lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HePWZ-0006fq-5h@artemis.annvix.ca>
Date: Wed, 18 Apr 2007 23:49:43 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:089 ] - Updated php packages fix
	multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:089
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : April 18, 2007
 Affected: 2007.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A heap-based buffer overflow vulnerability was found in PHP's gd
 extension.  A script that could be forced to process WBMP images
 from an untrusted source could result in arbitrary code execution
 (CVE-2007-1001).
 
 A DoS flaw was found in how PHP processed a deeply nested array.
 A remote attacker could cause the PHP intrerpreter to creash
 by submitting an input variable with a deeply nested array
 (CVE-2007-1285).
 
 A vulnerability in the way the mbstring extension set global variables
 was discovered where a script using the mb_parse_str() function to
 set global variables could be forced to to enable the register_globals
 configuration option, possibly resulting in global variable injection
 (CVE-2007-1583).
 
 A vulnerability in how PHP's mail() function processed header data was
 discovered.  If a script sent mail using a subject header containing
 a string from an untrusted source, a remote attacker could send bulk
 email to unintended recipients (CVE-2007-1718).
 
 A buffer overflow in the sqlite_decode_function() in the bundled
 sqlite library could allow context-dependent attackers to execute
 arbitrary code (CVE-2007-1887).
 
 Updated packages have been patched to correct these issues.  Also note
 that the default use of the Hardened PHP patch helped to protect
 against some of these issues prior to patching.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 9cf466b76665bc033530c80f504eb54e  2007.0/i586/libphp5_common5-5.1.6-1.7mdv2007.0.i586.rpm
 a1d9ebfcc187c4494af7e1e39fdf0f47  2007.0/i586/php-cgi-5.1.6-1.7mdv2007.0.i586.rpm
 55439de9b2c70cc97cee9b51fb5a89a9  2007.0/i586/php-cli-5.1.6-1.7mdv2007.0.i586.rpm
 8c77d342600f50e6157a3df4f1f9b8f1  2007.0/i586/php-devel-5.1.6-1.7mdv2007.0.i586.rpm
 f3c5bc37d6a24279a5f63b9f18e913f9  2007.0/i586/php-fcgi-5.1.6-1.7mdv2007.0.i586.rpm
 ca1858b16d0a4d080e052bc182fc391f  2007.0/i586/php-gd-5.1.6-1.2mdv2007.0.i586.rpm
 ddb1de61592f7a7281e5e91449398305  2007.0/i586/php-mbstring-5.1.6-1.1mdv2007.0.i586.rpm
 083edc863400b03a69056dca44ba3a2e  2007.0/i586/php-sqlite-5.1.6-1.1mdv2007.0.i586.rpm 
 eb4be9590d4b82d63d3041b5963dd365  2007.0/SRPMS/php-5.1.6-1.7mdv2007.0.src.rpm
 c488b9c4f369ac8f7bb7b727938d75bc  2007.0/SRPMS/php-gd-5.1.6-1.2mdv2007.0.src.rpm
 85269cbd42e2900ee754891e240120b3  2007.0/SRPMS/php-mbstring-5.1.6-1.1mdv2007.0.src.rpm
 3672001f271ae73ac8024455a887ef6e  2007.0/SRPMS/php-sqlite-5.1.6-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 4da00df59f3a9fc8105c3b540cf4054a  2007.0/x86_64/lib64php5_common5-5.1.6-1.7mdv2007.0.x86_64.rpm
 6eb974c7d025e406bd8ee1b72f5972fe  2007.0/x86_64/php-cgi-5.1.6-1.7mdv2007.0.x86_64.rpm
 e4922361429c9aab92a44496e04eb409  2007.0/x86_64/php-cli-5.1.6-1.7mdv2007.0.x86_64.rpm
 17e01392077a6c435455d0b521e82d7a  2007.0/x86_64/php-devel-5.1.6-1.7mdv2007.0.x86_64.rpm
 f73924c3f06c16e1382be7d18e1d1494  2007.0/x86_64/php-fcgi-5.1.6-1.7mdv2007.0.x86_64.rpm
 3a88b1be7ed446e0d5a09ae8f0d64cf4  2007.0/x86_64/php-gd-5.1.6-1.2mdv2007.0.x86_64.rpm
 d983f296eba0b5d1642c1a673bf6673c  2007.0/x86_64/php-mbstring-5.1.6-1.1mdv2007.0.x86_64.rpm
 3f1e547ebc7cb5debd2c818ad3746404  2007.0/x86_64/php-sqlite-5.1.6-1.1mdv2007.0.x86_64.rpm 
 eb4be9590d4b82d63d3041b5963dd365  2007.0/SRPMS/php-5.1.6-1.7mdv2007.0.src.rpm
 c488b9c4f369ac8f7bb7b727938d75bc  2007.0/SRPMS/php-gd-5.1.6-1.2mdv2007.0.src.rpm
 85269cbd42e2900ee754891e240120b3  2007.0/SRPMS/php-mbstring-5.1.6-1.1mdv2007.0.src.rpm
 3672001f271ae73ac8024455a887ef6e  2007.0/SRPMS/php-sqlite-5.1.6-1.1mdv2007.0.src.rpm

 Corporate 4.0:
 a15a2db081dbf8b39751a8831e24cfd8  corporate/4.0/i586/libphp5_common5-5.1.6-1.6.20060mlcs4.i586.rpm
 00f3d7a49c95ad203105d69dbf60acd1  corporate/4.0/i586/php-cgi-5.1.6-1.6.20060mlcs4.i586.rpm
 6579f0081fd03d78bcbbfcec165fa017  corporate/4.0/i586/php-cli-5.1.6-1.6.20060mlcs4.i586.rpm
 2e54eaef6e350edb05e57291820b40ea  corporate/4.0/i586/php-devel-5.1.6-1.6.20060mlcs4.i586.rpm
 a74807717c95d2aa153f65ca94522f99  corporate/4.0/i586/php-fcgi-5.1.6-1.6.20060mlcs4.i586.rpm
 e79a2f636d497934ddf8b507d4cb54cc  corporate/4.0/i586/php-gd-5.1.6-1.2.20060mlcs4.i586.rpm
 18c113b8fd4b1dd9d8d3c8638da5f25b  corporate/4.0/i586/php-mbstring-5.1.6-1.1.20060mlcs4.i586.rpm
 0464c30285a7d41d295efced9ea13475  corporate/4.0/i586/php-sqlite-5.1.6-1.1.20060mlcs4.i586.rpm 
 35972da2bd604325e2ce45fee5f2229f  corporate/4.0/SRPMS/php-5.1.6-1.6.20060mlcs4.src.rpm
 e506bf4c83ce83e4957018d0eae9638d  corporate/4.0/SRPMS/php-gd-5.1.6-1.2.20060mlcs4.src.rpm
 724ff1f27ef0b5daac393c4ce1f1f238  corporate/4.0/SRPMS/php-mbstring-5.1.6-1.1.20060mlcs4.src.rpm
 73e6b41861c52d73d1e744f4a726403b  corporate/4.0/SRPMS/php-sqlite-5.1.6-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 cf307c130586c41c75f59a44f9c85d9b  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.6.20060mlcs4.x86_64.rpm
 cd0091895f438d0d5cf70653b547c9ff  corporate/4.0/x86_64/php-cgi-5.1.6-1.6.20060mlcs4.x86_64.rpm
 b037c050f0143b6b28a6915f86a15780  corporate/4.0/x86_64/php-cli-5.1.6-1.6.20060mlcs4.x86_64.rpm
 82f04ea296e82ca8e062f1f783dfa6ee  corporate/4.0/x86_64/php-devel-5.1.6-1.6.20060mlcs4.x86_64.rpm
 4a62890162c10d8757c6ce7398f33948  corporate/4.0/x86_64/php-fcgi-5.1.6-1.6.20060mlcs4.x86_64.rpm
 a1eda733d9134658499315de0ccc6d8a  corporate/4.0/x86_64/php-gd-5.1.6-1.2.20060mlcs4.x86_64.rpm
 280e7b19617244aecbe446f48f3b8c72  corporate/4.0/x86_64/php-mbstring-5.1.6-1.1.20060mlcs4.x86_64.rpm
 c94b1c4fe2fc5890443105b365b16d96  corporate/4.0/x86_64/php-sqlite-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 35972da2bd604325e2ce45fee5f2229f  corporate/4.0/SRPMS/php-5.1.6-1.6.20060mlcs4.src.rpm
 e506bf4c83ce83e4957018d0eae9638d  corporate/4.0/SRPMS/php-gd-5.1.6-1.2.20060mlcs4.src.rpm
 724ff1f27ef0b5daac393c4ce1f1f238  corporate/4.0/SRPMS/php-mbstring-5.1.6-1.1.20060mlcs4.src.rpm
 73e6b41861c52d73d1e744f4a726403b  corporate/4.0/SRPMS/php-sqlite-5.1.6-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGJthCmqjQ0CJFipgRAovVAKC70IrJBcN4C0S8Stwl7ZbJemOyaQCgguFK
iM9nzjKqkDmAfVjb/BMoJ6w=
=VHym
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ