[Updated] [FLSA-2005:166943] Updated php packages fix security issues

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Updated] [FLSA-2005:166943] Updated php packages fix security issues
From: Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
Date: Fri, 02 Dec 2005 20:31:16 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)
---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:166943
Issue date:        2005-12-02
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2498 CVE-2005-3390 CVE-2005-3389
                   CVE-2005-3388 CVE-2005-3353
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated PHP packages that fix multiple security issues are now
available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

[Updated 2nd December 2005]
Red Hat Linux 9 packages have been updated to add missing security
patches.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386

3. Problem description:

A bug was discovered in the PEAR XML-RPC Server package included in PHP.
If a PHP script is used which implements an XML-RPC Server using the
PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to
this issue.

A flaw was found in the way PHP registers global variables during a file
upload request. A remote attacker could submit a carefully crafted
multipart/form-data POST request that would overwrite the $GLOBALS
array, altering expected script behavior, and possibly leading to the
execution of arbitrary PHP commands. Please note that this vulnerability
only affects installations which have register_globals enabled in the
PHP configuration file, which is not a default or recommended option.
The Common Vulnerabilities and Exposures project assigned the name
CVE-2005-3390 to this issue.

A flaw was found in the PHP parse_str() function. If a PHP script passes
only one argument to the parse_str() function, and the script can be
forced to abort execution during operation (for example due to the
memory_limit setting), the register_globals may be enabled even if it is
disabled in the PHP configuration file. This vulnerability only affects
installations that have PHP scripts using the parse_str function in this
way. (CVE-2005-3389)

A Cross-Site Scripting flaw was found in the phpinfo() function. If a
victim can be tricked into following a malicious URL to a site with a
page displaying the phpinfo() output, it may be possible to inject
javascript or HTML content into the displayed page or steal data such as
cookies. This vulnerability only affects installations which allow users
to view the output of the phpinfo() function. As the phpinfo() function
outputs a large amount of information about the current state of PHP, it
should only be used during debugging or if protected by authentication.
(CVE-2005-3388)

A denial of service flaw was found in the way PHP processes EXIF image
data. It is possible for an attacker to cause PHP to crash by supplying
carefully crafted EXIF image data. (CVE-2005-3353)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm


7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

8bdf500386f11c6484c04361095061cce6c5c5f8
redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm
592c870e99523279267a0daea98c7dc08b09e5ca
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm
9f84a76296d88673ba8354f416a6ee75b86afb3f
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm
8c4b7136f2cac5f8eea394db819e0f67a973e4ff
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm
d579f333822efd11fb2fc1364d2b9218bd3547a9
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm
50ec5b4419f70839b5c0b328a605189137477d12
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm
a73300b91e8ac8aee1792f5ec0975fb312b7f780
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm
af7de72af9756d6085d255544de389eb8f355c39
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm
d96277ec0aa9d37af3372eedb0868249ca96ff51
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm
8a03b8a7832aba6baf825ec64778f4a321707405
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm
a3770f044b61275fe671c2e41452fdc3556cd68b
redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm
282e79a54800f0f078702983a54391ddf97637eb
redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm
08cf701a137ed486294e7768d3f1464d40ee72b0
redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm
1b882b5ad1933a567eeb03e9ea40f59a124bfd4f
redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm
11ce31a48256813fd0b61975b4189f9053ea0b37
redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm
a23a1e0fc5f254f0b3284c20f35736e9c0cb70f4
redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm
11204a5ad7b12dc80a021ebf23acaf5c791c518d
redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm
791b822042fed0cd3936e0148a51a215db3d7f78
redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm
b93fc807a74caefeb1f0d848b4a6f2c268ec1508
redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm
5df94b0dda6f043a8312a03be66689c2abd373ab
redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm
cd04cc6c329e18a9c0c989cdb9a5fcdc9b6712c8
fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm
bdb82f6017f088488443cec5f97650aa172714bd
fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm
5921f184247991ddac4b398a617abea8768cd9d5
fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm
b38b1aabdcee19a8764b9156ffbd4a7fd15c5345
fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm
ecb2bfd639fe1e44a389e2527babbd912279d6ad
fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm
3bd193c7d75216cbe34cee7c637be042b2197693
fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm
0883a4ef7c03d8faebc90ed0f4a138e1f9b64c9f
fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm
62017bd8700dcaceb2280443abb3e6fd17e9458e
fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm
c9a90440e780eb1420100ed8b0e28d92ddea0295
fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm
ef627102ded443de2e78c33a29f76c6066f7bf5a
fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm
38da5e66ead97e573a7105ad4a62a14c75763268
fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm
d2b93da45a735956e980e8a5401c4b171644794a
fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm
edce472b6a404a45bb0187ed2058929b51850423
fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm
5f55d05ec4dbbbd6717a14f495bfe9948bec3837
fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm
d308529686de245b33057c4ce1a7e0435ba748e6
fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm
a85ba72dbcf8357c63bd7ddd71a8e7b1e270a0d0
fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm
8856c97f65e6dfdf5241faa5294a9a8883de049b
fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm
f7d1159e5756ba33282920d0923bcd338306a2c8
fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm
24d23bd41dc5c3233019a86a988057dfa8fd3576
fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm
618b32b0c28b71755c8f487b035649e44213b2cf
fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm
cf728abb52acc26f2f6d33dbb5135fdbd2ec4df0
fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm
fe3a23d81b92930426f7dd3a5b687ef979d8a3b9
fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm
771c5041ed29045e4de59bcacbc0c640247c80e7
fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm
2962cc479b53c181dd67fdd4008ee904d81e71ac
fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm
2c6d2007423a9334a22451521a742ca942677c57
fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353

9. Contact:

The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------
Attachment: signature.asc
Description: OpenPGP digital signature
Prev by Date: MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities
Next by Date: QNX 4.25 suided dhcp.client binary
Previous by thread: MDKSA-2005:222 - Updated mailman packages fix various vulnerabilities
Next by thread: QNX 4.25 suided dhcp.client binary
Index(es):
- Date
- Thread