lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HKTH1-0006eq-N9@artemis.annvix.ca>
Date: Thu, 22 Feb 2007 22:47:15 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:048 ] - Updated php packages fix
	multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:048
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : February 22, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered in PHP language.
 
 Many buffer overflow flaws were discovered in the PHP session
 extension, the str_replace() function, and the imap_mail_compose()
 function.  An attacker able to use a PHP application using any of
 these functions could trigger these flaws and possibly execute
 arbitrary code as the apache user (CVE-2007-0906).
 
 A one-byte memory read will always occur prior to the beginning of a
 buffer, which could be triggered, for example, by any use of the
 header() function in a script (CVE-2007-0907).
 
 The wddx extension, if used to import WDDX data from an untrusted
 source, may allow a random portion of heap memory to be exposed due
 to certain WDDX input packets (CVE-2007-0908).
 
 The odbc_result_all() function, if used to display data from a
 database,
 and if the contents of the database are under the control of an
 attacker, could lead to the execution of arbitrary code due to a format
 string vulnerability (CVE-2007-0909).
 
 Several flaws in the PHP could allow attackers to clobber certain
 super-global variables via unspecified vectors (CVE-2007-0910).
 
 The zend_hash_init() function can be forced into an infinite loop
 if unserializing untrusted data on a 64-bit platform, resulting in
 the consumption of CPU resources until the script timeout alarm aborts
 the execution of the script (CVE-2007-0988).
 
 Updated package have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 14a536e0c07f48b553986725223f54dc  2006.0/i586/libphp5_common5-5.0.4-9.19.20060mdk.i586.rpm
 762bc7a2f5500dca2eb7effdb96b6cf0  2006.0/i586/php-cgi-5.0.4-9.19.20060mdk.i586.rpm
 3055c27939b2b6451872b39654c7564f  2006.0/i586/php-cli-5.0.4-9.19.20060mdk.i586.rpm
 042909d1305a2ceeab45fa11fa4ff434  2006.0/i586/php-devel-5.0.4-9.19.20060mdk.i586.rpm
 0bcc6a996a381e6d8ee7c5271bbea166  2006.0/i586/php-fcgi-5.0.4-9.19.20060mdk.i586.rpm
 69bc4325439a8ee9ba99ed28af7ed0e2  2006.0/i586/php-imap-5.0.4-2.5.20060mdk.i586.rpm
 b9a273cc6b7b5e35efea231b27bbc2e5  2006.0/i586/php-odbc-5.0.4-1.1.20060mdk.i586.rpm
 7b499c1b38392d556619692780ed41f4  2006.0/i586/php-session-5.0.4-1.1.20060mdk.i586.rpm 
 452f887b5fcfb2e568ec904b708f611c  2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
 0ccd978c2b32e74087d237e334a46779  2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
 d7549d0a1c8dd9a8989bbf2519d923fa  2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
 92abeadef4272b1e1dff61c956923d23  2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 9e66a63f9b6a4694e3b6440afc4e0bd5  2006.0/x86_64/lib64php5_common5-5.0.4-9.19.20060mdk.x86_64.rpm
 a07a6011defb76f88eba66fc429221e3  2006.0/x86_64/php-cgi-5.0.4-9.19.20060mdk.x86_64.rpm
 964d1e6c84a4a8b20fc5257435e64d6e  2006.0/x86_64/php-cli-5.0.4-9.19.20060mdk.x86_64.rpm
 a0b074323affacd0c3b26302bb791d0a  2006.0/x86_64/php-devel-5.0.4-9.19.20060mdk.x86_64.rpm
 74f357e2b7db2b3c1d7e179ab9341b10  2006.0/x86_64/php-fcgi-5.0.4-9.19.20060mdk.x86_64.rpm
 6bad08844fe2a99bd12defc982e75e5f  2006.0/x86_64/php-imap-5.0.4-2.5.20060mdk.x86_64.rpm
 183f14e7c52ad0b14692661afd478e3c  2006.0/x86_64/php-odbc-5.0.4-1.1.20060mdk.x86_64.rpm
 f156370ad26f48adcc9fbdb17eb04db1  2006.0/x86_64/php-session-5.0.4-1.1.20060mdk.x86_64.rpm 
 452f887b5fcfb2e568ec904b708f611c  2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
 0ccd978c2b32e74087d237e334a46779  2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
 d7549d0a1c8dd9a8989bbf2519d923fa  2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
 92abeadef4272b1e1dff61c956923d23  2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 cf3ef7426074a91964ef0086459cc889  2007.0/i586/libphp5_common5-5.1.6-1.6mdv2007.0.i586.rpm
 8567efb3d4d7a41bcfeecd1c0a3c64e5  2007.0/i586/php-cgi-5.1.6-1.6mdv2007.0.i586.rpm
 675213bf0e797a294776da1bbcbddc69  2007.0/i586/php-cli-5.1.6-1.6mdv2007.0.i586.rpm
 115be2e3b5ca6b285dd359374ab4cf5c  2007.0/i586/php-devel-5.1.6-1.6mdv2007.0.i586.rpm
 b3ca1cf50e10f01d57d9471baf5f330c  2007.0/i586/php-fcgi-5.1.6-1.6mdv2007.0.i586.rpm
 40225dcc5e0e4293be737a5043436010  2007.0/i586/php-imap-5.1.6-1.1mdv2007.0.i586.rpm
 ba41c7d542423eb42539dc6ab3e2ac9f  2007.0/i586/php-odbc-5.1.6-1.1mdv2007.0.i586.rpm
 639ede4d200b60c4164f396d6e215b69  2007.0/i586/php-session-5.1.6-1.1mdv2007.0.i586.rpm 
 0b6a180bef35c9b1945f8c6bd81d7106  2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
 7d90955ba0926450ae4d3fe854744f36  2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
 ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3  2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
 2959ad88632828e143d5ac98fae79a7b  2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 0f3a963e7808ed8be25e7b17544c0c05  2007.0/x86_64/lib64php5_common5-5.1.6-1.6mdv2007.0.x86_64.rpm
 b7bb612bfc0cb39bb5648dd0b7ea4d37  2007.0/x86_64/php-cgi-5.1.6-1.6mdv2007.0.x86_64.rpm
 c4b459dc63debe260e8f06d4260e30fd  2007.0/x86_64/php-cli-5.1.6-1.6mdv2007.0.x86_64.rpm
 18534448cbe23231900e3da51333dc67  2007.0/x86_64/php-devel-5.1.6-1.6mdv2007.0.x86_64.rpm
 6bbd4f1f6c4e060de408183798a2f312  2007.0/x86_64/php-fcgi-5.1.6-1.6mdv2007.0.x86_64.rpm
 b8c0a446c7fa433e0678e3e58effccab  2007.0/x86_64/php-imap-5.1.6-1.1mdv2007.0.x86_64.rpm
 f49bb567345c6728baf879e943e15002  2007.0/x86_64/php-odbc-5.1.6-1.1mdv2007.0.x86_64.rpm
 e60efa04d5b12f98a1c9800c8d3d4a21  2007.0/x86_64/php-session-5.1.6-1.1mdv2007.0.x86_64.rpm 
 0b6a180bef35c9b1945f8c6bd81d7106  2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
 7d90955ba0926450ae4d3fe854744f36  2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
 ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3  2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
 2959ad88632828e143d5ac98fae79a7b  2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 b976e6b9cadf8cf26eb00611b5b47274  corporate/3.0/i586/libphp_common432-4.3.4-4.24.C30mdk.i586.rpm
 21a6ed462d981442f42aa22f4b2dc09b  corporate/3.0/i586/php-cgi-4.3.4-4.24.C30mdk.i586.rpm
 13515b3d016198d636d37abf967e5c20  corporate/3.0/i586/php-cli-4.3.4-4.24.C30mdk.i586.rpm
 ba84264eeab995355deab7c9323aedd1  corporate/3.0/i586/php-imap-4.3.4-1.5.C30mdk.i586.rpm
 128dc7b4d3b2e925b7a0b1d850d0895a  corporate/3.0/i586/php432-devel-4.3.4-4.24.C30mdk.i586.rpm 
 56f90fe0b8a96f6a6fe5bf0620cd4408  corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
 2ab806c5a8f696fdce5e4f1037e1404d  corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8ccfdbf8075179e44035bb97f3e75d7d  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.24.C30mdk.x86_64.rpm
 18b243d3ce9ea60777d66980280c37ba  corporate/3.0/x86_64/php-cgi-4.3.4-4.24.C30mdk.x86_64.rpm
 404152b4a6a773895b7eff209f1fb1d5  corporate/3.0/x86_64/php-cli-4.3.4-4.24.C30mdk.x86_64.rpm
 fdeb1accc67c123bace512c287a656c2  corporate/3.0/x86_64/php-imap-4.3.4-1.5.C30mdk.x86_64.rpm
 14a01cc331d4ce489a8f9fdee3959c31  corporate/3.0/x86_64/php432-devel-4.3.4-4.24.C30mdk.x86_64.rpm 
 56f90fe0b8a96f6a6fe5bf0620cd4408  corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
 2ab806c5a8f696fdce5e4f1037e1404d  corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm

 Corporate 4.0:
 c509fc3368d31c1dca47d065b28f2fea  corporate/4.0/i586/libphp4_common4-4.4.4-1.4.20060mlcs4.i586.rpm
 4901007b7f7d98585f926c76692e3c3e  corporate/4.0/i586/libphp5_common5-5.1.6-1.5.20060mlcs4.i586.rpm
 e3ffeda22f59f1f947acfeba34a9d23f  corporate/4.0/i586/php-cgi-5.1.6-1.5.20060mlcs4.i586.rpm
 aecf1f88ba7c6e964f8f96a90cbf10c2  corporate/4.0/i586/php-cli-5.1.6-1.5.20060mlcs4.i586.rpm
 39268f16090d55a4c969734263036be4  corporate/4.0/i586/php-devel-5.1.6-1.5.20060mlcs4.i586.rpm
 3db35d86b2943802a54cc3272662e91c  corporate/4.0/i586/php-fcgi-5.1.6-1.5.20060mlcs4.i586.rpm
 a8e96cedb24e719f32c83d5e6bc02e3e  corporate/4.0/i586/php-imap-5.1.6-1.1.20060mlcs4.i586.rpm
 169fef5a69d5d3c1b385d218ddaf68fd  corporate/4.0/i586/php-odbc-5.1.6-1.1.20060mlcs4.i586.rpm
 d3191c857cee1b6ed1c9978d0eea5a8c  corporate/4.0/i586/php-session-5.1.6-1.1.20060mlcs4.i586.rpm
 58777631a4cc9b7f064b3eb41b773b60  corporate/4.0/i586/php-wddx-5.1.6-1.1.20060mlcs4.i586.rpm
 981f2fe117ddd4a025b095bd98f988b6  corporate/4.0/i586/php4-cgi-4.4.4-1.4.20060mlcs4.i586.rpm
 d0845bd223c59cc23a487cc11822940c  corporate/4.0/i586/php4-cli-4.4.4-1.4.20060mlcs4.i586.rpm
 ce46c6aa0f58d6b87392e0c7b471dc4b  corporate/4.0/i586/php4-devel-4.4.4-1.4.20060mlcs4.i586.rpm
 cb618d8c7536749f010445b5f7c1ad5a  corporate/4.0/i586/php4-imap-4.4.4-0.1.20060mlcs4.i586.rpm
 df7aa75f1bbdd6051f71d62692417b00  corporate/4.0/i586/php4-odbc-4.4.4-0.1.20060mlcs4.i586.rpm
 a5743e7b00125f3fbfc9815e5bedacfe  corporate/4.0/i586/php4-wddx-4.4.4-0.1.20060mlcs4.i586.rpm 
 b912cf9745221ccf19f08c9e9e6e9724  corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
 12771ab58ff701a26a3dff54e3cb757a  corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
 3ac73928485a9d003f9ab410da73f496  corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
 b6d3c63e004e44c8bef821d14e9dfb95  corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
 c30202c77c1a1a5a8694536733b7efb3  corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
 bc686b9f2bd178263c6e211c3781f0fb  corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
 4ec41380503d039ba368e1b5a375042f  corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
 a151cddb0bb46bf5046091e9ee0683c1  corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
 afa5569276637c92cfec4fca0b700434  corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 e2031a018eabe7291baa8f14e8aea201  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.4.20060mlcs4.x86_64.rpm
 67e00f079636589757a192db88789be7  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.5.20060mlcs4.x86_64.rpm
 9e8e832216178be8c5c6cf5a7b46011e  corporate/4.0/x86_64/php-cgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
 0628d22b004b2948ca17dcfadac43e50  corporate/4.0/x86_64/php-cli-5.1.6-1.5.20060mlcs4.x86_64.rpm
 6e5eeeef138b0ae9c458bf3756e551c3  corporate/4.0/x86_64/php-devel-5.1.6-1.5.20060mlcs4.x86_64.rpm
 9af58850637ffed2b37ccfa0c881fb1f  corporate/4.0/x86_64/php-fcgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
 fbacfda0078e058d0a9c55b0951d7b22  corporate/4.0/x86_64/php-imap-5.1.6-1.1.20060mlcs4.x86_64.rpm
 4d4dfb1e89ff5debd4734b09e18282db  corporate/4.0/x86_64/php-odbc-5.1.6-1.1.20060mlcs4.x86_64.rpm
 e6cc37b9941ca1c010a83ecfeb80f5ff  corporate/4.0/x86_64/php-session-5.1.6-1.1.20060mlcs4.x86_64.rpm
 bd9fce2e55b5445324c605eb739a811c  corporate/4.0/x86_64/php-wddx-5.1.6-1.1.20060mlcs4.x86_64.rpm
 6795c92d078f0a9a67abcc44fde3b6ee  corporate/4.0/x86_64/php4-cgi-4.4.4-1.4.20060mlcs4.x86_64.rpm
 d6112d336c1d5bc101cc5a624177b38e  corporate/4.0/x86_64/php4-cli-4.4.4-1.4.20060mlcs4.x86_64.rpm
 b5c7bd35a04a63839c9a43de0392ee29  corporate/4.0/x86_64/php4-devel-4.4.4-1.4.20060mlcs4.x86_64.rpm
 94ae86a2e5b36059eba7f7385df0f79c  corporate/4.0/x86_64/php4-imap-4.4.4-0.1.20060mlcs4.x86_64.rpm
 17166588d6b6052e85f395e15fa6a942  corporate/4.0/x86_64/php4-odbc-4.4.4-0.1.20060mlcs4.x86_64.rpm
 de8d50be6e2bd6f6cdba304f003bcc24  corporate/4.0/x86_64/php4-wddx-4.4.4-0.1.20060mlcs4.x86_64.rpm 
 b912cf9745221ccf19f08c9e9e6e9724  corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
 12771ab58ff701a26a3dff54e3cb757a  corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
 3ac73928485a9d003f9ab410da73f496  corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
 b6d3c63e004e44c8bef821d14e9dfb95  corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
 c30202c77c1a1a5a8694536733b7efb3  corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
 bc686b9f2bd178263c6e211c3781f0fb  corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
 4ec41380503d039ba368e1b5a375042f  corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
 a151cddb0bb46bf5046091e9ee0683c1  corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
 afa5569276637c92cfec4fca0b700434  corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 f67045828bb37de94a16410dd106c839  mnf/2.0/i586/libphp_common432-4.3.4-4.24.M20mdk.i586.rpm
 6d6c9770470709db6c849baf1b79ed7c  mnf/2.0/i586/php-cgi-4.3.4-4.24.M20mdk.i586.rpm
 f5f3a45ffa8c90a53f541dd575dcfde0  mnf/2.0/i586/php-cli-4.3.4-4.24.M20mdk.i586.rpm
 7d8a49eb836d1f7b09afbb67dae77ef4  mnf/2.0/i586/php432-devel-4.3.4-4.24.M20mdk.i586.rpm 
 9ef4f5c1fd355320945faf7bb3904975  mnf/2.0/SRPMS/php-4.3.4-4.24.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF3lOTmqjQ0CJFipgRAsbpAKDURk8Q4U7KcvcsVpYlNbe8CwIiWQCgobiE
w9pA+mlmA6RVi+gXsxvQWNc=
=u9Od
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ