| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050324084508.GA2505@box79162.elkhouse.de>
Date: Thu, 24 Mar 2005 09:45:08 +0100
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-99-2] Fixed php4 packages for USN-99-1
===========================================================
Ubuntu Security Notice USN-99-2 March 24, 2005
php4 vulnerabilities
CAN-2004-1064
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.6. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts
to circumvent path restrictions by creating a specially crafted
directory whose length exceeded the capacity of the realpath()
function (CAN-2004-1064). However, this caused severe regressions,
some applications like SquirrelMail and Gallery did not work any
more, and the package 'php4-pear' was empty. The current version
repairs this.
In addition this update fixes a crash of the PHP interpreter if
curl_init() was called with a non-string argument. Please note that
this is not security relevant since this condition usually cannot be
triggered externally.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.6.diff.gz
Size/MD5: 613114 f69f7628cd864ce882f9db0b3bdd718e
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.6.dsc
Size/MD5: 1624 2e690cfc20fc44d52ce257ad1e7feb51
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.6_all.deb
Size/MD5: 332016 a077a1b54367ceae86bd9b59bc93019f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.6_all.deb
Size/MD5: 333178 2072e61342dd886300d42d8e1279ca60
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 1688364 ba5ef7782432d555abfce43f619dd897
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 3197476 c7cacb23f3fb6f7ac549efebf035409b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 17272 b393362e0f9d956cc80596b8cbffca40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 40428 a36bb1db9ef871722b8c7a6cce2972cb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 33494 ecc6bedbf4f2c28bf0e04ae7c67b75af
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 21230 e78c062566dd0d561e4b06ea6c0559a2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 18408 60e21502e9e93b6103fb36d70385b04b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 7994 409379278006305215eb6e4c4348a25e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 23114 c89dc41a87f7937ca0477406b8e14a89
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 28324 35dc32acc42792b196d22abdb4831fea
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 7618 b58887d97df54669c5224db4f35431b6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 12972 0da311687ff193dad6a75e4255d5437a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 21512 3e6e3a78663f5d6bfba9b3bc75125fb2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 17252 34a78e58024ecabf467075ebcf6a9393
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_amd64.deb
Size/MD5: 1704494 b66e65463ce2402f5c65e6b682df30ec
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 1630548 0c7fdd498ab13d4fe4e0ce6651c22386
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 3044008 d62c723fb22e8f79a28f9315271a0322
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 16850 c9ddaa6b421998d3ab00232177582e40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 35554 8f9c3cf4de700dff82c69b76d89f5269
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 31070 f1ef5632fe8ed9fd88b09f0131066e8a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 19466 e48a2403dfb866efb814ce1648db83e6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 17038 0a7f9083f863c2ec2159be914703bd76
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 7742 d8bb06ef141697646be330dad1683cb5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 20898 1368183f2679abe05713d30e1d09c855
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 26064 bcde462599cb5200344d18e3cbd7001b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 7368 f92ef958a3919e1d3ff4aee042ddc992
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 12316 bc4008ee1c028ce32bde7deb6ca9f481
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 20008 eedf0fb2aaa44a4a281a797e00b8ad22
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 15874 9f6df902e65d50f380297fc3cf9b2ed3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_i386.deb
Size/MD5: 1645216 f5a4cbdf8db229b484532bd9f95dc5ac
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 1690374 a2f5e3f4751adc2bf2fef0c428a2866a
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 3203424 0d626c3758cdd085cbd732db79aab134
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 19080 9ca252b4aae829c10370aab5bd8258a5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 38274 dbad9078c5e9b5775d4b88073c38c739
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 34000 76298f9cd2fd909665a46e1a885f13be
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 21470 3c013d3279ec9049d9817c1498fb7afc
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 19300 371908a2d74c041a6edcd10f9bf1ec24
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 9314 28d7cb75691e81ac89dac754d7ee3098
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 22684 fa83d50c5d7c1b9406ff196dec908f58
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 28398 165c7bc72e6ccfd2559e7fe4cbe13934
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 9000 2aedac9c6b5d0dbe8054827e23e89e42
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 14318 691e7df38597f42d74e81cee4bca4a78
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 22192 8ef6cee127375f17a60323d4519cd1e0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 18052 ac34dbd5b7ebb2d7fceda989e24edcc2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.6_powerpc.deb
Size/MD5: 1707858 cdb7f64af6a0a0efe2a14fc357d867a8
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists