lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307082003.RAA22939@frajuto.distro.conectiva>
Date: Tue, 8 Jul 2003 17:03:36 -0300
From: Conectiva Updates <secure@...ectiva.com.br>
To: conectiva-updates@...aleguas.conectiva.com.br, lwn@....net,
	bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com,
	linsec@...ts.seifried.org
Subject: [CLA-2003:691] Conectiva Security Announcement - php4


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : php4
SUMMARY   : New PHP4 packages with security fixes and enhancements
DATE      : 2003-07-08 17:03:00
ID        : CLA-2003:691
RELEVANT
RELEASES  : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
 PHP[1] is a very popular scripting language used by web servers to
 offer dynamic content.
 
 This announcement updates PHP4 to the 4.3.2 version and contains,
 among others, the following fixes:
 
 - one of the memory allocation functions was modified to prevent
 integer overflow vulnerabilities. Sir Mordred has reported some
 vulnerable functions which try to allocate memory without checking
 for integer overflows: array_pad()[2], str_repeat()[3] and
 socket_iovec_alloc()[4]. In order to exploit this vulnerability,
 however, an attacker would need to be able to manipulate the
 parameters used in these functions, which is application specific.
 
 - transparent session ID cross site scripting (CAN-2003-0442)[5]:
 this vulnerability is only present if the "session.use_trans_sid"
 parameter in the php.ini configuration file is enabled. The default
 for this parameter is for it to be disabled. Previous PHP versions
 did not sanitize the session ID and this would allow cross site
 scripting attacks.
 
 - fix for some socket functions[6]: also reported by Sir Mordred, the
 socket_recv() and socket_recvfrom() functions can be used to crash
 PHP if supplied with negative arguments. Again, in order to exploit
 this vulnerability, it is necessary for the attacker to be able to
 supply his/her own arguments to these functions, which is application
 specific.
 
 - new libimap4 package: while building packages for Conectiva Linux
 9, it was realized that the imap libraries which were being used did
 not have proper Kerberos support and this was breaking the PHP build.
 This has been fixed and the new php4-imap package contains a
 dependency for the fixed libimap4 package.
 
 - new documentation packages: besides being updated for the 4.3.2
 version, there are also two new documentation packages: Brazilian
 portuguese and Spanish, taken from the project's site.
 
 - new packages for Conectiva Linux 8: two new packages have been
 added to Conectiva Linux 8: php4-mcrypt (for cryptographic functions)
 and php4-snmp (for snmp-related functions).
 
 
 Important note for Conectiva Linux 7.0 and 8 users:
 Please note that PHP now ships with the "register_globals" parameter
 set to "Off" by default. Some applications, such as the Imp 2.x
 webmail, need this parameter to be set to "On" in order to work
 properly. If your application needs this parameter active, please
 edit php's configuration file (/etc/php4/apache/php.ini for DSO,
 /etc/php4/cgi/php.ini for CGI). If possible, consider changing the
 application so that it does not need "register_globals = On", because
 it makes it easier to introduce security vulnerabilities in PHP
 scripts. The http://www.php.net/register_globals page contains a
 thorough discussion of this issue.


SOLUTION
 It is recommended that all PHP users upgrade their packages.
 
 IMPORTANT: if PHP is being used as an Apache module, the web server
 has to be restarted after the upgrade if it was already running. To
 do so, please run, as root:
 
 service httpd stop
 
 (wait a few seconds and check with "ps ax|grep httpd" if there are
 any httpd processes running. On a busy webserver this could take a
 little longer.)
 
 service httpd start
 
 
 REFERENCES
 1. http://www.php.net
 2. http://marc.theaimsgroup.com/?l=bugtraq&m=104931384806788&w=2
 3. http://marc.theaimsgroup.com/?l=bugtraq&m=104931355406416&w=2
 4. http://marc.theaimsgroup.com/?l=bugtraq&m=104860818613543&w=2
 5. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0442
 6. http://marc.theaimsgroup.com/?l=bugtraq&m=104869828526885&w=2
 7. http://www.php.net/register_globals


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/php4-4.3.2-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mod_php4-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-devel-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-doc-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-doc-es-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-doc-pt_BR-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-imap-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-ldap-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-mysql-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-odbc-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/php4-pgsql-4.3.2-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/php4-4.3.2-1U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/mod_php4-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-devel-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-doc-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-doc-es-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-doc-pt_BR-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-imap-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-ldap-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-mcrypt-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-mysql-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-odbc-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-pgsql-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/php4-snmp-4.3.2-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/uw-imap-2002b-26900U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/php4-4.3.2-26997U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-devel-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-es-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-pt_BR-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-imap-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-ldap-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mcrypt-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mysql-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-odbc-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-pgsql-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-snmp-4.3.2-26997U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imap-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libimap-devel-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libimap-devel-static-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libimap4-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/uw-imap-doc-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/uw-imap-server-2002b-26900U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/uw-pop-server-2002b-26900U90_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@...aleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@...aleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/CyOX42jd0JmAcZARAsv8AJ9zAAIO0MofcBtHXCmiswuDhYBjigCg1sxJ
sWBUipWEvf386uYChShn1ss=
=NQ9Z
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ