[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVuDJ-0000St-2H@titan.mandriva.com>
Date: Tue, 28 Jul 2009 23:28:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:167 ] php
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:167
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in PHP:
- Fixed upstream bug #48378 (exif_read_data() segfaults on certain
corrupted .jpeg files).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://bugs.php.net/bug.php?id=48378
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
3f3f7fad7715e287ae8c0a07cdb76823 mes5/i586/libphp5_common5-5.2.6-18.7mdvmes5.i586.rpm
5d18fb8298f181829658f5449f2b91fe mes5/i586/php-bcmath-5.2.6-18.7mdvmes5.i586.rpm
0cd0cdf199f37a72127b7425b061dd29 mes5/i586/php-bz2-5.2.6-18.7mdvmes5.i586.rpm
ec7a4e660a0cf2cb4f8807dc81278a0e mes5/i586/php-calendar-5.2.6-18.7mdvmes5.i586.rpm
f2461766d72c06a687c7eaa9f8d71ccf mes5/i586/php-cgi-5.2.6-18.7mdvmes5.i586.rpm
8d5b0d81f6dcc14094bb3d58761aa00f mes5/i586/php-cli-5.2.6-18.7mdvmes5.i586.rpm
305bbf621650f6e94378fa3e1a5a0ff8 mes5/i586/php-ctype-5.2.6-18.7mdvmes5.i586.rpm
1916da01319fe20cd102c8ccacc143c6 mes5/i586/php-curl-5.2.6-18.7mdvmes5.i586.rpm
037916c7471c442d37bed21f9826985d mes5/i586/php-dba-5.2.6-18.7mdvmes5.i586.rpm
f2d33d30de41ed00a695ed82aa1e2365 mes5/i586/php-dbase-5.2.6-18.7mdvmes5.i586.rpm
4ba05fad00e76b56b0db435dc59bba1f mes5/i586/php-devel-5.2.6-18.7mdvmes5.i586.rpm
e1d0f4b53b71740d424c9f144b9093ef mes5/i586/php-dom-5.2.6-18.7mdvmes5.i586.rpm
6e2159a2d55b6628cddf405d936fbdc1 mes5/i586/php-exif-5.2.6-18.7mdvmes5.i586.rpm
d00ee84dda18b87eaee1a4396d6c78ee mes5/i586/php-fcgi-5.2.6-18.7mdvmes5.i586.rpm
7ff8f6f7354987343ada6b8bef6a144f mes5/i586/php-filter-5.2.6-18.7mdvmes5.i586.rpm
3f4a6d9500a7fe82e10ae0d488b65589 mes5/i586/php-ftp-5.2.6-18.7mdvmes5.i586.rpm
105ac192f815384c9c53ef523da933f8 mes5/i586/php-gd-5.2.6-18.7mdvmes5.i586.rpm
43a0e868728c87c67160941b2a4bedec mes5/i586/php-gettext-5.2.6-18.7mdvmes5.i586.rpm
a1bd5d58ee395db72e50b529fec7e012 mes5/i586/php-gmp-5.2.6-18.7mdvmes5.i586.rpm
e578e13d30e90f8fe1d1be3f50bf6693 mes5/i586/php-hash-5.2.6-18.7mdvmes5.i586.rpm
be58a37030dfa7fd5c078e9453c53413 mes5/i586/php-iconv-5.2.6-18.7mdvmes5.i586.rpm
8cfccfce97e77d98cecb807f3d1de310 mes5/i586/php-imap-5.2.6-18.7mdvmes5.i586.rpm
384dcbbe2737a2321c245d993a3554f5 mes5/i586/php-json-5.2.6-18.7mdvmes5.i586.rpm
19e398328899ab709cd59a40476a82d6 mes5/i586/php-ldap-5.2.6-18.7mdvmes5.i586.rpm
1610789d1b6d71df79205768ecbb0291 mes5/i586/php-mbstring-5.2.6-18.7mdvmes5.i586.rpm
c390849fa5ab08c93ca0c8acc368b111 mes5/i586/php-mcrypt-5.2.6-18.7mdvmes5.i586.rpm
f264919a94dd9aacaa372c52a54d8a71 mes5/i586/php-mhash-5.2.6-18.7mdvmes5.i586.rpm
ea4d46de23507d2a930c0a7930b00c6c mes5/i586/php-mime_magic-5.2.6-18.7mdvmes5.i586.rpm
5b24f880b2da1dee384b9a5864d3af68 mes5/i586/php-ming-5.2.6-18.7mdvmes5.i586.rpm
24b0a3f240c7e6e479329b9728f7d335 mes5/i586/php-mssql-5.2.6-18.7mdvmes5.i586.rpm
e8f5ab9ba4764cad24cb7b6db3587f09 mes5/i586/php-mysql-5.2.6-18.7mdvmes5.i586.rpm
b304c4cdde8c31d5ba85e84d685e83fa mes5/i586/php-mysqli-5.2.6-18.7mdvmes5.i586.rpm
2fe42371ea26650ab872751e593e0ca7 mes5/i586/php-ncurses-5.2.6-18.7mdvmes5.i586.rpm
f68c4cbaa7391751f3fef61cd866faf4 mes5/i586/php-odbc-5.2.6-18.7mdvmes5.i586.rpm
3a13b0e1352098a827d31cf250ec735d mes5/i586/php-openssl-5.2.6-18.7mdvmes5.i586.rpm
a92bb27a2ef2028ce601f9b088e29e0b mes5/i586/php-pcntl-5.2.6-18.7mdvmes5.i586.rpm
3beb653001b2693d5ce5129290f6e233 mes5/i586/php-pdo-5.2.6-18.7mdvmes5.i586.rpm
74e4c64bbf07f4055183064bb8a11354 mes5/i586/php-pdo_dblib-5.2.6-18.7mdvmes5.i586.rpm
69d4e0a949aedab166b4448da7d771c4 mes5/i586/php-pdo_mysql-5.2.6-18.7mdvmes5.i586.rpm
6c443ab06fd96a2ff60de9c61d4af650 mes5/i586/php-pdo_odbc-5.2.6-18.7mdvmes5.i586.rpm
45b60716f1899fba8f7d4d40790687f4 mes5/i586/php-pdo_pgsql-5.2.6-18.7mdvmes5.i586.rpm
6a312266edfce6d6d0f7213f8321fdf4 mes5/i586/php-pdo_sqlite-5.2.6-18.7mdvmes5.i586.rpm
8e1200048be6689d065d11ba20a7a942 mes5/i586/php-pgsql-5.2.6-18.7mdvmes5.i586.rpm
d9fdf32c08ef34f5cc03fb727417bb9f mes5/i586/php-posix-5.2.6-18.7mdvmes5.i586.rpm
fa3bff403e43e913f1bf2d4296a3937e mes5/i586/php-pspell-5.2.6-18.7mdvmes5.i586.rpm
44187179e55e245b4cf367b55c35ace7 mes5/i586/php-readline-5.2.6-18.7mdvmes5.i586.rpm
6690e2864d6c13576c3a9fb0441b9e87 mes5/i586/php-recode-5.2.6-18.7mdvmes5.i586.rpm
8fdbefee13d4bc1da9b0cb210848c712 mes5/i586/php-session-5.2.6-18.7mdvmes5.i586.rpm
77c116126219c7885ea91887e28cf457 mes5/i586/php-shmop-5.2.6-18.7mdvmes5.i586.rpm
2c885874901749f5aca1cbe5bd660321 mes5/i586/php-snmp-5.2.6-18.7mdvmes5.i586.rpm
a2384c1f8b373bd3530bf1c18d8b4f4b mes5/i586/php-soap-5.2.6-18.7mdvmes5.i586.rpm
8f6da18501faff0681f9d6b16d4462d1 mes5/i586/php-sockets-5.2.6-18.7mdvmes5.i586.rpm
2ce3857d635031c38f9d05971ffd0979 mes5/i586/php-sqlite-5.2.6-18.7mdvmes5.i586.rpm
5f2d9134478850a1295856e2980a3bc7 mes5/i586/php-sybase-5.2.6-18.7mdvmes5.i586.rpm
de42325d4e75bff98bb2a5aeebd5ab45 mes5/i586/php-sysvmsg-5.2.6-18.7mdvmes5.i586.rpm
8a0a6d2fabab73656111b1aa6945b5e0 mes5/i586/php-sysvsem-5.2.6-18.7mdvmes5.i586.rpm
37f19651aa10ae330db4b5047126e23f mes5/i586/php-sysvshm-5.2.6-18.7mdvmes5.i586.rpm
5cba78eec1731c7986a30fd9d685d837 mes5/i586/php-tidy-5.2.6-18.7mdvmes5.i586.rpm
8baf2c8f69b7e167cd5ebd213ebbc18d mes5/i586/php-tokenizer-5.2.6-18.7mdvmes5.i586.rpm
0db6ec2c58b1ec7d887cb972837aa243 mes5/i586/php-wddx-5.2.6-18.7mdvmes5.i586.rpm
9bb87172d24b76fda20b61b16d1f7da7 mes5/i586/php-xml-5.2.6-18.7mdvmes5.i586.rpm
591f1b1dbbf3fdf5d64846d5bc71166e mes5/i586/php-xmlreader-5.2.6-18.7mdvmes5.i586.rpm
17d8620577de04f97e4a7b6ec3dbf3fc mes5/i586/php-xmlrpc-5.2.6-18.7mdvmes5.i586.rpm
ef1f423de0ec7169a4db773e271e3295 mes5/i586/php-xmlwriter-5.2.6-18.7mdvmes5.i586.rpm
86a3be1202874ce80931f604f9b4b14f mes5/i586/php-xsl-5.2.6-18.7mdvmes5.i586.rpm
1e5018d72861925351c1e78ee6798aaf mes5/i586/php-zlib-5.2.6-18.7mdvmes5.i586.rpm
bac4a30648399229f6e990c3f5fe740f mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
0eeee7f99b0af3771bc647a92743c432 mes5/x86_64/lib64php5_common5-5.2.6-18.7mdvmes5.x86_64.rpm
18d12546bbcc19be0701607652ce6c86 mes5/x86_64/php-bcmath-5.2.6-18.7mdvmes5.x86_64.rpm
6682658fb0d19b7f730ea30f87527fa1 mes5/x86_64/php-bz2-5.2.6-18.7mdvmes5.x86_64.rpm
3c8edcc9d3d8ae861a7958287a4bbde3 mes5/x86_64/php-calendar-5.2.6-18.7mdvmes5.x86_64.rpm
6e865919fde119cdb010d9e7c18eac15 mes5/x86_64/php-cgi-5.2.6-18.7mdvmes5.x86_64.rpm
ce829f80228990a6c026ab9e5f453fd0 mes5/x86_64/php-cli-5.2.6-18.7mdvmes5.x86_64.rpm
7cbe82073fd66b6303cf5ff1c6ab68de mes5/x86_64/php-ctype-5.2.6-18.7mdvmes5.x86_64.rpm
9c47d93e840043598e9cd5f576560ed3 mes5/x86_64/php-curl-5.2.6-18.7mdvmes5.x86_64.rpm
0e7255cfb15c5452ad763cfc4017f2f3 mes5/x86_64/php-dba-5.2.6-18.7mdvmes5.x86_64.rpm
992c5fe0d793dc8c936503de3c2945b1 mes5/x86_64/php-dbase-5.2.6-18.7mdvmes5.x86_64.rpm
05880b78b3b1fa26059a74565124abf0 mes5/x86_64/php-devel-5.2.6-18.7mdvmes5.x86_64.rpm
563bee135193e0214f4c906d0fb2899a mes5/x86_64/php-dom-5.2.6-18.7mdvmes5.x86_64.rpm
2219d16f5954717d51b71be2a3bb09ac mes5/x86_64/php-exif-5.2.6-18.7mdvmes5.x86_64.rpm
b714d2c2ab5069169140f61b714ad4fd mes5/x86_64/php-fcgi-5.2.6-18.7mdvmes5.x86_64.rpm
1bc340880d9d62d6ae3ff1c0eb055270 mes5/x86_64/php-filter-5.2.6-18.7mdvmes5.x86_64.rpm
6d72a0e41a9e617401daaa3e150699e5 mes5/x86_64/php-ftp-5.2.6-18.7mdvmes5.x86_64.rpm
aad73b613cd87ef786fd97b69c357ac2 mes5/x86_64/php-gd-5.2.6-18.7mdvmes5.x86_64.rpm
d36f9ccabf708a37e1e37f1112bbf355 mes5/x86_64/php-gettext-5.2.6-18.7mdvmes5.x86_64.rpm
d387456545e32b725cdd92ecc984ec5d mes5/x86_64/php-gmp-5.2.6-18.7mdvmes5.x86_64.rpm
1acf6be0808c25f2a28dcf267cc84026 mes5/x86_64/php-hash-5.2.6-18.7mdvmes5.x86_64.rpm
7cc7619527c23f3da6eff6e866ba2ebe mes5/x86_64/php-iconv-5.2.6-18.7mdvmes5.x86_64.rpm
4569552f683d09f59d9a6bf4bbe690a2 mes5/x86_64/php-imap-5.2.6-18.7mdvmes5.x86_64.rpm
8530229a65ac38d307c64e514a65e30c mes5/x86_64/php-json-5.2.6-18.7mdvmes5.x86_64.rpm
58ea07b3b9ade7ed21cc7a29261dc336 mes5/x86_64/php-ldap-5.2.6-18.7mdvmes5.x86_64.rpm
9df7aa87edc7da3175eb546c63957f01 mes5/x86_64/php-mbstring-5.2.6-18.7mdvmes5.x86_64.rpm
b7ed3515e8c76b5e3a2b29a51cf6f303 mes5/x86_64/php-mcrypt-5.2.6-18.7mdvmes5.x86_64.rpm
524009342b4849cd1a2ff155bbe80110 mes5/x86_64/php-mhash-5.2.6-18.7mdvmes5.x86_64.rpm
b6e1fe7c644af19aaf5f62cbd526a13f mes5/x86_64/php-mime_magic-5.2.6-18.7mdvmes5.x86_64.rpm
fec49dba905b0d9ec4ab5e7340c5ee84 mes5/x86_64/php-ming-5.2.6-18.7mdvmes5.x86_64.rpm
2a5e29d2674e99fe7774d75aba506841 mes5/x86_64/php-mssql-5.2.6-18.7mdvmes5.x86_64.rpm
59fb599962b7e95b755e1103eb3ebab0 mes5/x86_64/php-mysql-5.2.6-18.7mdvmes5.x86_64.rpm
847b10df69452a8682e84920071fbfa1 mes5/x86_64/php-mysqli-5.2.6-18.7mdvmes5.x86_64.rpm
e09d8f5ddaf783baabe3e7031169fbc0 mes5/x86_64/php-ncurses-5.2.6-18.7mdvmes5.x86_64.rpm
a8d8f6f24ad6b375200eac7620b70199 mes5/x86_64/php-odbc-5.2.6-18.7mdvmes5.x86_64.rpm
befad702b7f25e399de66bf7210ee9a9 mes5/x86_64/php-openssl-5.2.6-18.7mdvmes5.x86_64.rpm
108bfdeed8dfb9ee10f626747e19b642 mes5/x86_64/php-pcntl-5.2.6-18.7mdvmes5.x86_64.rpm
b430e138d6377df31bb344e7fdfb01e2 mes5/x86_64/php-pdo-5.2.6-18.7mdvmes5.x86_64.rpm
fa0ad35f530342c7d4a647083b3bd8b8 mes5/x86_64/php-pdo_dblib-5.2.6-18.7mdvmes5.x86_64.rpm
94c9ebeab2a46fcd91c75773cb67e66a mes5/x86_64/php-pdo_mysql-5.2.6-18.7mdvmes5.x86_64.rpm
b552b7089317ab6d00cdaca033e9a10b mes5/x86_64/php-pdo_odbc-5.2.6-18.7mdvmes5.x86_64.rpm
ece9f0fc3b49cb9e5407d954f249b77b mes5/x86_64/php-pdo_pgsql-5.2.6-18.7mdvmes5.x86_64.rpm
050ceb9dad2e6e4f6f68abc8b81c2dd5 mes5/x86_64/php-pdo_sqlite-5.2.6-18.7mdvmes5.x86_64.rpm
fc491cd864973d819661bcc68b631722 mes5/x86_64/php-pgsql-5.2.6-18.7mdvmes5.x86_64.rpm
ff61efe07ac8ca4c8ba27bea69b54237 mes5/x86_64/php-posix-5.2.6-18.7mdvmes5.x86_64.rpm
71b72c87e39c11d169a93be5efb1e717 mes5/x86_64/php-pspell-5.2.6-18.7mdvmes5.x86_64.rpm
b164bf0494f5c665199ea77ed5ee54b8 mes5/x86_64/php-readline-5.2.6-18.7mdvmes5.x86_64.rpm
7ed47dc225cd90d6175d856247a1f318 mes5/x86_64/php-recode-5.2.6-18.7mdvmes5.x86_64.rpm
db43f14bdfe4df39bfc11e7c7b83fc7e mes5/x86_64/php-session-5.2.6-18.7mdvmes5.x86_64.rpm
4c1b910a4fcbd027b5b7137a42321916 mes5/x86_64/php-shmop-5.2.6-18.7mdvmes5.x86_64.rpm
1e41b6c93ee5ff3e28304d95f1d59773 mes5/x86_64/php-snmp-5.2.6-18.7mdvmes5.x86_64.rpm
6b7c1b20f9f8dcf8a1c58ff3c8cd5794 mes5/x86_64/php-soap-5.2.6-18.7mdvmes5.x86_64.rpm
df701571bb2cc9273d6f2a9b87a50f4e mes5/x86_64/php-sockets-5.2.6-18.7mdvmes5.x86_64.rpm
a32976d038a3c425149a0f865c715cb2 mes5/x86_64/php-sqlite-5.2.6-18.7mdvmes5.x86_64.rpm
6c63b0c429ce16df11f1caa2d84a8e2d mes5/x86_64/php-sybase-5.2.6-18.7mdvmes5.x86_64.rpm
61268adcfced193dfeae341c821299e6 mes5/x86_64/php-sysvmsg-5.2.6-18.7mdvmes5.x86_64.rpm
c0e6b02dd1c3983391e54e4d77cb8353 mes5/x86_64/php-sysvsem-5.2.6-18.7mdvmes5.x86_64.rpm
72597bf4617f093bfffbc7c9ef54e6c4 mes5/x86_64/php-sysvshm-5.2.6-18.7mdvmes5.x86_64.rpm
463dc06fab74bb5cda9b745710dad478 mes5/x86_64/php-tidy-5.2.6-18.7mdvmes5.x86_64.rpm
7deead9c4a5b61c92721e62d610aeb8c mes5/x86_64/php-tokenizer-5.2.6-18.7mdvmes5.x86_64.rpm
114c9fdd121e758f691589845ea0ebc2 mes5/x86_64/php-wddx-5.2.6-18.7mdvmes5.x86_64.rpm
b28d24edfb2ca5f7818634dbdd20d688 mes5/x86_64/php-xml-5.2.6-18.7mdvmes5.x86_64.rpm
493ade3ce3b8fed7ac359425be3b657b mes5/x86_64/php-xmlreader-5.2.6-18.7mdvmes5.x86_64.rpm
5eb0d96ef06159397cbbfe9495632dc9 mes5/x86_64/php-xmlrpc-5.2.6-18.7mdvmes5.x86_64.rpm
9ce170710f55e6e911ec2907d517dcd9 mes5/x86_64/php-xmlwriter-5.2.6-18.7mdvmes5.x86_64.rpm
072b0cb626bac82b45569ac5a3d34a56 mes5/x86_64/php-xsl-5.2.6-18.7mdvmes5.x86_64.rpm
c113df0457277c9f76b67750746e98f6 mes5/x86_64/php-zlib-5.2.6-18.7mdvmes5.x86_64.rpm
bac4a30648399229f6e990c3f5fe740f mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKb0MsmqjQ0CJFipgRAoWHAJ4kWkPMTIHKkuWcmTO9wwkeJDP/cACePJAd
D9SSQgou/Mz0JazVs8xGHZM=
=wTRP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists