lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <422F9A97.5010005@videotron.ca>
From: marcdeslauriers at videotron.ca (Marc Deslauriers)
Subject: [Updated][FLSA-2005:2344] Updated php packages
	fix security issues

---------------------------------------------------------------------
                Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:2344
Issue date:        2005-03-09
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=2344
CVE Names:         CAN-2004-0958 CAN-2004-0959 CAN-2004-1018
                    CAN-2004-1019 CAN-2004-1065 CAN-2004-1392
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated php packages that fix various security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

[Updated 9th March 2005]
Red Hat Linux 7.3 and Red Hat Linux 9 packages have been updated to
correct a backporting bug which caused php to segfault.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

An information disclosure bug was discovered in the parsing of "GPC"
variables in PHP (query strings or cookies, and POST form data). If
particular scripts used the values of the GPC variables, portions of the
memory space of an httpd child process could be revealed to the client.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0958 to this issue.

A file access bug was discovered in the parsing of "multipart/form-data"
forms, used by PHP scripts which allow file uploads. In particular
configurations, some scripts could allow a malicious client to upload
files to an arbitrary directory where the "apache" user has write
access. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-0959 to this issue.

Flaws were found in shmop_write, pack, and unpack PHP functions. These
functions are not normally passed user supplied data, so would require a
malicious PHP script to be exploited. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to
this issue.

Flaws including possible information disclosure, double free, and
negative reference index array underflow were found in the
deserialization code of PHP. PHP applications may use the unserialize
function on untrusted user data, which could allow a remote attacker to
gain access to memory or potentially execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1019 to this issue.

A flaw in the exif extension of PHP was found which lead to a stack
overflow. An attacker could create a carefully crafted image file in
such a way that if parsed by a PHP script using the exif extension it
could cause a crash or potentially execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1065 to this issue.

A flaw in the PHP cURL functions allows remote attackers to bypass the
open_basedir setting and read arbitrary files via a file: URL argument
to the curl_init function. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-1392 to this
issue.

Users of PHP should upgrade to these updated packages, which contain
fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2344 - multiple php vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.16.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.16.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.16.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.12.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.12.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.12.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.10-1.1.legacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

e3f9daeae549b169a6d23185eff0f621216d370b 
redhat/7.3/updates/i386/php-4.1.2-7.3.16.legacy.i386.rpm
6d317b8e40d4acda5297ad8fbef3ee82efc93f41 
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.16.legacy.i386.rpm
d3425f1742fbfe7719857bce39e60af2fd9feee5 
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.16.legacy.i386.rpm
a0f00b99838546b3c577f4a4a091d3d6b7bc074c 
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.16.legacy.i386.rpm
ace5ec3f6fdf22072878b1bd179918875c42d5cc 
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.16.legacy.i386.rpm
ca07e0bcf2003e92b44c249913d32a2fbc773e8b 
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.16.legacy.i386.rpm
8ad8f131b8b2584fb82aad582731b274b6f276cf 
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.16.legacy.i386.rpm
03bcac1613a434ed09ab0a34d8fe6eeb42e4958a 
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.16.legacy.i386.rpm
6dea4a944d94c0bca441db66f451362e8c4aabbc 
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.16.legacy.i386.rpm
46ea10ec8ac66c1a1d28c36f813882d4527266dc 
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.16.legacy.src.rpm
393821cc215925fbb69dba550977eac20affa158 
redhat/9/updates/i386/php-4.2.2-17.12.legacy.i386.rpm
d03475657cc73ec2a4112e8264b545014df676c7 
redhat/9/updates/i386/php-devel-4.2.2-17.12.legacy.i386.rpm
6092eb7d134cc7e6316a5c6a0339914f774b9776 
redhat/9/updates/i386/php-imap-4.2.2-17.12.legacy.i386.rpm
53c36bd673da9f2adcb9590e36b2513f6cbba685 
redhat/9/updates/i386/php-ldap-4.2.2-17.12.legacy.i386.rpm
091820b8df171e0ee9eaae52865b5894a6925670 
redhat/9/updates/i386/php-manual-4.2.2-17.12.legacy.i386.rpm
fbf71d0fdb918c650059e07d9fbf795223e2191a 
redhat/9/updates/i386/php-mysql-4.2.2-17.12.legacy.i386.rpm
2ce46c85ea45eb47fa4999962eca01458bd73532 
redhat/9/updates/i386/php-odbc-4.2.2-17.12.legacy.i386.rpm
fe3ed8936aee6874bd4fa7e19a3c96aaf39b8e31 
redhat/9/updates/i386/php-pgsql-4.2.2-17.12.legacy.i386.rpm
ab25d015acd917ad0c12d13f262ad3d0d29fa1fa 
redhat/9/updates/i386/php-snmp-4.2.2-17.12.legacy.i386.rpm
8e5c6db8bdc50f5662f4e4e29b38e5c46eb9edc3 
redhat/9/updates/SRPMS/php-4.2.2-17.12.legacy.src.rpm
dd0daa7c3d6b4f491605e698c39cb451edff50ba 
fedora/1/updates/i386/php-4.3.10-1.1.legacy.i386.rpm
c07635eca5d2ce4f1972c5faf3e14f4c00a19f2d 
fedora/1/updates/i386/php-devel-4.3.10-1.1.legacy.i386.rpm
2658aabd4ebe409b0b9532baf0894abfe15c0f38 
fedora/1/updates/i386/php-domxml-4.3.10-1.1.legacy.i386.rpm
b38d0ef81f4ccc1ef914bdeb4077461d4dba2d7b 
fedora/1/updates/i386/php-imap-4.3.10-1.1.legacy.i386.rpm
e8d7d69f35641f915edba0eb9c5915db60e318d5 
fedora/1/updates/i386/php-ldap-4.3.10-1.1.legacy.i386.rpm
f9a609b45b56e028080246ea7df8a53d1e0c33b7 
fedora/1/updates/i386/php-mbstring-4.3.10-1.1.legacy.i386.rpm
f34d4ab35fc29149a8c8f84140940c9470356415 
fedora/1/updates/i386/php-mysql-4.3.10-1.1.legacy.i386.rpm
71c362c35b2368348b56d8cd5f7c03812f7b7aa2 
fedora/1/updates/i386/php-odbc-4.3.10-1.1.legacy.i386.rpm
de668bafb64e2f7cb8e3d1add11e8037159ce90d 
fedora/1/updates/i386/php-pgsql-4.3.10-1.1.legacy.i386.rpm
d2bc37081e2633c0cbd721b24cbbeadffc0196be 
fedora/1/updates/i386/php-snmp-4.3.10-1.1.legacy.i386.rpm
1538dab5f7b07a29191f459441478a4c9cc2c11e 
fedora/1/updates/i386/php-xmlrpc-4.3.10-1.1.legacy.i386.rpm
125b673172ebeb9cf0bdefe5adc0060ae10d3c9d 
fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

     rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

     sha1sum <filename>

8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392

9. Contact:

The Fedora Legacy security contact is <secnotice@...oralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050309/f1745b8d/signature.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ