lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1E8QWW-0004Ib-Lj@mercury.mandriva.com>
Date: Thu, 25 Aug 2005 16:48:40 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           php
 Advisory ID:            MDKSA-2005:152
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The php packages, as shipped, were built using a private copy of pcre.
 
 The updated packages have been rebuilt against the system pcre libs
 to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 eb0e368698b2fda5305b91ab1db8454b  10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
 1816cfcc76d579e46733d572b9419fce  10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
 44eccf95b5ea20a7980bc57193fd4207  10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
 a69cc3baef9baa683242e30f6011f8e2  10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
 a0a2f9a9e8241a515cf2b548beae4cb7  10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 fd1a6e1293506461a19e5cc80d90eecb  amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
 f9374c5b4339d568fe6e05bfb17b81f7  amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
 0f811ea9666a35feaeb3176bef2145e4  amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
 5cc1e89e7e2d2474d4249713855ab1b1  amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
 a0a2f9a9e8241a515cf2b548beae4cb7  amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

 Mandrakelinux 10.1:
 696d96819a573db2fc9ef77018a1cd5a  10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
 cd75f36ce70b59b1e7d89ec17e939c01  10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
 190fb5d7390f421ab639f086b0d4b830  10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
 92d72f61dba2582098b490790d1dd759  10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
 7c1fd0570af6566a47ef240e072757e3  10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 497261e30c8f34eeb074273dff2e51cd  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
 08f0ba426c68ae93549dc9617aec9fa7  x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
 beb9dfc3eabafd3491f3996f339b89a7  x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
 3b9dfd200b756098165f7df0381e4fbd  x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
 7c1fd0570af6566a47ef240e072757e3  x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

 Mandrakelinux 10.2:
 586822538c1277d23958c0ccc7ca5f5b  10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
 eda7407c1646e614949886cc0779c317  10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
 cc5883ec909c52dd3c8eafd069bfefad  10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
 7ba1ae1b35dcae80c87e934f7942ba4b  10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
 8e6141b81f2a0852338915b5b5f78f43  10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 df8091c501dc846ee06d91843bb5bb01  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm
 d6ed3306dbdf94e2d9a9331e787082c6  x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
 9fae82418ec0cb926515a401563cd6f6  x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
 0a966fc75dfeba6697907a9d85365521  x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
 8e6141b81f2a0852338915b5b5f78f43  x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

 Multi Network Firewall 2.0:
 9512ea70132f3edb788c48a4d3ac7e34  mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
 5df5f70c8470ece4238d11f0cb213fb0  mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
 c1c3eae72209c6742cbaa204fe1174d4  mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

 Corporate Server 2.1:
 20e4fe9664591d97bd7e87bce7abf8a1  corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
 b5c53e71a69a7d8812bb2871cef26aaf  corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
 483f7f2db9ec6d49e29ba7c4488996ee  corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
 1b3cbc4961e4ef50c6304d6a8f03cd0a  corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
 0b15baacbb3243b46143fd041a8dd8f4  corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 734b15eebd17d63cef3e3a7f042c9fb1  x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
 d3c6941f8c98f4e868e5b9b2366e8886  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm
 8eed243db07e3b87186598d050dcee8b  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
 839e1b9811714d35ce87b6d7bdd4a326  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
 0b15baacbb3243b46143fd041a8dd8f4  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

 Corporate 3.0:
 0058c2f1310f1d9d96699565d285a9f2  corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
 6d8a5bad11aa6891a21ed9ad3da4dc45  corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
 12c74a0af4df6572420c5ba18881cc3c  corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
 e1e8b213071496d8bcd20d8c54288b4a  corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
 d29855cc6df3d29b38eba206acf7c1d2  corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 de5bbf1a212dda1610ba9cb39429ee03  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm
 bb62cee7751251be364cb9a42467066b  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
 28a83cd6fdf175ea0e7f0907b708acd4  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
 91d3df83d21e58d339ac5f84e97b7386  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm
 d29855cc6df3d29b38eba206acf7c1d2  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkrImqjQ0CJFipgRAmZsAJwPg2M9yYquQzxTwFsfTR/zeDpRjwCfU/25
0iO114SDZxGvdjZiNj6oj3k=
=M1FP
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ