[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041216172655.GA15735@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-40-1] PHP vulnerabilities
===========================================================
Ubuntu Security Notice USN-40-1 December 16, 2004
php4 vulnerabilities
CAN-2004-1019, CAN-2004-1065
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4
php4-cgi
The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.1. After performing a standard system upgrade
you need to reload the PHP module in the webserver by executing
sudo /etc/init.d/apache2 reload
to effect the necessary changes.
Details follow:
Stefan Esser reported several buffer overflows in PHP's variable unserializing
handling. These could allow an attacker to execute arbitrary code on the server
with the PHP interpreter's privileges by sending specially crafted input
strings (form data, cookie values, and similar).
Additionally, Ilia Alshanetsky discovered a buffer overflow in the
exif_read_data() function. Attackers could execute arbitrary code on the server
by sending a JPEG image with a very long "sectionname" value to PHP
applications that support image uploads.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.diff.gz
Size/MD5: 610651 e966340847246b2191f23982664390ed
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.dsc
Size/MD5: 1624 659779c771610d813c1f3a4aa580abc0
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.1_all.deb
Size/MD5: 331236 de01a589c82ee9b4ab0386287487bc20
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.1_all.deb
Size/MD5: 332374 a68bc6c786b9afde950254ede5b6e5f7
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 1687074 691eee396077c870a30fb238d9191862
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 3195360 c809b2db355a7bc84dec07f253aa10cf
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 17040 afc1817ea59b7b9ea456fc955594245b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 40430 f75458e8cceb8ee81c89bb96f78eedd0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 33494 a9855bcb2e9cd2af0ebcb557bb6d4380
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 21232 0698d1bc76347ba0cd982fc06f1bd0e8
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 18404 50319c698a92bc02ba400f0576d85691
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 7994 e195f98822655c7ca1cf144738502096
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 23112 d8cc467306a90d6c85cb7b07ca3a7a31
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 28324 c265f308ebdc7166189771574aef4ca4
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 7610 0044c60c1352ea2062305b9ad4e218f8
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 12968 18ef336bde0ab867e0e9ae1a9fef55b9
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 21508 1eaf9ea7357ea445a5836f2a9608560b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 17244 b653332b01cdded019b98027e6271542
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_amd64.deb
Size/MD5: 1703068 5a046adb9b630c9ffd2240b8f707399e
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 1629472 f3a06742df44f2d61525ff6ad10a2118
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 3042316 3e47ad3d3e214cab1864c7338d999bf7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 16596 e94769b268e370ce703a3034dca26a29
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 35556 2a0e1e904e6e94b77ff50e55519c2091
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 31072 bfcb31da78652ef4a903fea15cde2f6f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 19474 612fc6968c909cfe4d234c3785ddfe57
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 17052 d555c32361241f8b077a2d48a7f2df75
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 7736 e976e52ee818f267b19694b394296738
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 20902 a10de406012b814358414c98c721e011
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 26062 df8df48148e63e3e77eb5559a9bf5bbc
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 7374 14304803fd0c2363ebe2dbf4effc4aeb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 12316 4147ba0de6f7fb75cc54f94a92a9158d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 20010 ebb83d15f0dd57dfbc8c84d4714b8ef7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 15878 4014ffe19c87776268de3446ba285e71
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_i386.deb
Size/MD5: 1643914 68eea9ea59d35b35cb949a406de5c9b9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 1689302 807531344823fc9a286b5ae7511020fe
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 3202090 66d309045f186a07c886d061440d5e21
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 18870 e8eb9726de46eb207ac41a992bf9a4c8
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 38284 0d3392f73734f400f1934f28f2252eaf
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 34002 dbc5e62935b72f8fa6f7b80206ca66ae
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 21474 818192591970cbbfe93e5d30db622030
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 19310 f5d749f3b0a1371d8f59e036bd9cb50d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 9314 165fec2b86b60d646d176df101116e2c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 22680 d2aebe8f3db956a56dc5d02c9821df77
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 28402 f4e126be6945934a6b9aa7c92b523087
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 8994 3edf33dd1e41c0f0e438144039f009ea
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 14328 8d0b9fa752c930cbc77602b4869a22df
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 22194 df61118cb96d51d0c7ba65604a8ba92d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 18058 eecac94a928382539ee0028e6cd80434
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_powerpc.deb
Size/MD5: 1706958 da15f0cf0899b91fea48125d08dfc912
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041216/7e800eb5/attachment.bin
Powered by blists - more mailing lists