lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MVuDJ-0000St-2H@titan.mandriva.com>
Date: Tue, 28 Jul 2009 23:28:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:167 ] php


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:167
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : php
 Date    : July 28, 2009
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in PHP:
 
 - Fixed upstream bug #48378 (exif_read_data() segfaults on certain
 corrupted .jpeg files).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://bugs.php.net/bug.php?id=48378
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 3f3f7fad7715e287ae8c0a07cdb76823  mes5/i586/libphp5_common5-5.2.6-18.7mdvmes5.i586.rpm
 5d18fb8298f181829658f5449f2b91fe  mes5/i586/php-bcmath-5.2.6-18.7mdvmes5.i586.rpm
 0cd0cdf199f37a72127b7425b061dd29  mes5/i586/php-bz2-5.2.6-18.7mdvmes5.i586.rpm
 ec7a4e660a0cf2cb4f8807dc81278a0e  mes5/i586/php-calendar-5.2.6-18.7mdvmes5.i586.rpm
 f2461766d72c06a687c7eaa9f8d71ccf  mes5/i586/php-cgi-5.2.6-18.7mdvmes5.i586.rpm
 8d5b0d81f6dcc14094bb3d58761aa00f  mes5/i586/php-cli-5.2.6-18.7mdvmes5.i586.rpm
 305bbf621650f6e94378fa3e1a5a0ff8  mes5/i586/php-ctype-5.2.6-18.7mdvmes5.i586.rpm
 1916da01319fe20cd102c8ccacc143c6  mes5/i586/php-curl-5.2.6-18.7mdvmes5.i586.rpm
 037916c7471c442d37bed21f9826985d  mes5/i586/php-dba-5.2.6-18.7mdvmes5.i586.rpm
 f2d33d30de41ed00a695ed82aa1e2365  mes5/i586/php-dbase-5.2.6-18.7mdvmes5.i586.rpm
 4ba05fad00e76b56b0db435dc59bba1f  mes5/i586/php-devel-5.2.6-18.7mdvmes5.i586.rpm
 e1d0f4b53b71740d424c9f144b9093ef  mes5/i586/php-dom-5.2.6-18.7mdvmes5.i586.rpm
 6e2159a2d55b6628cddf405d936fbdc1  mes5/i586/php-exif-5.2.6-18.7mdvmes5.i586.rpm
 d00ee84dda18b87eaee1a4396d6c78ee  mes5/i586/php-fcgi-5.2.6-18.7mdvmes5.i586.rpm
 7ff8f6f7354987343ada6b8bef6a144f  mes5/i586/php-filter-5.2.6-18.7mdvmes5.i586.rpm
 3f4a6d9500a7fe82e10ae0d488b65589  mes5/i586/php-ftp-5.2.6-18.7mdvmes5.i586.rpm
 105ac192f815384c9c53ef523da933f8  mes5/i586/php-gd-5.2.6-18.7mdvmes5.i586.rpm
 43a0e868728c87c67160941b2a4bedec  mes5/i586/php-gettext-5.2.6-18.7mdvmes5.i586.rpm
 a1bd5d58ee395db72e50b529fec7e012  mes5/i586/php-gmp-5.2.6-18.7mdvmes5.i586.rpm
 e578e13d30e90f8fe1d1be3f50bf6693  mes5/i586/php-hash-5.2.6-18.7mdvmes5.i586.rpm
 be58a37030dfa7fd5c078e9453c53413  mes5/i586/php-iconv-5.2.6-18.7mdvmes5.i586.rpm
 8cfccfce97e77d98cecb807f3d1de310  mes5/i586/php-imap-5.2.6-18.7mdvmes5.i586.rpm
 384dcbbe2737a2321c245d993a3554f5  mes5/i586/php-json-5.2.6-18.7mdvmes5.i586.rpm
 19e398328899ab709cd59a40476a82d6  mes5/i586/php-ldap-5.2.6-18.7mdvmes5.i586.rpm
 1610789d1b6d71df79205768ecbb0291  mes5/i586/php-mbstring-5.2.6-18.7mdvmes5.i586.rpm
 c390849fa5ab08c93ca0c8acc368b111  mes5/i586/php-mcrypt-5.2.6-18.7mdvmes5.i586.rpm
 f264919a94dd9aacaa372c52a54d8a71  mes5/i586/php-mhash-5.2.6-18.7mdvmes5.i586.rpm
 ea4d46de23507d2a930c0a7930b00c6c  mes5/i586/php-mime_magic-5.2.6-18.7mdvmes5.i586.rpm
 5b24f880b2da1dee384b9a5864d3af68  mes5/i586/php-ming-5.2.6-18.7mdvmes5.i586.rpm
 24b0a3f240c7e6e479329b9728f7d335  mes5/i586/php-mssql-5.2.6-18.7mdvmes5.i586.rpm
 e8f5ab9ba4764cad24cb7b6db3587f09  mes5/i586/php-mysql-5.2.6-18.7mdvmes5.i586.rpm
 b304c4cdde8c31d5ba85e84d685e83fa  mes5/i586/php-mysqli-5.2.6-18.7mdvmes5.i586.rpm
 2fe42371ea26650ab872751e593e0ca7  mes5/i586/php-ncurses-5.2.6-18.7mdvmes5.i586.rpm
 f68c4cbaa7391751f3fef61cd866faf4  mes5/i586/php-odbc-5.2.6-18.7mdvmes5.i586.rpm
 3a13b0e1352098a827d31cf250ec735d  mes5/i586/php-openssl-5.2.6-18.7mdvmes5.i586.rpm
 a92bb27a2ef2028ce601f9b088e29e0b  mes5/i586/php-pcntl-5.2.6-18.7mdvmes5.i586.rpm
 3beb653001b2693d5ce5129290f6e233  mes5/i586/php-pdo-5.2.6-18.7mdvmes5.i586.rpm
 74e4c64bbf07f4055183064bb8a11354  mes5/i586/php-pdo_dblib-5.2.6-18.7mdvmes5.i586.rpm
 69d4e0a949aedab166b4448da7d771c4  mes5/i586/php-pdo_mysql-5.2.6-18.7mdvmes5.i586.rpm
 6c443ab06fd96a2ff60de9c61d4af650  mes5/i586/php-pdo_odbc-5.2.6-18.7mdvmes5.i586.rpm
 45b60716f1899fba8f7d4d40790687f4  mes5/i586/php-pdo_pgsql-5.2.6-18.7mdvmes5.i586.rpm
 6a312266edfce6d6d0f7213f8321fdf4  mes5/i586/php-pdo_sqlite-5.2.6-18.7mdvmes5.i586.rpm
 8e1200048be6689d065d11ba20a7a942  mes5/i586/php-pgsql-5.2.6-18.7mdvmes5.i586.rpm
 d9fdf32c08ef34f5cc03fb727417bb9f  mes5/i586/php-posix-5.2.6-18.7mdvmes5.i586.rpm
 fa3bff403e43e913f1bf2d4296a3937e  mes5/i586/php-pspell-5.2.6-18.7mdvmes5.i586.rpm
 44187179e55e245b4cf367b55c35ace7  mes5/i586/php-readline-5.2.6-18.7mdvmes5.i586.rpm
 6690e2864d6c13576c3a9fb0441b9e87  mes5/i586/php-recode-5.2.6-18.7mdvmes5.i586.rpm
 8fdbefee13d4bc1da9b0cb210848c712  mes5/i586/php-session-5.2.6-18.7mdvmes5.i586.rpm
 77c116126219c7885ea91887e28cf457  mes5/i586/php-shmop-5.2.6-18.7mdvmes5.i586.rpm
 2c885874901749f5aca1cbe5bd660321  mes5/i586/php-snmp-5.2.6-18.7mdvmes5.i586.rpm
 a2384c1f8b373bd3530bf1c18d8b4f4b  mes5/i586/php-soap-5.2.6-18.7mdvmes5.i586.rpm
 8f6da18501faff0681f9d6b16d4462d1  mes5/i586/php-sockets-5.2.6-18.7mdvmes5.i586.rpm
 2ce3857d635031c38f9d05971ffd0979  mes5/i586/php-sqlite-5.2.6-18.7mdvmes5.i586.rpm
 5f2d9134478850a1295856e2980a3bc7  mes5/i586/php-sybase-5.2.6-18.7mdvmes5.i586.rpm
 de42325d4e75bff98bb2a5aeebd5ab45  mes5/i586/php-sysvmsg-5.2.6-18.7mdvmes5.i586.rpm
 8a0a6d2fabab73656111b1aa6945b5e0  mes5/i586/php-sysvsem-5.2.6-18.7mdvmes5.i586.rpm
 37f19651aa10ae330db4b5047126e23f  mes5/i586/php-sysvshm-5.2.6-18.7mdvmes5.i586.rpm
 5cba78eec1731c7986a30fd9d685d837  mes5/i586/php-tidy-5.2.6-18.7mdvmes5.i586.rpm
 8baf2c8f69b7e167cd5ebd213ebbc18d  mes5/i586/php-tokenizer-5.2.6-18.7mdvmes5.i586.rpm
 0db6ec2c58b1ec7d887cb972837aa243  mes5/i586/php-wddx-5.2.6-18.7mdvmes5.i586.rpm
 9bb87172d24b76fda20b61b16d1f7da7  mes5/i586/php-xml-5.2.6-18.7mdvmes5.i586.rpm
 591f1b1dbbf3fdf5d64846d5bc71166e  mes5/i586/php-xmlreader-5.2.6-18.7mdvmes5.i586.rpm
 17d8620577de04f97e4a7b6ec3dbf3fc  mes5/i586/php-xmlrpc-5.2.6-18.7mdvmes5.i586.rpm
 ef1f423de0ec7169a4db773e271e3295  mes5/i586/php-xmlwriter-5.2.6-18.7mdvmes5.i586.rpm
 86a3be1202874ce80931f604f9b4b14f  mes5/i586/php-xsl-5.2.6-18.7mdvmes5.i586.rpm
 1e5018d72861925351c1e78ee6798aaf  mes5/i586/php-zlib-5.2.6-18.7mdvmes5.i586.rpm 
 bac4a30648399229f6e990c3f5fe740f  mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 0eeee7f99b0af3771bc647a92743c432  mes5/x86_64/lib64php5_common5-5.2.6-18.7mdvmes5.x86_64.rpm
 18d12546bbcc19be0701607652ce6c86  mes5/x86_64/php-bcmath-5.2.6-18.7mdvmes5.x86_64.rpm
 6682658fb0d19b7f730ea30f87527fa1  mes5/x86_64/php-bz2-5.2.6-18.7mdvmes5.x86_64.rpm
 3c8edcc9d3d8ae861a7958287a4bbde3  mes5/x86_64/php-calendar-5.2.6-18.7mdvmes5.x86_64.rpm
 6e865919fde119cdb010d9e7c18eac15  mes5/x86_64/php-cgi-5.2.6-18.7mdvmes5.x86_64.rpm
 ce829f80228990a6c026ab9e5f453fd0  mes5/x86_64/php-cli-5.2.6-18.7mdvmes5.x86_64.rpm
 7cbe82073fd66b6303cf5ff1c6ab68de  mes5/x86_64/php-ctype-5.2.6-18.7mdvmes5.x86_64.rpm
 9c47d93e840043598e9cd5f576560ed3  mes5/x86_64/php-curl-5.2.6-18.7mdvmes5.x86_64.rpm
 0e7255cfb15c5452ad763cfc4017f2f3  mes5/x86_64/php-dba-5.2.6-18.7mdvmes5.x86_64.rpm
 992c5fe0d793dc8c936503de3c2945b1  mes5/x86_64/php-dbase-5.2.6-18.7mdvmes5.x86_64.rpm
 05880b78b3b1fa26059a74565124abf0  mes5/x86_64/php-devel-5.2.6-18.7mdvmes5.x86_64.rpm
 563bee135193e0214f4c906d0fb2899a  mes5/x86_64/php-dom-5.2.6-18.7mdvmes5.x86_64.rpm
 2219d16f5954717d51b71be2a3bb09ac  mes5/x86_64/php-exif-5.2.6-18.7mdvmes5.x86_64.rpm
 b714d2c2ab5069169140f61b714ad4fd  mes5/x86_64/php-fcgi-5.2.6-18.7mdvmes5.x86_64.rpm
 1bc340880d9d62d6ae3ff1c0eb055270  mes5/x86_64/php-filter-5.2.6-18.7mdvmes5.x86_64.rpm
 6d72a0e41a9e617401daaa3e150699e5  mes5/x86_64/php-ftp-5.2.6-18.7mdvmes5.x86_64.rpm
 aad73b613cd87ef786fd97b69c357ac2  mes5/x86_64/php-gd-5.2.6-18.7mdvmes5.x86_64.rpm
 d36f9ccabf708a37e1e37f1112bbf355  mes5/x86_64/php-gettext-5.2.6-18.7mdvmes5.x86_64.rpm
 d387456545e32b725cdd92ecc984ec5d  mes5/x86_64/php-gmp-5.2.6-18.7mdvmes5.x86_64.rpm
 1acf6be0808c25f2a28dcf267cc84026  mes5/x86_64/php-hash-5.2.6-18.7mdvmes5.x86_64.rpm
 7cc7619527c23f3da6eff6e866ba2ebe  mes5/x86_64/php-iconv-5.2.6-18.7mdvmes5.x86_64.rpm
 4569552f683d09f59d9a6bf4bbe690a2  mes5/x86_64/php-imap-5.2.6-18.7mdvmes5.x86_64.rpm
 8530229a65ac38d307c64e514a65e30c  mes5/x86_64/php-json-5.2.6-18.7mdvmes5.x86_64.rpm
 58ea07b3b9ade7ed21cc7a29261dc336  mes5/x86_64/php-ldap-5.2.6-18.7mdvmes5.x86_64.rpm
 9df7aa87edc7da3175eb546c63957f01  mes5/x86_64/php-mbstring-5.2.6-18.7mdvmes5.x86_64.rpm
 b7ed3515e8c76b5e3a2b29a51cf6f303  mes5/x86_64/php-mcrypt-5.2.6-18.7mdvmes5.x86_64.rpm
 524009342b4849cd1a2ff155bbe80110  mes5/x86_64/php-mhash-5.2.6-18.7mdvmes5.x86_64.rpm
 b6e1fe7c644af19aaf5f62cbd526a13f  mes5/x86_64/php-mime_magic-5.2.6-18.7mdvmes5.x86_64.rpm
 fec49dba905b0d9ec4ab5e7340c5ee84  mes5/x86_64/php-ming-5.2.6-18.7mdvmes5.x86_64.rpm
 2a5e29d2674e99fe7774d75aba506841  mes5/x86_64/php-mssql-5.2.6-18.7mdvmes5.x86_64.rpm
 59fb599962b7e95b755e1103eb3ebab0  mes5/x86_64/php-mysql-5.2.6-18.7mdvmes5.x86_64.rpm
 847b10df69452a8682e84920071fbfa1  mes5/x86_64/php-mysqli-5.2.6-18.7mdvmes5.x86_64.rpm
 e09d8f5ddaf783baabe3e7031169fbc0  mes5/x86_64/php-ncurses-5.2.6-18.7mdvmes5.x86_64.rpm
 a8d8f6f24ad6b375200eac7620b70199  mes5/x86_64/php-odbc-5.2.6-18.7mdvmes5.x86_64.rpm
 befad702b7f25e399de66bf7210ee9a9  mes5/x86_64/php-openssl-5.2.6-18.7mdvmes5.x86_64.rpm
 108bfdeed8dfb9ee10f626747e19b642  mes5/x86_64/php-pcntl-5.2.6-18.7mdvmes5.x86_64.rpm
 b430e138d6377df31bb344e7fdfb01e2  mes5/x86_64/php-pdo-5.2.6-18.7mdvmes5.x86_64.rpm
 fa0ad35f530342c7d4a647083b3bd8b8  mes5/x86_64/php-pdo_dblib-5.2.6-18.7mdvmes5.x86_64.rpm
 94c9ebeab2a46fcd91c75773cb67e66a  mes5/x86_64/php-pdo_mysql-5.2.6-18.7mdvmes5.x86_64.rpm
 b552b7089317ab6d00cdaca033e9a10b  mes5/x86_64/php-pdo_odbc-5.2.6-18.7mdvmes5.x86_64.rpm
 ece9f0fc3b49cb9e5407d954f249b77b  mes5/x86_64/php-pdo_pgsql-5.2.6-18.7mdvmes5.x86_64.rpm
 050ceb9dad2e6e4f6f68abc8b81c2dd5  mes5/x86_64/php-pdo_sqlite-5.2.6-18.7mdvmes5.x86_64.rpm
 fc491cd864973d819661bcc68b631722  mes5/x86_64/php-pgsql-5.2.6-18.7mdvmes5.x86_64.rpm
 ff61efe07ac8ca4c8ba27bea69b54237  mes5/x86_64/php-posix-5.2.6-18.7mdvmes5.x86_64.rpm
 71b72c87e39c11d169a93be5efb1e717  mes5/x86_64/php-pspell-5.2.6-18.7mdvmes5.x86_64.rpm
 b164bf0494f5c665199ea77ed5ee54b8  mes5/x86_64/php-readline-5.2.6-18.7mdvmes5.x86_64.rpm
 7ed47dc225cd90d6175d856247a1f318  mes5/x86_64/php-recode-5.2.6-18.7mdvmes5.x86_64.rpm
 db43f14bdfe4df39bfc11e7c7b83fc7e  mes5/x86_64/php-session-5.2.6-18.7mdvmes5.x86_64.rpm
 4c1b910a4fcbd027b5b7137a42321916  mes5/x86_64/php-shmop-5.2.6-18.7mdvmes5.x86_64.rpm
 1e41b6c93ee5ff3e28304d95f1d59773  mes5/x86_64/php-snmp-5.2.6-18.7mdvmes5.x86_64.rpm
 6b7c1b20f9f8dcf8a1c58ff3c8cd5794  mes5/x86_64/php-soap-5.2.6-18.7mdvmes5.x86_64.rpm
 df701571bb2cc9273d6f2a9b87a50f4e  mes5/x86_64/php-sockets-5.2.6-18.7mdvmes5.x86_64.rpm
 a32976d038a3c425149a0f865c715cb2  mes5/x86_64/php-sqlite-5.2.6-18.7mdvmes5.x86_64.rpm
 6c63b0c429ce16df11f1caa2d84a8e2d  mes5/x86_64/php-sybase-5.2.6-18.7mdvmes5.x86_64.rpm
 61268adcfced193dfeae341c821299e6  mes5/x86_64/php-sysvmsg-5.2.6-18.7mdvmes5.x86_64.rpm
 c0e6b02dd1c3983391e54e4d77cb8353  mes5/x86_64/php-sysvsem-5.2.6-18.7mdvmes5.x86_64.rpm
 72597bf4617f093bfffbc7c9ef54e6c4  mes5/x86_64/php-sysvshm-5.2.6-18.7mdvmes5.x86_64.rpm
 463dc06fab74bb5cda9b745710dad478  mes5/x86_64/php-tidy-5.2.6-18.7mdvmes5.x86_64.rpm
 7deead9c4a5b61c92721e62d610aeb8c  mes5/x86_64/php-tokenizer-5.2.6-18.7mdvmes5.x86_64.rpm
 114c9fdd121e758f691589845ea0ebc2  mes5/x86_64/php-wddx-5.2.6-18.7mdvmes5.x86_64.rpm
 b28d24edfb2ca5f7818634dbdd20d688  mes5/x86_64/php-xml-5.2.6-18.7mdvmes5.x86_64.rpm
 493ade3ce3b8fed7ac359425be3b657b  mes5/x86_64/php-xmlreader-5.2.6-18.7mdvmes5.x86_64.rpm
 5eb0d96ef06159397cbbfe9495632dc9  mes5/x86_64/php-xmlrpc-5.2.6-18.7mdvmes5.x86_64.rpm
 9ce170710f55e6e911ec2907d517dcd9  mes5/x86_64/php-xmlwriter-5.2.6-18.7mdvmes5.x86_64.rpm
 072b0cb626bac82b45569ac5a3d34a56  mes5/x86_64/php-xsl-5.2.6-18.7mdvmes5.x86_64.rpm
 c113df0457277c9f76b67750746e98f6  mes5/x86_64/php-zlib-5.2.6-18.7mdvmes5.x86_64.rpm 
 bac4a30648399229f6e990c3f5fe740f  mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKb0MsmqjQ0CJFipgRAoWHAJ4kWkPMTIHKkuWcmTO9wwkeJDP/cACePJAd
D9SSQgou/Mz0JazVs8xGHZM=
=wTRP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ