User: Password:
|
|
Subscribe / Log in / New account

Mandriva alert MDKSA-2006:162 (php)

From:  security@mandriva.com
To:  security-announce@mandrivalinux.org
Subject:  [Security Announce] [ MDKSA-2006:162 ] - Updated php packages fix vulnerabilities
Date:  Thu, 7 Sep 2006 14:23:00 -0600

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:162 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : September 7, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485). CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP. Updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4481 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4485 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 146279492bdd9a03694778e265582d65 2006.0/RPMS/libphp5_common5-5.0.4-9.14.20060mdk.i586.rpm ca99a7740c1b47df847a56cbb25a8e80 2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.i586.rpm 665f72c14d5c2d485047c8c288946227 2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.i586.rpm ddb6f8354c06c2f7bd78823dc846b2b5 2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.i586.rpm a8ba6ed38bb91aa170882a2c0ad32e32 2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.i586.rpm ddc3fc12907892012c0db9df119edaab 2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.i586.rpm 7231862a27ba9135e9cfcce3c455af3a 2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm 69d5c165b33b00454cc56b27bb21eba7 2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 4ba33ec1fd91fdad05aaffb2d8dc766a x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.14.20060mdk.x86_64.rpm 023e44a6bc50c5edaa3abfe85a888ec3 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.x86_64.rpm 29e82f10dba8da27a73e57df3ffc198b x86_64/2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.x86_64.rpm 69fd9d2282d1bc50c19078f8537e4084 x86_64/2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.x86_64.rpm a849151feb32d3bcca9f5d175289fce5 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.x86_64.rpm 1551e3c19dde54eaa19dabe5fe8a31db x86_64/2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.x86_64.rpm 7231862a27ba9135e9cfcce3c455af3a x86_64/2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm 69d5c165b33b00454cc56b27bb21eba7 x86_64/2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm Corporate 3.0: 3eb436590e289bc53b5bf6560ba04b02 corporate/3.0/RPMS/libphp_common432-4.3.4-4.20.C30mdk.i586.rpm 25e55ccb44fe52f3a2dbbded0463c344 corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.i586.rpm b970a8c32bc44c3736173d90dc251141 corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.i586.rpm 90098a78f8376e8abc5cad6d6eab75f9 corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.i586.rpm 65ec1dc0a8da743bbc8c31b02b2e0463 corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.i586.rpm f301535d5f0f4eab5b0d6a1d9b231ef8 corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.i586.rpm e7eb6f56b39b5c72b3a2dbb602ab8d46 corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm 55da5f48aa9e2851b88377d436fc154b corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm 3133219ccf7cd83aec8f03823b6bcf48 corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm Corporate 3.0/X86_64: c5213371e2b3ff49c18bcb7eea366b86 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.20.C30mdk.x86_64.rpm 48206012e77a6949d36188f3b2743afc x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.x86_64.rpm e37a90b7ba3b52fce6bbecd6ec8960bf x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.x86_64.rpm 24ce234e4d366125e4a13ca5ac2d0bf6 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.x86_64.rpm 60dd687ca2f9fc7b1aa8717533d1ed81 x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.x86_64.rpm 86ff3c6e121b52fd6a092c7f8e35885c x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.x86_64.rpm e7eb6f56b39b5c72b3a2dbb602ab8d46 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm 55da5f48aa9e2851b88377d436fc154b x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm 3133219ccf7cd83aec8f03823b6bcf48 x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm Multi Network Firewall 2.0: 90ed06dbf0316651afc4d8990477ca7d mnf/2.0/RPMS/libphp_common432-4.3.4-4.20.M20mdk.i586.rpm bbf7116a28e92bd9c6ce531e8014cc22 mnf/2.0/RPMS/php432-devel-4.3.4-4.20.M20mdk.i586.rpm 0c5f0a2f78cdb87ddd4a2a316d107e4c mnf/2.0/RPMS/php-cgi-4.3.4-4.20.M20mdk.i586.rpm 27885acc0df6e7fa21ee1d165df8f426 mnf/2.0/RPMS/php-cli-4.3.4-4.20.M20mdk.i586.rpm 14c40d13e47645ceaddb28508008fd8f mnf/2.0/RPMS/php-gd-4.3.4-1.4.M20mdk.i586.rpm bfdf39861fc0614d9a81889f6c0dbac6 mnf/2.0/SRPMS/php-4.3.4-4.20.M20mdk.src.rpm 1c40bfd8df9786d467993f0eabc9eff9 mnf/2.0/SRPMS/php-gd-4.3.4-1.4.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFAFKJmqjQ0CJFipgRAlCxAKCTO1wmjhvmHOxneb2oh/V31G1BngCg9eRf 4PNgocaX6b6UlFBbSMDIl24= =sS0Z -----END PGP SIGNATURE----- To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds