Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2008:130 ] - Updated PHP packages fix multiple vulnerabilities

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1215141685-11275-7005

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2008:130

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : php4

Date : July 3, 2008

Affected: Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

An integer overflow in the zip_read_entry() function in PHP prior

to 4.4.5 allowed remote attackers to execute arbitrary code via a

ZIP archive containing a certain type of entry that triggered a heap

overflow (CVE-2007-1777).

 

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5

were discovered that could produce a zero seed in rare circumstances on

32bit systems and generations a portion of zero bits during conversion

due to insufficient precision on 64bit systems (CVE-2008-2107,

CVE-2008-2108).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108

_______________________________________________________________________

 

Updated Packages:

 

Corporate 4.0:

070c4d4f7403e8a88cebf04ec8332d9c corporate/4.0/i586/libphp4_common4-4.4.4-1.8.20060mlcs4.i586.rpm

d4a5b569f487d6d0cd9c32e6c57973e2 corporate/4.0/i586/php4-cgi-4.4.4-1.8.20060mlcs4.i586.rpm

cc39060ca799894fd2e0e31bdc588d93 corporate/4.0/i586/php4-cli-4.4.4-1.8.20060mlcs4.i586.rpm

b9445da53d60e15b815d702bb0639b2c corporate/4.0/i586/php4-devel-4.4.4-1.8.20060mlcs4.i586.rpm

89578a93f8389f1c18a9ec2bb2976c3d corporate/4.0/i586/php4-zip-4.4.4-1.1.20060mlcs4.i586.rpm

1bd1828056a9485094c3f8dcad359868 corporate/4.0/SRPMS/php4-4.4.4-1.8.20060mlcs4.src.rpm

1c44162aa2dd129612450a61427e94f4 corporate/4.0/SRPMS/php4-zip-4.4.4-1.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

fbc3b649e7429a3dc6e53e367eaf0eb4 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.8.20060mlcs4.x86_64.rpm

62ec98b2fdf5656e84afa1423f5e757b corporate/4.0/x86_64/php4-cgi-4.4.4-1.8.20060mlcs4.x86_64.rpm

6cfc64f13467e939995d00f5b9293701 corporate/4.0/x86_64/php4-cli-4.4.4-1.8.20060mlcs4.x86_64.rpm

a158811bab4ffcc278660fc6bb0b8eb3 corporate/4.0/x86_64/php4-devel-4.4.4-1.8.20060mlcs4.x86_64.rpm

e5eec77b3270124b1a68689aa0b3362b corporate/4.0/x86_64/php4-zip-4.4.4-1.1.20060mlcs4.x86_64.rpm

1bd1828056a9485094c3f8dcad359868 corporate/4.0/SRPMS/php4-4.4.4-1.8.20060mlcs4.src.rpm

1c44162aa2dd129612450a61427e94f4 corporate/4.0/SRPMS/php4-zip-4.4.4-1.1.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFIbWw0mqjQ0CJFipgRAm3BAKDadkkRtJshMaEt5uWC7vi0OQuEpwCgwWSu

Agn3VI+92DBfD+BQzRSoQhU=

=nH2f

-----END PGP SIGNATURE-----

 

 

------------=_1215141685-11275-7005

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1215141685-11275-7005--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×