Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:128 ] - Updated PHP packages fix multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1215129943-11275-7003

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:128

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : php

Date : July 3, 2008

Affected: 2008.1

_______________________________________________________________________

 

Problem Description:

 

A number of vulnerabilities have been found and corrected in PHP:

 

php-cgi in PHP prior to 5.2.6 does not properly calculate the length

of PATH_TRANSLATED, which has unknown impact and attack vectors

(CVE-2008-0599).

 

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown

impact and context-dependent attack vectors related to incomplete

multibyte characters (CVE-2008-2051).

 

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5

were discovered that could produce a zero seed in rare circumstances on

32bit systems and generations a portion of zero bits during conversion

due to insufficient precision on 64bit systems (CVE-2008-2107,

CVE-2008-2108).

 

The IMAP module in PHP uses obsolete API calls that allow

context-dependent attackers to cause a denial of service (crash)

via a long IMAP request (CVE-2008-2829).

 

In addition, the updated packages provide a number of bug fixes.

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.1:

a37818e23e89ac2862f4fb4a64e7a208 2008.1/i586/libphp5_common5-5.2.5-14.1mdv2008.1.i586.rpm

c58445867f86bebdd96e22d4acd38060 2008.1/i586/php-bcmath-5.2.5-14.1mdv2008.1.i586.rpm

1ebbc55b496fa354029f3ed79d2204f3 2008.1/i586/php-bz2-5.2.5-14.1mdv2008.1.i586.rpm

94bebca56612a4ec0116f7f5c53da3d0 2008.1/i586/php-calendar-5.2.5-14.1mdv2008.1.i586.rpm

469701782a3d5b629f43605e0a125afa 2008.1/i586/php-cgi-5.2.5-14.1mdv2008.1.i586.rpm

39079d351109e89c80cfa916d6c239d6 2008.1/i586/php-cli-5.2.5-14.1mdv2008.1.i586.rpm

3e71e18a497ac32aa3153cbf801869b9 2008.1/i586/php-ctype-5.2.5-14.1mdv2008.1.i586.rpm

3cf96d78e7c0baaa470df375f756dbe7 2008.1/i586/php-curl-5.2.5-14.1mdv2008.1.i586.rpm

9d5ace343f0edceb34080f6168d2de54 2008.1/i586/php-dba-5.2.5-14.1mdv2008.1.i586.rpm

88a61df3d3e1b08351c3d28d5b1beaa5 2008.1/i586/php-dbase-5.2.5-14.1mdv2008.1.i586.rpm

e4be850b54e6e823c323df86ddfb9b65 2008.1/i586/php-devel-5.2.5-14.1mdv2008.1.i586.rpm

e08be6d315e4afb0ee8c7abbae1cca30 2008.1/i586/php-dom-5.2.5-14.1mdv2008.1.i586.rpm

94732727478ab8954f987dbb4a7516f3 2008.1/i586/php-exif-5.2.5-14.1mdv2008.1.i586.rpm

aac78c46a893ceff0dd2d17f5acd882f 2008.1/i586/php-fcgi-5.2.5-14.1mdv2008.1.i586.rpm

8a75ef9557cdf74be9e39c45bed337a0 2008.1/i586/php-filter-5.2.5-14.1mdv2008.1.i586.rpm

ddf3778405e2bca02267d7c4d2678d4a 2008.1/i586/php-ftp-5.2.5-14.1mdv2008.1.i586.rpm

e0b1005f29b77a4b210d0470fe83721f 2008.1/i586/php-gd-5.2.5-14.1mdv2008.1.i586.rpm

c9dec9d8c87d3880c093d9eac2a7511f 2008.1/i586/php-gettext-5.2.5-14.1mdv2008.1.i586.rpm

e990f3a9fbd10fed38e9538fb74dccb1 2008.1/i586/php-gmp-5.2.5-14.1mdv2008.1.i586.rpm

e1f22f19e8da5e900989b015ca678cd3 2008.1/i586/php-hash-5.2.5-14.1mdv2008.1.i586.rpm

d8c0143f37376b50f56647efebb43252 2008.1/i586/php-iconv-5.2.5-14.1mdv2008.1.i586.rpm

42c7dd288ed5e0cb5fca59bf0f28168f 2008.1/i586/php-imap-5.2.5-14.1mdv2008.1.i586.rpm

e826965982e300e1bdb3dd39fe41a72f 2008.1/i586/php-json-5.2.5-14.1mdv2008.1.i586.rpm

8f43b850ee69bab574525bf204296864 2008.1/i586/php-ldap-5.2.5-14.1mdv2008.1.i586.rpm

716cc4fbb174ed8f8df8d1ff2c5227f4 2008.1/i586/php-mbstring-5.2.5-14.1mdv2008.1.i586.rpm

c73e47e1c3b5b8bae761bc5705037afd 2008.1/i586/php-mcrypt-5.2.5-14.1mdv2008.1.i586.rpm

74e4c83ddae2b6104993b61092620bda 2008.1/i586/php-mhash-5.2.5-14.1mdv2008.1.i586.rpm

720c20e13ebd9507acefad959a0e02d7 2008.1/i586/php-mime_magic-5.2.5-14.1mdv2008.1.i586.rpm

30c12b2df3ddb506d7ecc430ab4866be 2008.1/i586/php-ming-5.2.5-14.1mdv2008.1.i586.rpm

32fbce35e02d7b65b0cc2cdbc6d08586 2008.1/i586/php-mssql-5.2.5-14.1mdv2008.1.i586.rpm

9cf62b9e2ddd9336e6f524a6d90780e7 2008.1/i586/php-mysql-5.2.5-14.1mdv2008.1.i586.rpm

e522238c50ebcbc6ca91f358be4e1c2e 2008.1/i586/php-mysqli-5.2.5-14.1mdv2008.1.i586.rpm

1dd4dad359a05f08196abf13221abf20 2008.1/i586/php-ncurses-5.2.5-14.1mdv2008.1.i586.rpm

7db383a489801c8353894e4b9f7e6512 2008.1/i586/php-odbc-5.2.5-14.1mdv2008.1.i586.rpm

5f63c09754e30903b4876f2c2a822f6a 2008.1/i586/php-openssl-5.2.5-14.1mdv2008.1.i586.rpm

4e96480d6769fac868af9566c091b3fc 2008.1/i586/php-pcntl-5.2.5-14.1mdv2008.1.i586.rpm

0718aa1bffe5e7c91b10f70c7eec68f3 2008.1/i586/php-pdo-5.2.5-14.1mdv2008.1.i586.rpm

7c0b4674ec56c2a6fe87c7b224e1ccab 2008.1/i586/php-pdo_dblib-5.2.5-14.1mdv2008.1.i586.rpm

7e3881d1059fb8c1b5986b1852f97696 2008.1/i586/php-pdo_mysql-5.2.5-14.1mdv2008.1.i586.rpm

0f3d7ede7adf2cae8d0a2735ada5fbc4 2008.1/i586/php-pdo_odbc-5.2.5-14.1mdv2008.1.i586.rpm

b9dbde00f72ae70b8328441ce041bcac 2008.1/i586/php-pdo_pgsql-5.2.5-14.1mdv2008.1.i586.rpm

bebde3a51ea7599d4cab973b0d21caed 2008.1/i586/php-pdo_sqlite-5.2.5-14.1mdv2008.1.i586.rpm

fd9f335c54865f610bb3d5d708fef9bb 2008.1/i586/php-pgsql-5.2.5-14.1mdv2008.1.i586.rpm

5466493db048f4bed3dc5e3d8b13aed2 2008.1/i586/php-posix-5.2.5-14.1mdv2008.1.i586.rpm

127092f9644567139b8205269215adbb 2008.1/i586/php-pspell-5.2.5-14.1mdv2008.1.i586.rpm

1d121691eaa30b2dc6a6704b39d03ce1 2008.1/i586/php-readline-5.2.5-14.1mdv2008.1.i586.rpm

f9980c14e99ed971263dbe0b4c92ce71 2008.1/i586/php-recode-5.2.5-14.1mdv2008.1.i586.rpm

c0307d2020f00104e0c4d4043f5e5437 2008.1/i586/php-session-5.2.5-14.1mdv2008.1.i586.rpm

eada076c0ee76e265288c4ebbb255635 2008.1/i586/php-shmop-5.2.5-14.1mdv2008.1.i586.rpm

83ccb133b2599af455f477320035c561 2008.1/i586/php-snmp-5.2.5-14.1mdv2008.1.i586.rpm

e7bb2545d59e14f092557451dfcc160a 2008.1/i586/php-soap-5.2.5-14.1mdv2008.1.i586.rpm

f2d2d080d7c96c1fc7c8f9b6c33e99b0 2008.1/i586/php-sockets-5.2.5-14.1mdv2008.1.i586.rpm

bbebe55b2bceb651c326259534a0468d 2008.1/i586/php-sqlite-5.2.5-14.1mdv2008.1.i586.rpm

3abc11b2e11b6357320e7f7e64369924 2008.1/i586/php-sysvmsg-5.2.5-14.1mdv2008.1.i586.rpm

5d7fda3b32ac01f36959b567921f7cf2 2008.1/i586/php-sysvsem-5.2.5-14.1mdv2008.1.i586.rpm

fa966a7d383c29cee238ce0537226c0c 2008.1/i586/php-sysvshm-5.2.5-14.1mdv2008.1.i586.rpm

60844677bf0322abd1c7beef732bf33b 2008.1/i586/php-tidy-5.2.5-14.1mdv2008.1.i586.rpm

8c3bce1a573136ab356d1640f1be9fa3 2008.1/i586/php-tokenizer-5.2.5-14.1mdv2008.1.i586.rpm

74576d184434f0bd36821b5f3963f533 2008.1/i586/php-wddx-5.2.5-14.1mdv2008.1.i586.rpm

058bfe6e2ba389dae88e3dbdc19fda00 2008.1/i586/php-xml-5.2.5-14.1mdv2008.1.i586.rpm

8ebd48b983d0a5e68bc6ef81b6698964 2008.1/i586/php-xmlreader-5.2.5-14.1mdv2008.1.i586.rpm

908064c9dc1ddd6337d5ff4d619fb6c4 2008.1/i586/php-xmlrpc-5.2.5-14.1mdv2008.1.i586.rpm

a01f3cf2339e062cec8652898791e800 2008.1/i586/php-xmlwriter-5.2.5-14.1mdv2008.1.i586.rpm

ca7d59d3a9eec66673b71bd56aea8dfe 2008.1/i586/php-xsl-5.2.5-14.1mdv2008.1.i586.rpm

6616f95893cd6fce078149160fe4399e 2008.1/i586/php-zlib-5.2.5-14.1mdv2008.1.i586.rpm

c682f37976c4704d2cfeaa7cd431178b 2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

37c9c71baaf2a3d871d2fb03adec4cf0 2008.1/x86_64/lib64php5_common5-5.2.5-14.1mdv2008.1.x86_64.rpm

7d231c361203d4b5d0408125cf1f8649 2008.1/x86_64/php-bcmath-5.2.5-14.1mdv2008.1.x86_64.rpm

47a0fe202badead8966c79f853f8dc89 2008.1/x86_64/php-bz2-5.2.5-14.1mdv2008.1.x86_64.rpm

e31174f0b54331b56db910c4fb2c79a5 2008.1/x86_64/php-calendar-5.2.5-14.1mdv2008.1.x86_64.rpm

3853e043253e63cad86fb2dd947091d8 2008.1/x86_64/php-cgi-5.2.5-14.1mdv2008.1.x86_64.rpm

1d290d98029652e2d5c2492859581162 2008.1/x86_64/php-cli-5.2.5-14.1mdv2008.1.x86_64.rpm

6506809c7d37f485d99f8fc21eeed0a8 2008.1/x86_64/php-ctype-5.2.5-14.1mdv2008.1.x86_64.rpm

7b091eebb11aaacf07d4939ff512c88b 2008.1/x86_64/php-curl-5.2.5-14.1mdv2008.1.x86_64.rpm

7bb1bcda1b3a2d54477d04f27bd1f333 2008.1/x86_64/php-dba-5.2.5-14.1mdv2008.1.x86_64.rpm

bc0b1006a1743e88e49256b964997e57 2008.1/x86_64/php-dbase-5.2.5-14.1mdv2008.1.x86_64.rpm

5912b191d3faff077ac26d7820dcc8c0 2008.1/x86_64/php-devel-5.2.5-14.1mdv2008.1.x86_64.rpm

31fece421e022bc04abe1357c1d4f7e2 2008.1/x86_64/php-dom-5.2.5-14.1mdv2008.1.x86_64.rpm

f8a4115d99dc3015861726179cfc866e 2008.1/x86_64/php-exif-5.2.5-14.1mdv2008.1.x86_64.rpm

fd6d2f5101133ef83fcece1d07b8af64 2008.1/x86_64/php-fcgi-5.2.5-14.1mdv2008.1.x86_64.rpm

3f74157d45ffa63d859882bbffcbe919 2008.1/x86_64/php-filter-5.2.5-14.1mdv2008.1.x86_64.rpm

2a732c2d7a96f3a1121dd12a7efd9daf 2008.1/x86_64/php-ftp-5.2.5-14.1mdv2008.1.x86_64.rpm

b93cf200e2ae6e01d492fdc94ea07482 2008.1/x86_64/php-gd-5.2.5-14.1mdv2008.1.x86_64.rpm

18cd2997f1f00662691a181dc43a8ec1 2008.1/x86_64/php-gettext-5.2.5-14.1mdv2008.1.x86_64.rpm

4dafaf30e6d723648f1bd7030dc1a8e6 2008.1/x86_64/php-gmp-5.2.5-14.1mdv2008.1.x86_64.rpm

edd1290a6aaa8a017c1831ad11130e27 2008.1/x86_64/php-hash-5.2.5-14.1mdv2008.1.x86_64.rpm

853ea355568c412d690ac7ddde72546d 2008.1/x86_64/php-iconv-5.2.5-14.1mdv2008.1.x86_64.rpm

ad0cf57cfc042eb64d112ad59a40c421 2008.1/x86_64/php-imap-5.2.5-14.1mdv2008.1.x86_64.rpm

f4a0b0017d988de9929d89b086b349ef 2008.1/x86_64/php-json-5.2.5-14.1mdv2008.1.x86_64.rpm

b27cd3253b5c00ebd67745ad13243c84 2008.1/x86_64/php-ldap-5.2.5-14.1mdv2008.1.x86_64.rpm

676b808a0b587a4257f88d11036e3aa0 2008.1/x86_64/php-mbstring-5.2.5-14.1mdv2008.1.x86_64.rpm

fe20ac6413273ac7fa4485256e60995a 2008.1/x86_64/php-mcrypt-5.2.5-14.1mdv2008.1.x86_64.rpm

dcf40cacec48726612f8411ba34ed8f4 2008.1/x86_64/php-mhash-5.2.5-14.1mdv2008.1.x86_64.rpm

b3fb128a1a3a1561bc862c2796b95298 2008.1/x86_64/php-mime_magic-5.2.5-14.1mdv2008.1.x86_64.rpm

7f1e71f77fe2106f0242e783d5257b52 2008.1/x86_64/php-ming-5.2.5-14.1mdv2008.1.x86_64.rpm

e56f6b325bddbfb3c4a8fcbbbf3d95e1 2008.1/x86_64/php-mssql-5.2.5-14.1mdv2008.1.x86_64.rpm

499affb25800bab89d30e72be7b887d4 2008.1/x86_64/php-mysql-5.2.5-14.1mdv2008.1.x86_64.rpm

a7b61b06508a6d220380a3de3a3ee545 2008.1/x86_64/php-mysqli-5.2.5-14.1mdv2008.1.x86_64.rpm

555ac0b707dc050b2557559474e45e92 2008.1/x86_64/php-ncurses-5.2.5-14.1mdv2008.1.x86_64.rpm

dfd63fe4e7e853d1ca298d3d0f273847 2008.1/x86_64/php-odbc-5.2.5-14.1mdv2008.1.x86_64.rpm

4682fe6bb3a0b060e88af72754def31b 2008.1/x86_64/php-openssl-5.2.5-14.1mdv2008.1.x86_64.rpm

87559329a3c48b52ead4d0565c8b245c 2008.1/x86_64/php-pcntl-5.2.5-14.1mdv2008.1.x86_64.rpm

9d5c6b3e1c7cf51ecdc18f591d2db51d 2008.1/x86_64/php-pdo-5.2.5-14.1mdv2008.1.x86_64.rpm

d65c65b59daf765bb59102b6c7efaa8f 2008.1/x86_64/php-pdo_dblib-5.2.5-14.1mdv2008.1.x86_64.rpm

710d8e5738610884f6a05d92216f4f92 2008.1/x86_64/php-pdo_mysql-5.2.5-14.1mdv2008.1.x86_64.rpm

1041b835da177f8a23c57fc27b1b950d 2008.1/x86_64/php-pdo_odbc-5.2.5-14.1mdv2008.1.x86_64.rpm

233b492c194e5c2ea8a57e97c5957280 2008.1/x86_64/php-pdo_pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm

1dc281eff1f624d93202a664ff415a24 2008.1/x86_64/php-pdo_sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm

496c4cd0662b01c72ef1d88125a32c28 2008.1/x86_64/php-pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm

547460ae2e62432fb8469ad6d57927f3 2008.1/x86_64/php-posix-5.2.5-14.1mdv2008.1.x86_64.rpm

0e4270d3c85e1b08cf28989d5ccc99d7 2008.1/x86_64/php-pspell-5.2.5-14.1mdv2008.1.x86_64.rpm

0f3d47e68701ffcb9a0161efcc9e8423 2008.1/x86_64/php-readline-5.2.5-14.1mdv2008.1.x86_64.rpm

c8b466772de1a950054aaad758f1512d 2008.1/x86_64/php-recode-5.2.5-14.1mdv2008.1.x86_64.rpm

5de0ce9556bbba884cb77b472a4fce45 2008.1/x86_64/php-session-5.2.5-14.1mdv2008.1.x86_64.rpm

98bcdd66540cf1f4c900b99ae75f2d4c 2008.1/x86_64/php-shmop-5.2.5-14.1mdv2008.1.x86_64.rpm

d281db526e9ae8f8032bf5982a54ba28 2008.1/x86_64/php-snmp-5.2.5-14.1mdv2008.1.x86_64.rpm

def9b2719027320b6e03789f05d673f0 2008.1/x86_64/php-soap-5.2.5-14.1mdv2008.1.x86_64.rpm

7590250ef2892572cbe6713554e8f4b8 2008.1/x86_64/php-sockets-5.2.5-14.1mdv2008.1.x86_64.rpm

490f258c279227ef5fea6ab8abc19197 2008.1/x86_64/php-sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm

2111518b9739bb23069cf98914b9065d 2008.1/x86_64/php-sysvmsg-5.2.5-14.1mdv2008.1.x86_64.rpm

0bda452b910ab8c98ba9fd35cc8f2ac5 2008.1/x86_64/php-sysvsem-5.2.5-14.1mdv2008.1.x86_64.rpm

8d75772a16f8582c55a4cf44ad28d50c 2008.1/x86_64/php-sysvshm-5.2.5-14.1mdv2008.1.x86_64.rpm

f6237eba6d016b4c37da619be5411817 2008.1/x86_64/php-tidy-5.2.5-14.1mdv2008.1.x86_64.rpm

2f4ed9b3fe6521c8ba7b18339c651666 2008.1/x86_64/php-tokenizer-5.2.5-14.1mdv2008.1.x86_64.rpm

da555a1459c356f1d0ac3d02f33d977a 2008.1/x86_64/php-wddx-5.2.5-14.1mdv2008.1.x86_64.rpm

c9705d61d3c0ce345a5e7454c76eab6c 2008.1/x86_64/php-xml-5.2.5-14.1mdv2008.1.x86_64.rpm

5e7ab83900d27a1e250e124640ce5821 2008.1/x86_64/php-xmlreader-5.2.5-14.1mdv2008.1.x86_64.rpm

3582889fd9e5830a7d6bf703510382f4 2008.1/x86_64/php-xmlrpc-5.2.5-14.1mdv2008.1.x86_64.rpm

85b704914f5ebb3f25c010e82297dc32 2008.1/x86_64/php-xmlwriter-5.2.5-14.1mdv2008.1.x86_64.rpm

fbfd8f6863d70fee3781d07a72e33152 2008.1/x86_64/php-xsl-5.2.5-14.1mdv2008.1.x86_64.rpm

bc8f8000a2d6a9815a153ddeda04dd1d 2008.1/x86_64/php-zlib-5.2.5-14.1mdv2008.1.x86_64.rpm

c682f37976c4704d2cfeaa7cd431178b 2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIbT7gmqjQ0CJFipgRAqVOAKC/PGY3i2IKO592B0Ukfck2HnZPogCfUijv

tvsSl4XAuy3Fg1iJ05MfgMs=

=M3vw

-----END PGP SIGNATURE-----

 

 

------------=_1215129943-11275-7003

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215129943-11275-7003--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×