User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2005:072 (php)

From:  Mandriva Security Team <security@mandriva.com>
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] MDKSA-2005:072 - Updated php packages fix multiple vulnerabilities
Date:  Mon, 18 Apr 2005 20:05:46 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: php Advisory ID: MDKSA-2005:072 Date: April 18th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: A number of vulnerabilities are addressed in this PHP update: Stefano Di Paolo discovered integer overflows in PHP's pack(), unpack(), and shmop_write() functions which could allow a malicious script to break out of safe mode and execute arbitray code with privileges of the PHP interpreter (CAN-2004-1018; this was previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151). Stefan Esser discovered two safe mode bypasses which would allow malicious scripts to circumvent path restrictions by using virtual_popen() with a current directory containing shell meta- characters (CAN-2004-1063) or by creating a specially crafted directory whose length exceeded the capacity of realpath() (CAN-2004-1064; both of these were previously fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151). Two Denial of Service vulnerabilities were found in the getimagesize() function which uses the format-specific internal functions php_handle_iff() and php_handle_jpeg() which would get stuck in infinite loops when certain (invalid) size parameters are read from the image (CAN-2005-0524 and CAN-2005-0525). An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag would cause a buffer overflow which could be exploited to execute arbitrary code with the privileges of the PHP server (CAN-2005-1042). Another vulnerability in the EXIF module was also discovered where headers with a large IFD nesting level would cause an unbound recursion which would eventually overflow the stack and cause the executed program to crash (CAN-2004-1043). All of these issues are addressed in the Corporate Server 2.1 packages and the last three issues for all other platforms, which had previously included the first two issues but had not been mentioned in MDKSA-2004:151. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: f7d974aa23e07a33ffc28d24d57ae6d1 10.0/RPMS/libphp_common432-4.3.4-4.5.100mdk.i586.rpm 345a78284dee2a035f627e348e73923b 10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.i586.rpm 14a9a57cb05438a2b95ac47fa68755be 10.0/RPMS/php-cli-4.3.4-4.5.100mdk.i586.rpm 1d43beb4125253db8a9bdaaffec6abce 10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.i586.rpm 44a1aa8be7f1f56120568028d3cce0a0 10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm Mandrakelinux 10.0/AMD64: 9651a95c09fef8db80f8d0455f1d4aae amd64/10.0/RPMS/lib64php_common432-4.3.4-4.5.100mdk.amd64.rpm d883ef32f7f60531cf2be850d5e9dcba amd64/10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.amd64.rpm 21f487c746312c589115e12b9ed0d13e amd64/10.0/RPMS/php-cli-4.3.4-4.5.100mdk.amd64.rpm 0a9e996779cc13cfa458c39aa6bf6472 amd64/10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.amd64.rpm 44a1aa8be7f1f56120568028d3cce0a0 amd64/10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm Mandrakelinux 10.1: f75cb008b1eafcce1167f487fd0742ef 10.1/RPMS/libphp_common432-4.3.8-3.3.101mdk.i586.rpm 6522017c3e097f22a37f293d765f4141 10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.i586.rpm 4ba9ade6db11e4035f73ede36e361ad7 10.1/RPMS/php-cli-4.3.8-3.3.101mdk.i586.rpm 63d4d58bbc3a01b89c688660be399af0 10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.i586.rpm f4fe82b93cf84987b0787e297d5189de 10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm Mandrakelinux 10.1/X86_64: fb08286032f45020ecd96e07b0da51af x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.3.101mdk.x86_64.rpm e1ae8214e11a7e62e987cde10e53c609 x86_64/10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.x86_64.rpm 44c080a9d90e282da95b5d809e90df52 x86_64/10.1/RPMS/php-cli-4.3.8-3.3.101mdk.x86_64.rpm d23e51652be1cb62f4704a5c4fe4a7a9 x86_64/10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.x86_64.rpm f4fe82b93cf84987b0787e297d5189de x86_64/10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm Mandrakelinux 10.2: cc1f7f17fdcaf8dc87efcad94a241eca 10.2/RPMS/libphp_common432-4.3.10-7.1.102mdk.i586.rpm 3655f4254ca1ee329462e1f744533ed2 10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.i586.rpm a6084914e21c0a5873d5b94bb914411f 10.2/RPMS/php-cli-4.3.10-7.1.102mdk.i586.rpm 41a0168e7a2fdb581b59e5550c02418f 10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.i586.rpm 2e3bf475cc0a73a2402d487e1bcaa741 10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 17130ea081a475bebce9ef1f4ea89c22 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.1.102mdk.x86_64.rpm 5b9712e9d2b3709243080eefe5f36037 x86_64/10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.x86_64.rpm 6e77ec1f4a00e757e9144c798f86b465 x86_64/10.2/RPMS/php-cli-4.3.10-7.1.102mdk.x86_64.rpm f55fc2c228f012266c55e830cc858698 x86_64/10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.x86_64.rpm 2e3bf475cc0a73a2402d487e1bcaa741 x86_64/10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm Corporate Server 2.1: f418349daa18087f1b2bd2d06d07a7d7 corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.i586.rpm f55f290333af492f34104d1821ece93d corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.i586.rpm ff25be7d53aa1f8efa1ac7ea06935c60 corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.i586.rpm 38a6771932090c0b49a495caa244047f corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.i586.rpm 57a79e60657b372524d7b8af3535cfe6 corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm Corporate Server 2.1/X86_64: 0459cb20800a58b6ee41fc6ac2dc55b2 x86_64/corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.x86_64.rpm 462186f5005cafbfe66dd99cb9110e30 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.x86_64.rpm 5f6c49093da250595d27917455fff5bd x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.x86_64.rpm 5fb114b6761fcd231cbbbfde6e41252d x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.x86_64.rpm 57a79e60657b372524d7b8af3535cfe6 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm Corporate 3.0: eab4aa42fbd404630d0eb350ea17efd1 corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm 3138545d861d0c28acc81f77424e95c5 corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm b26d65545512c6698cfb5d3280961677 corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm 6bfa6303f2f8a52c963f9df4bf59c639 corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm 9f017d501ff162d276b0e2832468a5c8 corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm Corporate 3.0/X86_64: eab4aa42fbd404630d0eb350ea17efd1 x86_64/corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm 3138545d861d0c28acc81f77424e95c5 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm b26d65545512c6698cfb5d3280961677 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm 6bfa6303f2f8a52c963f9df4bf59c639 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm 9f017d501ff162d276b0e2832468a5c8 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCZGd6mqjQ0CJFipgRArzeAKCwF9l5b7X4e2V1lwVKBEmKxzhb2gCdGPe6 tLdpH8LT8qnWvHfu0Yo4XIA= =eOcy -----END PGP SIGNATURE----- ____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds