[USN-66-2] PHP vulnerability

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-66-2] PHP vulnerability
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Thu, 17 Feb 2005 12:34:00 +0100
Cc: full-disclosure@xxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.6+20040907i

===========================================================
Ubuntu Security Notice USN-66-2           February 17, 2005
php4 vulnerability
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi
php4-curl

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.4.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Ubuntu Security Notice USN-66-1 described a circumvention of the
"open_basedir" restriction by using the cURL module. Adam Conrad
discovered that the fix from USN-66-1 still allowed to bypass this
restriction with certain variants of path specifications.

In addition this update fixes the crash of the PHP interpreter if
curl_init() was called without parameters.

For reference, this is the relevant part of the original advisory:

  FraMe from kernelpanik.org reported that the cURL module does not
  respect open_basedir restrictions. As a result, scripts which used
  cURL to open files with an user-specified path could read arbitrary
  local files outside of the open_basedir directory.


  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.4.diff.gz
      Size/MD5:   611060 76c53132842eb8ece0ec556bee7000cf
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.4.dsc
      Size/MD5:     1624 e25032760f5ed679add0be6d48527170
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.4_all.deb
      Size/MD5:   331626 ce1e79fb8ecc58f78d233066883f6725
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.4_all.deb
      Size/MD5:   332790 429505efcf671fb1d4da2968226ee4c6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:  1687480 462c58ddaab48de37ca1039e698c4c8c
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:  3195780 51c1d068f62232af75e63f7e2a3c2230
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    17284 2f63e4d476d65e08233e57f933694ff2
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    40426 506434df3df05c237fc63da763825c95
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    33486 df79e497971d085a0680b3ddd9a269f1
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    21228 f2554def1efd2fa45c909a4261162e68
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    18400 e01c3969357a1b4bf152e7ad06bfef40
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:     7992 a8817082c98b83b1fb55c214846512b2
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    23102 d0c791b8a5f10a7e9ea87b055a228312
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    28320 c1e191ce25142c8ed3f7ae5daf4d9b39
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:     7612 606949271082345c796d3f9e9c2ec541
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    12970 3393e20aa9e3d1e3c2cf0bc0359f5806
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    21494 62868364df45a402a308c252657e60fa
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:    17246 6361e60943f278449acd6d750c56025d
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_amd64.deb
      Size/MD5:  1703470 0e99f41c4ce66dc0e06491ba5295d51b

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:  1629902 38955a05f0f084ac684b834cfdc6edc7
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:  3042760 42ffd6b9ca6d0e493f788a02b5b257fb
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    16860 77ff98449d50e457bee48e9769d19cd2
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    35552 bddb8b6a234231e8f5d0c163b6a479a5
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    31070 dd71ae9453c1205a39e454c1ca532649
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    19478 9184835f69706e26c2cdefdf5b4c9564
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    17054 df4db9d3dd5d481f56a7b6484594b26f
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:     7736 90eb3961904849858ddc8a044c3ce237
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    20900 d317c8c39d855aed6b8973be556688be
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    26064 2d6327245d431c74b13e06fdeea80e62
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:     7370 bc7e541267ec1f44bad50c4dfac5a49a
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    12310 eb1944171d6a299501c0cea2097343a1
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    20000 6e0e22f1f03a6b5ffe3899420276457c
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:    15870 54ac4231dcce2d17c68ff502714ad13e
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_i386.deb
      Size/MD5:  1644360 e10c54aeb7a05c1a0c2138efa39d20f9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:  1689706 fd463f39564a21417c7019f04d1cfec8
    
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:  3202562 44201779f8f3f774f55d48e32d408b8d
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    19106 64330e974972871eebe4bcd87279fc4d
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    38270 d7042bc5d75870eb2d432e846a2a5441
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    33998 738571843aab9897a901c6f6f65f98ee
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    21468 2d7e4c5c20c5dbdce612ed69ac3fd880
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    19304 7f1f2acf123d2786989bf99aec13ef83
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:     9314 bfe0398e5c8d468d68e5a01a2aa4cdc4
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    22682 846114bf787f908a5437948be449d631
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    28404 b4bb776334efd838f1b3d7d484cbd519
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:     8998 b7b29936ce086da1785794f41b6589be
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    14328 cf8af9f1d5ca318d186faafb7b5ad600
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    22186 8acd3167949589f38e2a203a815cd102
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:    18056 66c7fe1689e4ccfa84de0da867fd43f9
    
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.4_powerpc.deb
      Size/MD5:  1707320 35ee359643a7677e0c75a79f00687c6d

Attachment: signature.asc
Description: Digital signature

Prev by Date: [USN-78-2] Fixed mailman packages for USN-78-1
Next by Date: Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
Previous by thread: [USN-78-2] Fixed mailman packages for USN-78-1
Next by thread: Re: NetSec Security Advisory: Multiple Vulnerabilities Resulting From Use Of Apple OSX HFS+
Index(es):
- Date
- Thread