hunk #9 succeeded at 119634 (offset 1324 lines). patching file configure.in patching file libevent/ChangeLog patching file libevent/Makefile.am patching file libevent/Makefile.in patching file libevent/README patching file libevent/aclocal.m4 patching file libevent/autogen.sh patching file libevent/buffer.c patching file libevent/compat/sys/_time.h patching file libevent/compat/sys/queue.h patching file libevent/config.h.in patching file libevent/configure patching file libevent/configure.in patching file libevent/depcomp patching file libevent/devpoll.c patching file libevent/epoll.c patching file libevent/epoll_sub.c patching file libevent/evbuffer.c patching file libevent/event-config.h patching file libevent/event-fpm.h patching file libevent/event-internal.h patching file libevent/event.3 patching file libevent/event.c patching file libevent/event.h patching file libevent/evhttp.h patching file libevent/evport.c patching file libevent/evsignal.h patching file libevent/evutil.c patching file libevent/evutil.h patching file libevent/http-internal.h patching file libevent/http.c patching file libevent/install-sh patching file libevent/kqueue.c patching file libevent/log.c patching file libevent/log.h patching file libevent/min_heap.h patching file libevent/missing patching file libevent/poll.c patching file libevent/select.c patching file libevent/signal.c patching file libevent/strlcpy-internal.h patching file libevent/strlcpy.c patching file main/php_config.h.in patching file sapi/cgi/Makefile.frag patching file sapi/cgi/cgi_main.c patching file sapi/cgi/config9.m4 patching file sapi/cgi/fastcgi.c patching file sapi/cgi/fastcgi.h patching file sapi/cgi/fpm/Makefile.frag patching file sapi/cgi/fpm/acinclude.m4 patching file sapi/cgi/fpm/conf/php-fpm.conf.in patching file sapi/cgi/fpm/config.m4 patching file sapi/cgi/fpm/fpm.c patching file sapi/cgi/fpm/fpm.h patching file sapi/cgi/fpm/fpm_arrays.h patching file sapi/cgi/fpm/fpm_atomic.h patching file sapi/cgi/fpm/fpm_autoconf.h.in patching file sapi/cgi/fpm/fpm_children.c patching file sapi/cgi/fpm/fpm_children.h patching file sapi/cgi/fpm/fpm_cleanup.c patching file sapi/cgi/fpm/fpm_cleanup.h patching file sapi/cgi/fpm/fpm_clock.c patching file sapi/cgi/fpm/fpm_clock.h patching file sapi/cgi/fpm/fpm_conf.c patching file sapi/cgi/fpm/fpm_conf.h patching file sapi/cgi/fpm/fpm_config.h patching file sapi/cgi/fpm/fpm_env.c patching file sapi/cgi/fpm/fpm_env.h patching file sapi/cgi/fpm/fpm_events.c patching file sapi/cgi/fpm/fpm_events.h patching file sapi/cgi/fpm/fpm_php.c patching file sapi/cgi/fpm/fpm_php.h patching file sapi/cgi/fpm/fpm_php_trace.c patching file sapi/cgi/fpm/fpm_php_trace.h patching file sapi/cgi/fpm/fpm_process_ctl.c patching file sapi/cgi/fpm/fpm_process_ctl.h patching file sapi/cgi/fpm/fpm_request.c patching file sapi/cgi/fpm/fpm_request.h patching file sapi/cgi/fpm/fpm_shm.c patching file sapi/cgi/fpm/fpm_shm.h patching file sapi/cgi/fpm/fpm_shm_slots.c patching file sapi/cgi/fpm/fpm_shm_slots.h patching file sapi/cgi/fpm/fpm_signals.c patching file sapi/cgi/fpm/fpm_signals.h patching file sapi/cgi/fpm/fpm_sockets.c patching file sapi/cgi/fpm/fpm_sockets.h patching file sapi/cgi/fpm/fpm_stdio.c patching file sapi/cgi/fpm/fpm_stdio.h patching file sapi/cgi/fpm/fpm_str.h patching file sapi/cgi/fpm/fpm_trace.c patching file sapi/cgi/fpm/fpm_trace.h patching file sapi/cgi/fpm/fpm_trace_mach.c patching file sapi/cgi/fpm/fpm_trace_pread.c patching file sapi/cgi/fpm/fpm_trace_ptrace.c patching file sapi/cgi/fpm/fpm_unix.c patching file sapi/cgi/fpm/fpm_unix.h patching file sapi/cgi/fpm/fpm_worker_pool.c patching file sapi/cgi/fpm/fpm_worker_pool.h patching file sapi/cgi/fpm/init.d/php-fpm.in patching file sapi/cgi/fpm/xml_config.c patching file sapi/cgi/fpm/xml_config.h patching file sapi/cgi/fpm/zlog.c patching file sapi/cgi/fpm/zlog.h unzip laruence-laruence.github.com-43969a1.zip cd php-5.2.17 patch -p1 patching file configure Hunk #1 succeeded at 2176 (offset 11 lines). patching file configure.in patching file main/main.c patching file main/php_globals.h patching file main/php_variables.c patching file main/php_version.h

打好补丁,重编译一遍php

./configure –prefix=/opt/php-5.2.17p1 –with-config-file-path=/opt/php-5.2.17p1/etc –with-mysql=/opt/mysql –with-mysqli=/opt/mysql/bin/mysql_config –with-iconv-dir=/usr/local –with-freetype-dir –with-jpeg-dir –with-png-dir –with-zlib –with-libxml-dir=/usr –disable-rpath –enable-discard-path –enable-safe-mode –enable-bcmath –enable-shmop –enable-sysvsem –enable-inline-optimization –with-curl –with-curlwrappers –enable-mbregex –enable-fastcgi –enable-fpm –enable-force-cgi-redirect –enable-mbstring –with-mcrypt –with-gd –enable-gd-native-ttf –with-openssl –with-mhash –enable-pcntl –enable-sockets –with-xmlrpc –enable-zip –enable-soap –enable-xml –enable-zend-multibyte –disable-debug –disable-ipv6 make ZEND_EXTRA_LIBS=’-liconv’ make install cd ../memcache-3.0.5 make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install cd ../eaccelerator-0.9.6.1 make clean /opt/php-5.2.17p1/bin/phpize ./configure –enable-eaccelerator=shared –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install cd ../PDO_MYSQL-1.0.2 make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config –with-pdo-mysql=/opt/mysql make make install cd ../imagick-2.2.2/ make clean /opt/php-5.2.17p1/bin/phpize ./configure –with-php-config=/opt/php-5.2.17p1/bin/php-config make make install #32位用下面 cp ../ZendOptimizer-3.3.9-linux-glibc23-i386/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/ #64位用下面 cp ../ZendOptimizer-3.3.9-linux-glibc23-x86_64/data/5_2_x_comp/ZendOptimizer.so /opt/php-5.2.17p1/lib/php/extensions/no-debug-non-zts-20060613/ mkdir -p /opt/php-5.2.17p1/eaccelerator_cache chown www:website /opt/php-5.2.17p1/eaccelerator_cache/ chmod 770 /opt/php-5.2.17p1/eaccelerator_cache/ touch /opt/php-5.2.17p1/logs/php_error.log chown www:website /opt/php-5.2.17p1/logs/php_error.log chmod 770 /opt/php-5.2.17p1/logs/php_error.log #升级pear (可选) /opt/php-5.2.17p1/bin/pear upgrade pear /opt/php-5.2.17p1/bin/pear install Benchmark Cache_Lite DB HTTP Mail Mail_Mime Net_SMTP Net_Socket Pager XML_Parser XML_RPC cp -p /opt/php/etc/php.ini /opt/php-5.2.17p1/etc/ cp -p /opt/php/etc/php-fpm.conf /opt/php-5.2.17p1/etc/ chown root:website /opt/php-5.2.17p1/etc/* chmod 660 /opt/php-5.2.17p1/etc/* /opt/php/sbin/php-fpm stop #删掉软连接,切换php rm /opt/php ln -s /opt/php-5.2.17p1/ /opt/php /opt/php/sbin/php-fpm start

注意phpfpm.conf,php.ini中的路径

找不到libmysqlclient.so.16

./conftest: error while loading shared libraries: libmysqlclient.so.16

echo /opt/mysql/lib/mysql >> /etc/ld.so.conf ldconfig -v

eAccelerator出错

[eAccelerator] This build of “eAccelerator” was compiled for PHP version 5.2.14. Rebuild it for your PHP version (5.2.17p1) or download precompiled binaries.

重新编译eAccelerator

参考: http://www.laruence.com/2011/12/29/2412.html

Posted in PHP, 安全, 安全通告.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.