lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060726110252.GK5161@piware.de>
Date: Wed, 26 Jul 2006 13:02:52 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-320-2] php4 regression

=========================================================== 
Ubuntu Security Notice USN-320-2              July 26, 2006
php4 regression
https://launchpad.net/bugs/53581
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libapache2-mod-php4                      4:4.3.10-10ubuntu4.6
  php4-cgi                                 4:4.3.10-10ubuntu4.6
  php4-cli                                 4:4.3.10-10ubuntu4.6

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-320-2 fixed several vulnerabilities in PHP. James Manning
discovered that the Ubuntu 5.04 update introduced a regression, the
function tempnam() caused a crash of the PHP interpreter in some
circumstances. The updated packages fix this.

We apologize for the inconvenience.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.6.diff.gz
      Size/MD5:   281956 1c914659e6f61602a9f71b8d37b3392b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.6.dsc
      Size/MD5:     1469 17a8050464f1dbbb1fabb99343a5c6cf
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10.orig.tar.gz
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.6_all.deb
      Size/MD5:     1126 a05b26a1ea93b28d73b94422da467918

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.6_amd64.deb
      Size/MD5:  1657558 9d8d66e9cb31cb87294b6233fa927e33
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.6_amd64.deb
      Size/MD5:  3275316 4423f48ce31f2f3334506b23f02fedb8
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.6_amd64.deb
      Size/MD5:  1647604 e79fed2516655fc81564e8fe0f488bea
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.6_amd64.deb
      Size/MD5:   168258 5252917d283455beea87dcfcd80d3bbf
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.6_amd64.deb
      Size/MD5:   348252 d38144e70507eeeaccd0f0eb88201332

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.6_i386.deb
      Size/MD5:  1592844 ab4f524bf3b203661ca083fc6cbefb00
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.6_i386.deb
      Size/MD5:  3169886 0b56067b59dd1612562dc82fc6eede43
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.6_i386.deb
      Size/MD5:  1592924 86addeffabaa817733857dfed3e37b29
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.6_i386.deb
      Size/MD5:   168254 f0ed0ff02813d768a8e600f3646382ba
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.6_i386.deb
      Size/MD5:   348266 70238b0ae0790cd79c645720e66eae19

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.6_powerpc.deb
      Size/MD5:  1658990 5769a9d9690042900e70f98432ed7d7a
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.6_powerpc.deb
      Size/MD5:  3278826 9a2287a0bf8e587ee651230d8e40b797
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.6_powerpc.deb
      Size/MD5:  1646196 a001bf1a15d25ae4354190d8c722e846
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.6_powerpc.deb
      Size/MD5:   168268 37293b3c08d1593bb55b73bce39cf6c3
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.6_powerpc.deb
      Size/MD5:   348282 257afdf00afb930d1fb294d12454ae3a

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ