<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:213
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : November 16, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A number of vulnerabilities were discovered in PHP:
 
 An issue with fopen_wrappers.c would not properly restrict access to
 other directories when the open_basedir directive included a trailing
 slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1.
 
 An issue with the apache2handler SAPI in mod_php could allow an
 attacker to cause a Denial of Service via the session.save_path option
 in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue
 does not affect Corporate Server 2.1.
 
 A Denial of Service vulnerability was discovered in the way that PHP
 processes EXIF image data which could allow an attacker to cause PHP
 to crash by supplying carefully crafted EXIF image data
 (CVE-2005-3353).
 
 A cross-site scripting vulnerability was discovered in the phpinfo()
 function which could allow for the injection of javascript or HTML
 content onto a page displaying phpinfo() output, or to steal data such
 as cookies (CVE-2005-3388).
 
 A flaw in the parse_str() function could allow for the enabling of
 register_globals, even if it was disabled in the PHP configuration
 file (CVE-2005-3389).
 
 A vulnerability in the way that PHP registers global variables during
 a file upload request could allow a remote attacker to overwrite the
 $GLOBALS array which could potentially lead the execution of arbitrary
 PHP commands.  This vulnerability only affects systems with
 register_globals enabled (CVE-2005-3390).
 
 The updated packages have been patched to address this issue.  Once the
 new packages have been installed, you will need to restart your Apache
 server using "service httpd restart" in order for the new packages to
 take effect ("service httpd2-naat restart" for MNF2).
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
 http://www.hardened-php.net/advisory_202005.79.html
 http://www.hardened-php.net/advisory_192005.78.html
 http://www.hardened-php.net/advisory_182005.77.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 3966e335bc3a2ae6dffbbc8e83575865  
10.1/RPMS/libphp_common432-4.3.8-3.6.101mdk.i586.rpm
 199fa9e0baf46bda77e660555626ed4e  
10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.i586.rpm
 05ef30fa2004ffd60f4519fd41a444e3  10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.i586.rpm
 fe48fbbb47b3bcdab5054ffdd2067b6a  10.1/RPMS/php-cli-4.3.8-3.6.101mdk.i586.rpm
 90b47f8c1515b5043d513db11d6607ca  10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 9fe206e55dca158523dab0a85f1a5dec  
x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.6.101mdk.x86_64.rpm
 d36a3e7f90980388196aa58b6dbb94af  
x86_64/10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.x86_64.rpm
 416b3bacf2b57f1a9cae5ca172e39135  
x86_64/10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.x86_64.rpm
 0c27298aadb7d0a847a93316ce4d9d57  
x86_64/10.1/RPMS/php-cli-4.3.8-3.6.101mdk.x86_64.rpm
 90b47f8c1515b5043d513db11d6607ca  
x86_64/10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm

 Mandriva Linux 10.2:
 e972e5e5cadb586a390a39bffa1cb56e  
10.2/RPMS/libphp_common432-4.3.10-7.4.102mdk.i586.rpm
 c26646613d41a7f3e82b5d2d11c21b7c  
10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.i586.rpm
 098e0a1e4b8b597bf95461fc085c037a  10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.i586.rpm
 99f0eaa02942f7b6753309ca56979100  10.2/RPMS/php-cli-4.3.10-7.4.102mdk.i586.rpm
 7df363e2e2309ec26b40c3490a0d75ae  10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 d9d33311690b0c5f69e3834a5ba6bc10  
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.4.102mdk.x86_64.rpm
 f5d2b45ace0ab4208ba911159a47e429  
x86_64/10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.x86_64.rpm
 0c7e0acb3bd80a9a7220ecf919b3d795  
x86_64/10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.x86_64.rpm
 7df6f5a5b19c07e9fa3d6851f210f847  
x86_64/10.2/RPMS/php-cli-4.3.10-7.4.102mdk.x86_64.rpm
 7df363e2e2309ec26b40c3490a0d75ae  
x86_64/10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm

 Mandriva Linux 2006.0:
 826c36fdb07b7c341a39507b679e31a9  
2006.0/RPMS/libphp5_common5-5.0.4-9.1.20060mdk.i586.rpm
 2be5d91979fa3c8f77744a86fee8a423  
2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.i586.rpm
 950c43ac1569610fa31b15803fc50d40  
2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm
 1a19b2cc5607bf65c3fe7a339f97ce72  
2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm
 e8d70f64d363821fe29e7cf39e93cd71  
2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm
 fe70481a5316019e303e45e5f0e59adb  
2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm
 9c6a477d87cebf040cee39b75423c040  2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
 f2b058c92a3c2107f97a4b07d34dc1c8  
2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 044e1542f327cf7552fa4d4124843f1f  
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm
 60f4edc9196ea58d9614c3f2ed66a9f6  
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm
 9f6c1eb1a1da44518993957d13eb10bf  
x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm
 3c5d616931098f198eeb0f41011144aa  
x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm
 d16ba71605fc37881443605025534440  
x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm
 0f10f24c8b43317904a79ac66f0405de  
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm
 9c6a477d87cebf040cee39b75423c040  
x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
 f2b058c92a3c2107f97a4b07d34dc1c8  
x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm

 Corporate Server 2.1:
 18b1c4dab517ae624ee96b7558112d84  
corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm
 25e79b0cbb0b1ed8c0915db93efe7863  
corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm
 c818089e5fe42953da5ca48855c52a39  
corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm
 aaafac3f547795f1e4ab50094fb05bb8  
corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm
 590fd7d0a4340ac62e443a1c1543fe60  
corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d3ad20980ced61773e64fc0cd347dbc0  
x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm
 74dc4c2cd5a48ebc77d081ae64fe38cd  
x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm
 5acad2f71a4e4728a986f08a7966846a  
x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm
 39856102ebde84daad4d917cfa94b067  
x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm
 590fd7d0a4340ac62e443a1c1543fe60  
x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm

 Corporate 3.0:
 c2b5c67cd95e5ea7725a98c516b9742f  
corporate/3.0/RPMS/libphp_common432-4.3.4-4.8.C30mdk.i586.rpm
 a8eef95a35ce6916836ee78d1d473939  
corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.i586.rpm
 6c00ce7c4952e9cfcbc654a594d94b18  
corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.i586.rpm
 fad4d2d37aeae89eb52ab10a35b8b3b4  
corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.i586.rpm
 97ed320ad4011d18f69f8f957295a7d7  
corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 db82bf6b28383e687974a6e3ea8ef632  
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.8.C30mdk.x86_64.rpm
 740b5d6160992055e5e84dc03480cf45  
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.x86_64.rpm
 6e2fd52cca98a8b208acaec013cb7630  
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.x86_64.rpm
 679c794a8904940946d8cb52e529413a  
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.x86_64.rpm
 97ed320ad4011d18f69f8f957295a7d7  
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 82bae104a4800c62bf0a007d5af84941  
mnf/2.0/RPMS/libphp_common432-4.3.4-4.8.M20mdk.i586.rpm
 b64e2f00d014aa894d94271351b1cef0  
mnf/2.0/RPMS/php432-devel-4.3.4-4.8.M20mdk.i586.rpm
 c306907caa4c66c77653a2f264fdcdbe  
mnf/2.0/RPMS/php-cgi-4.3.4-4.8.M20mdk.i586.rpm
 46b577275216cfc259a6caba5d4b82f3  
mnf/2.0/RPMS/php-cli-4.3.4-4.8.M20mdk.i586.rpm
 c528b16fd83ddd8732609863ffe0a16a  mnf/2.0/SRPMS/php-4.3.4-4.8.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDe9IImqjQ0CJFipgRAm1aAJ4lHTfZ0FX+0LkLxE2UZ+3U90NQlgCfW8XP
GDuewXy9EIzNQOsJzWNByRY=
=UcRs
-----END PGP SIGNATURE-----