Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2009:023 ] php

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1232582419-14940-7755

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:023

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : php

Date : January 21, 2009

Affected: Corporate 4.0

_______________________________________________________________________

 

Problem Description:

 

A vulnerability in PHP allowed context-dependent attackers to cause

a denial of service (crash) via a certain long string in the glob()

or fnmatch() functions (CVE-2007-4782).

 

A vulnerability in the cURL library in PHP allowed context-dependent

attackers to bypass safe_mode and open_basedir restrictions and read

arbitrary files using a special URL request (CVE-2007-4850).

 

An integer overflow in PHP allowed context-dependent attackers to

cause a denial of serivce via a special printf() format parameter

(CVE-2008-1384).

 

A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown

impact and attack vectors (CVE-2008-2050).

 

Tavis Ormandy of the Google Security Team discovered a heap-based

buffer overflow when compiling certain regular expression patterns.

This could be used by a malicious attacker by sending a specially

crafted regular expression to an application using the PCRE library,

resulting in the possible execution of arbitrary code or a denial of

service (CVE-2008-2371). PHP in Corporate Server 4.0 is affected by

this issue.

 

A buffer overflow in the imageloadfont() function in PHP allowed

context-dependent attackers to cause a denial of service (crash)

and potentially execute arbitrary code via a crafted font file

(CVE-2008-3658).

 

A buffer overflow in the memnstr() function allowed context-dependent

attackers to cause a denial of service (crash) and potentially execute

arbitrary code via the delimiter argument to the explode() function

(CVE-2008-3659).

 

PHP, when used as a FastCGI module, allowed remote attackers to cause

a denial of service (crash) via a request with multiple dots preceding

the extension (CVE-2008-3660).

 

An array index error in the imageRotate() function in PHP allowed

context-dependent attackers to read the contents of arbitrary memory

locations via a crafted value of the third argument to the function

for an indexed image (CVE-2008-5498).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498

_______________________________________________________________________

 

Updated Packages:

 

Corporate 4.0:

d55d5489013a1f9e95262571a5ef2979 corporate/4.0/i586/libphp5_common5-5.1.6-1.10.20060mlcs4.i586.rpm

8701a5ab0e71009171216ccda307e547 corporate/4.0/i586/php-cgi-5.1.6-1.10.20060mlcs4.i586.rpm

d3e8b97d03ccd01127a1aeb9e17d3d7e corporate/4.0/i586/php-cli-5.1.6-1.10.20060mlcs4.i586.rpm

6e0aa2965637f3dbc25cff1d5064bb8c corporate/4.0/i586/php-curl-5.1.6-1.1.20060mlcs4.i586.rpm

0458b8aa8daa0e39cd329761eae9d654 corporate/4.0/i586/php-devel-5.1.6-1.10.20060mlcs4.i586.rpm

89487acc8fa77864d25e5aebc40bc9b4 corporate/4.0/i586/php-fcgi-5.1.6-1.10.20060mlcs4.i586.rpm

bf404efb4e9567f431256d36833fc8d6 corporate/4.0/i586/php-pcre-5.1.6-1.1.20060mlcs4.i586.rpm

c62fb74e0d8744077e4c8ff6f50df98b corporate/4.0/SRPMS/php-5.1.6-1.10.20060mlcs4.src.rpm

e46cf717872ddfbf6a13f6d45d225533 corporate/4.0/SRPMS/php-curl-5.1.6-1.1.20060mlcs4.src.rpm

b188d26d6a781b5066d515ed5ae36ace corporate/4.0/SRPMS/php-pcre-5.1.6-1.1.20060mlcs4.src.rpm

 

Corporate 4.0/X86_64:

70d99222e5692b2fd88fcb05f8f5e620 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.10.20060mlcs4.x86_64.rpm

62448b1b344cdc098b6620e0e773ef17 corporate/4.0/x86_64/php-cgi-5.1.6-1.10.20060mlcs4.x86_64.rpm

dc0df43cfe80f4b5017924152d43a91f corporate/4.0/x86_64/php-cli-5.1.6-1.10.20060mlcs4.x86_64.rpm

9ac37cd014c4012a964e65cbe9d1b01a corporate/4.0/x86_64/php-curl-5.1.6-1.1.20060mlcs4.x86_64.rpm

6ac51f6b50172ee6d5eb36ce8b8cba77 corporate/4.0/x86_64/php-devel-5.1.6-1.10.20060mlcs4.x86_64.rpm

ab26bfe0c8370bd2bf37205cbc1df63b corporate/4.0/x86_64/php-fcgi-5.1.6-1.10.20060mlcs4.x86_64.rpm

e570ffbbd17e30630e7f14a67b57cffd corporate/4.0/x86_64/php-pcre-5.1.6-1.1.20060mlcs4.x86_64.rpm

c62fb74e0d8744077e4c8ff6f50df98b corporate/4.0/SRPMS/php-5.1.6-1.10.20060mlcs4.src.rpm

e46cf717872ddfbf6a13f6d45d225533 corporate/4.0/SRPMS/php-curl-5.1.6-1.1.20060mlcs4.src.rpm

b188d26d6a781b5066d515ed5ae36ace corporate/4.0/SRPMS/php-pcre-5.1.6-1.1.20060mlcs4.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJd4y5mqjQ0CJFipgRAlpVAJ4oOl0atBrwZTu5WA3RvdNxzIDroACgi+UH

4tzIz9f+JcmDA5Q469nYg5M=

=804z

-----END PGP SIGNATURE-----

 

 

------------=_1232582419-14940-7755

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1232582419-14940-7755--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×