![]() PHP: PHP 5 Change. Log. Version 5. 6. Jul 2. 01. 7Core. How To Install PHP 7 on CentOS and RHEL based distributions. Installation steps of PHP7 on Centos and RHEL systems using yum. Debian Wheezy Mail Server – Postfix Dovecot Sasl MySQL PostfixAdmin RoundCube SpamAssassin Clamav Greylist Nginx PHP5. Fixed bug #7. 38. Performance problem with processing post request over 2. Fixed bug #7. 41. Heap buffer overread (READ: 1) finish_nested_data from unserialize). Fixed bug #7. 46. 웹 해킹 - 웹 페이지 관련 구성 파일 이름목록 웹 해킹 / Security_Study. PHP INI Parsing Stack Buffer Overflow Vulnerability). Fixed bug #7. 48. GD. Fixed bug #7. Buffer over- read into uninitialized memory). CVE- 2. 01. 7- 7. Add oniguruma upstream fix (CVE- 2. CVE- 2. 01. 7- 9. CVE- 2. 01. 7- 9. CVE- 2. 01. 7- 9. ![]() CVE- 2. 01. 7- 9. Open. SSL. Fixed bug #7. PCRE. Fixed bug #7. Segmentation fault in PHP7. PCRE library)). WDDX. Fixed bug #7. 41. SIGSEGV). Version 5. Jan 2. 01. 7EXIF. Fixed bug #7. 37. FPE when parsing a tag format). CVE- 2. 01. 6- 1. GD. Fixed bug #7. Use after free when stream is passed to imagepng). Fixed bug #7. 38. DOS vulnerability in gd. Image. Create. From. Gd. 2Ctx()). (CVE- 2. Fixed bug #7. 38. Signed Integer Overflow gd_io. CVE- 2. 01. 6- 1. Intl. Fixed bug #6. Phar. Fixed bug #7. Crash while loading hostile phar archive). CVE- 2. 01. 6- 1. Fixed bug #7. 37. Memory corruption when loading hostile phar). CVE- 2. 01. 6- 1. Fixed bug #7. 37. Seg fault when loading hostile phar). SQLite. 3. Reverted fix for bug #7. Unsetting result set may reset other result set). Standard. Fixed bug #7. Unserialize context shared on double class lookup). Fixed bug #7. 38. Heap out of bounds read on unserialize in finish_nested_data()). CVE- 2. 01. 6- 1. Version 5. 6. 2. 90. Dec 2. 01. 6Mysqlnd. Fixed bug #6. 45. Add missing mysqlnd.* parameters to php. Opcache. Fixed bug #7. Opcache segfault when using class constant to call a method). Fixed bug #6. 90. Open. SSL. Fixed bug #7. Invalid parameter in memcpy function trough openssl_pbkdf. Postgres. Fixed bug #7. Incorrect SQL generated for pg_copy_to()). SOAP. Fixed bug #7. Segfault (Regression for #6. SQLite. 3. Fixed bug #7. Unsetting result set may reset other result set). Standard. Fixed bug #7. HTTP stream wrapper should ignore HTTP 1. Continue). WDDX. Fixed bug #7. Invalid read when wddx decodes empty boolean element). CVE- 2. 01. 6- 9. Version 5. 6. 2. 81. Nov 2. 01. 6Core. Fixed bug #7. 33. Bz. 2. Fixed bug #7. GD. Fixed bug #7. Integer overflow in imageline() with antialiasing). Fixed bug #7. 32. Fixed bug #7. 32. Integer overflow in gd. Image. Scale. Bilinear. Palette()). Fixed bug #7. Stack Buffer Overflow in GD dynamic. Getbuf). Fixed bug #7. Illegal write/read access caused by gd. Image. AALine overflow). Fixed bug #7. 26. CVE- 2. 01. 6- 9. Imap. Fixed bug #7. Integer Overflow in "_php_imap_mail" leads Heap Overflow). SPL. Fixed bug #7. Use- after- free in Array. Object Deserialization). SOAP. Fixed bug #7. Soap. Server reports Bad Request when gzipped). SQLite. 3. Fixed bug #7. Standard. Fixed bug #7. Fixed bug #7. 31. Fixed bug #7. 31. Wddx. Fixed bug #7. NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). CVE- 2. 01. 6- 9. Version 5. 6. 2. 71. Oct 2. 01. 6Core. Fixed bug #7. 30. Heap Buffer Overflow in virtual_popen of zend_virtual_cwd. Fixed bug #7. 30. Fixed bug #7. 27. Out of bounds global memory read in BF_crypt triggered by. Fixed bug #7. 31. Memcpy negative size parameter php_resolve_path). Fixed bug #7. 31. Use After Free in unserialize()). BCmath. Fixed bug #7. DOM. Fixed bug #7. NULL check in dom_document_save_html). Ereg. Fixed bug #7. Filter. Fixed bug #7. Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and. FILTER_FLAG_NO_PRIV_RANGE). Fixed bug #6. 71. Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE). Fixed bug #7. 30. GD. Fixed bug #6. Fixed bug #5. 01. Fixed bug #7. 30. Integer Overflow in gd. Image. Webp. Ctx of gd_webp. Fixed bug #5. 35. Fixed bug #7. 31. Fixed bug #7. 31. Fixed bug #7. 31. Fixed bug #7. 31. Intl. Fixed bug #7. ICU int overflow). Imap. Fixed bug #7. Mbstring. Fixed bug #7. Fixed bug #6. 69. Fixed bug #7. 29. Fixed bug #7. 30. PCRE. Fixed bug #7. Opcache. Fixed bug #7. Opcache restart with kill_all_lockers does not work). Open. SSL. Fixed bug #7. Invalid path SNI_server_certs causes segfault). Fixed bug #7. 32. Fixed bug #7. 32. Session. Fixed bug #6. Session does not report invalid uid for files save handler). Fixed bug #7. 31. Simple. XML. Fixed bug #7. NULL pointer dereference in Simple. XMLElement: :as. XML()). SPL. Fixed bug #7. Caching. Iterator null dereference when convert to string). Standard. Fixed bug #7. Write out of bounds at number_format). Fixed bug #7. 30. Stream. Fixed bug #7. G). Zip. Fixed bug #7. Depacking with wrong password leaves 0 length files). Version 5. 6. 2. 61. Sep 2. 01. 6Core. Fixed bug #7. 29. Dba. Fixed bug #7. Bad dba_replace condition because of wrong API usage). Fixed bug #7. 08. Cannot fetch multiple values with group in ini file). EXIF. Fixed bug #7. Uninitialized Thumbail Data Leads To Memory Leakage in exif_process_IFD_in_TIFF). FTP. Fixed bug #7. Cannot upload file using ftp_put to FTPES with require_ssl_reuse). GD. Fixed bug #6. Fixed bug #7. 29. Fixed bug #6. 87. Intl. Fixed bug #7. CVE- 2. 01. 6- 7. JSON. Fixed bug #7. Fixed bug #6. 67. Fixed bug #7. 29. Out of bounds heap read in mbc_to_code() / triggered by mb_ereg_match()). MSSQL. Fixed bug #7. Use of uninitialised value on mssql_guid_string). Mysqlnd. Fixed bug #7. Heap overflow in mysqlnd related to BIT fields). CVE- 2. 01. 6- 7. PDO. Fixed bug #6. NULL result using PDO: :FETCH_LAZY returns false). PDO_pgsql. Implemented FR #7. Postgres PDO last. Insert. Id() should work without specifying a sequence). Fixed bug #7. 27. Regression in pgo_pgsql). Phar. Fixed bug #7. Out of bound when verify signature of zip phar in phar_parse_zipfile). CVE- 2. 01. 6- 7. Fixed bug #7. 30. Out of bound when verify signature of tar phar in phar_parse_tarfile). SPL. Fixed bug #7. Missing type check when unserializing Spl. Array). (CVE- 2. 01. Standard. Fixed bug #7. Fixed bug #7. 22. FALSE on valid jpg). Fixed bug #6. 55. Fixed bug #7. 18. Negative ftruncate() on php: //memory exhausts memory). Fixed bug #7. 30. Fixed bug #7. 30. Fixed bug #7. 30. Fixed bug #7. 30. Memory Corruption in During Deserialized- object Destruction). CVE- 2. 01. 6- 7. Streams. Fixed bug #7. Wddx. Fixed bug #7. CVE- 2. 01. 6- 7. Fixed bug #7. 30. Out- Of- Bounds Read in php_wddx_push_element). CVE- 2. 01. 6- 7. XML. Fixed bug #7. SEGV on unknown address zif_xml_parse). Fixed bug #7. 29. ZIP. Fixed bug #6. Version 5. 6. 2. 51. Aug 2. 01. 6Core. Fixed bug #7. 04. Use After Free Vulnerability in unserialize()). Fixed bug #7. 20. Fixed bug #7. 25. Exception after deserialization). Implemented FR #7. Support "nmake test" on building extensions by phpize). Fixed bug #7. 26. Windows) ignores PHP_PREFIX). Fixed bug #7. 26. Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). CVE- 2. 01. 6- 7. Fixed bug #7. 26. PHP Session Data Injection Vulnerability). CVE- 2. 01. 6- 7. Bz. 2. Fixed bug #7. Calendar. Fixed bug #6. French calendar). Fixed bug #7. 18. Address. Sanitizer: global- buffer- overflow in zif_cal_from_jd). Curl. Fixed bug #7. Segmentation fault when using c. URL with ZTS). Fixed bug #7. Certification information (CERTINFO) data parsing error). Fixed bug #7. 28. DOM. Fixed bug #6. DOM document dangling reference). Ereg. Fixed bug #7. Integer overflow lead to heap corruption in sql_regcase). EXIF. Fixed bug #7. Memory Leakage In exif_process_IFD_in_TIFF). CVE- 2. 01. 6- 7. Fixed bug #7. 27. Samsung picture thumb not read (zero size)). Filter. Fixed bug #7. FILTER_FLAG_NO_RES_RANGE does not cover whole 1. FPM. Fixed bug #7. GD. Fixed bug #4. Fixed bug #6. 65. Always false condition in ext/gd/libgd/gdkanji. Fixed bug #6. 87. Fixed bug #7. 03. Server Error but page is fully rendered). Fixed bug #7. 25. WEBP support). Fixed bug #7. Fixed bug #7. 26. CVE- 2. 01. 6- 7. Fixed bug #7. 27. OOB read for empty $styles). Fixed bug #7. 27. CVE- 2. 01. 6- 7. Fixed bug #7. 24. Intl. Partially fixed #7. UTS #4. 6 incorrect for long domain names). Fixed bug #7. 26. Fixed bug #7. 26. Fixed bug #7. 26. Fixed bug #7. 27. PCRE. Fixed bug #7. PDO_pgsql. Fixed bug #7. PDO statement fails to throw exception). Reflection. Fixed bug #7. Reflection. Class: :export doesn't handle array constants). SNMP. Fixed bug #7. Standard. Fixed bug #7. CSV fields incorrectly split if escape char followed by UTF chars). Fixed bug #7. 28. Fixed bug #7. 28. Fixed bug #7. 28. Fixed bug #7. 28. Fixed bug #7. 27. Streams. Fixed bug #4. Problems with the ftps wrapper). Fixed bug #5. 44. Fixed bug #7. 26. Fixed bug #7. 27. IIS FTP 7. 5, 8. 5). Fixed bug #7. 27. SPL. Fixed bug #7. Iterator. Iterator breaks '@' error suppression). Fixed bug #7. 26. Spl. File. Object: :get. Csv. Control does not return the escape character). Fixed bug #7. 26. Append. Iterator segfault with closed generator). Debian Wheezy Mail Server – Postfix Dovecot Sasl My. SQL Postfix. Admin Round. Cube Spam. Assassin Clamav Greylist Nginx PHP5 – Xen. Lens. This is a tutorial on how to install an email server on Debian Wheezy 7. We are going to install the following components: E- mail server: Postfix. Dovecot. Sasl library. My. SQLMilters: Spam. Assassin. Clamav. Greylist. Webserver: Nginx. PHP5php. My. Admin. Postfix. Admin. Round. Cube. Please replace any text in red with your info. Here is a scheme about the internals, click on image to get a clear view: 1. Install Debian Wheezy 7. When installing Debian 7 itself, only select ‘SSH server’ when prompted to select software. If Debian is ready, install the following packages: apt- get install sudo mc vim. Install My. SQL server and clientapt- get install mysql- server mysql- client. Enter a My. SQL root password when prompted. Check that mysqld is running: ps aux. Install PHP5 and Nginx. At this point I use the Dotdeb repo to install PHP version 5. Add Dotdeb repositories to /etc/apt/sources. Add Dotdeb key: wget http: //www. Update apt cache: apt- get update. Install PHP5 and Nginx: apt- get install php. Make sure php. 5- fpm and nginx are running: service php. Create a folders to store web files: mkdir /home/clients_ssl. Create nginx config for this site: vi /etc/nginx/sites- available/< subdomain. Press ‘i’ and paste the following in vim, replace < yourip> and < subdomain. HTTPS on. location ~ /\. Remove the default site and put your site online: rm /etc/nginx/sites- available/default. Create the certs folder. Put your cerificates in there. Get a valid certificate from a certificate authority or create a self signed certificate. You can google on how to make one. Make sure to edit your Nginx config file to match the certificate filenames. Restart Nginxservice nginx restart. Create a php. 5- fpm config file: vi /etc/php. Press ‘i’ and paste the following in vim, replace < subdomain. Create a user for this virtualhost: groupadd - g 1. Create socks folder: mkdir /etc/php. Remove the default php pool: rm /etc/php. Add timezone info to php ini file /etc/php. Europe/Tallinn. Restart php. Install php. My. Admincd /home/clients_ssl/< subdomain. My. Admin/4. 0. 8/php. My. Admin- 4. 0. 8- english. My. Admin- 4. 0. 8- english. Hide pma or bots will try to hack into it: mv php. My. Admin- 4. 0. 8- english pma_7. Set the right owner for www and tmp folder: cd /home/clients_ssl/< subdomain. R 1. 00. 1. 1. 00. Now you should be able to access pma at: https: //< subdomain. Now open php. My. Admin and click on ‘SQL’ on the top menubar. Paste the following SQL queries to create a database and user, replace < password> as you see fit: CREATE DATABASE postfix. GRANT ALL PRIVILEGES ON postfix.* TO 'postfix_admin'@'%' IDENTIFIED BY '< dbpassword. GRANT SELECT ON postfix.* TO 'postfix'@'%' IDENTIFIED BY '< dbpassword. FLUSH PRIVILEGES; 5. Install Postfix. Admin. Although you can install it from a standard Debian package I am going to download it directly instead so I can put it under my custom path immediately. R 1. 00. 1. 1. 00. Now edit configuration file config. CONF['configured'] = true. CONF['postfix_admin_url'] = 'https: //< subdomain. CONF['database_type'] = 'mysqli'. CONF['database_host'] = 'localhost'. CONF['database_user'] = 'postfix_admin'. CONF['database_password'] = '< dbpassword. CONF['database_name'] = 'postfix'. CONF['domain_path'] = 'YES'. CONF['domain_in_mailbox'] = 'NO'. CONF['fetchmail'] = 'NO'; Go to https: //< subdomain. This setup script should create the nesessary tables to postfix database. At the bottom of setup. Gererate password hash’. Edit config. inc. CONF['setup_password'] = '< hash> '; Now enter superadmin account info. You can use this to access Postfix. Admin and configure domains, e- mail accounts, aliases etc. Try to log in with the admin account here: https: //< subdomain. Install Postfix and Sasl libraryapt- get install postfix postfix- mysql libsasl. When prompted, choose ‘Internet Site’. Use yor domain name as ‘System mail name’: < subdomain. For example use ‘mail. Do not use ‘yourdomain. Create virtual mail user and group: groupadd - g 3. Edit /etc/postfix/main. Create the following files: /etc/postfix/mysql_virtual_mailbox_domains. SELECT domain FROM domain WHERE domain='%s' and backupmx = 0 and active = 1/etc/postfix/mysql_virtual_mailbox_maps. SELECT maildir FROM mailbox WHERE username='%s' AND active = 1/etc/postfix/mysql_virtual_alias_maps. SELECT goto FROM alias WHERE address='%s' AND active = 1/etc/postfix/mysql_relay_domains. SELECT domain FROM domain WHERE domain='%s' and backupmx = 1/etc/postfix/sasl/smtpd. SELECT password FROM mailbox WHERE username = '%u@%r' AND active = 1. Add postfix user to sasl group: adduser postfix sasl. Enable secure smtp ports, edit /etc/postfix/master. ORIGINATING. smtps inet n - - - - smtpd. ORIGINATING7. Install Dovecotapt- get install dovecot- imapd dovecot- pop. Create file /etc/dovecot/dovecot- mysql. MD5- CRYPT. user_query = SELECT '/home/vmail/%d/%n' as home, 3. AS uid, 3. 00. 0 AS gid FROM mailbox WHERE username = '%u'. SELECT password FROM mailbox WHERE username = '%u'Edit /etc/dovecot/conf. Edit /etc/dovecot/conf. INDEX=/home/vmail/%d/%n/indexes. Edit /etc/dovecot/conf. Edit /etc/dovecot/conf. Edit /etc/dovecot/conf. Path for SQL configuration file, see example- config/dovecot- sql. Edit /etc/dovecot/conf. Postfix smtp- auth. Restart services: service dovecot restart. You can now add a domain with Postfix. Admin and test your e- mail server. Any errors are found in logfiles: /var/log/auth. Install Miltersapt- get install clamav- milter clamav- unofficial- sigs milter- greylist spamass- milterclamav- milter: Update Clam. Av database and start the daemon: freshclam. Edit /etc/default/clamav- milter and uncomment the last line: SOCKET_RWGROUP=postfix. Create a socket folder inside Postfix chroot environment: mkdir /var/spool/postfix/clamav. Configure Clam. Av milter: dpkg- reconfigure clamav- milter. Answer questions as follows: Handle configuration automatically - -> yes. User for daemon - -> clamav. Additional groups - -> none (empty field). Rejecting harmful e- mail: %v found. LOG_LOCAL6. verbose logging - -> no. Tell Postfix to use this new milter: postconf - e 'smtpd_milters = unix: /clamav/clamav- milter. Edit /etc/default/spamass- milter: Add ‘- m’ so it won’t change the subject header. Add ‘- r - 1’ so Postfix rejects what Spam. Assassin flags as spam. Add ‘- l’ to avoid scanning e- mails sent by logged in users. OPTIONS="- u spamass- milter - i 1. I"Restart milter: service spamass- milter restart. Add a dedicated user for Spam. Assassin daemon: adduser - -shell /bin/false - -home /var/lib/spamassassin - -disabled- password - -disabled- login - -gecos "" spamd. Edit /etc/default/spamassassin: ENABLED=1. OPTIONS="- -create- prefs - -max- children 5 - -helper- home- dir=/var/lib/spamassassin - u spamd - g spamd". CRON=1. Update rules and restart the daemon: sa- update. Tell Postfix to use new milter: postconf - e 'smtpd_milters = unix: /clamav/clamav- milter. Edit /etc/milter- greylist/greylist. For sendmail use the following two lines. For Postfix uncomment the following two lines and comment out the. Edit /etc/default/milter- greylist: ENABLED=1. SOCKET="/var/spool/postfix/milter- greylist/milter- greylist. Make a folder for the socket and restart milter: mkdir /var/spool/postfix/milter- greylist. Tell Postfix to use the new milter: postconf - e 'milter_connect_macros = i b j _ {daemon_name} {if_name} {client_addr}'. Install Round. Cubewget 'http: //downloads. R 1. 00. 1. 1. 00. Open php. My. Admin SQL window and paste: CREATE DATABASE roundcube. GRANT ALL PRIVILEGES ON roundcube.* TO roundcube@localhost IDENTIFIED BY '< rcpassword> '. FLUSH PRIVILEGES; Add initial tables and data: cd /home/clients_ssl/< subdomain. SQL/mysql. initial. Go to https: //< subdomain. See that your environment is ok and click Next. On the ‘Create config’ page, you may want to change the following values: product_name: < yourproductname>. USClick Continue. Change the value in textarea to: $rcmail_config['use_https'] = true; Then copy all from textarea and paste the contents to main. Remove installer folder: mv installer ././Open Round. Cube at https: //< subdomain. This is it ?If this was of any use please link back to this tutorial. Thank you. Sources used to build this tutorial: https: //library.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |