<<< Date Index >>>     <<< Thread Index >>>

[ MDKSA-2006:035 ] - Updated php packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:035
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : February 7, 2006
 Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
 a remote attacker to bypass safe_mode and open_basedir restrictions via
 unknown attack vectors.
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 73fb60b80de60eac15425466e59dca39  
10.1/RPMS/libphp_common432-4.3.8-3.8.101mdk.i586.rpm
 b28919e0310bf29bf5866dae1ee16d98  
10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.i586.rpm
 d83eaac3668f09924156f177cd15f201  10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.i586.rpm
 143fc214304a1c289fca9706a2a1c3a8  10.1/RPMS/php-cli-4.3.8-3.8.101mdk.i586.rpm
 78c983eccc5b8423c97ef382438b2e65  10.1/RPMS/php-gd-4.3.8-2.1.101mdk.i586.rpm
 677522c6ed558432f3dbf15616083610  10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
 aac1a54955e947f6c15c8b8059ae4181  10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 106d6d5ca6b8f39c392bd13ec1dc42d4  
x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.8.101mdk.x86_64.rpm
 b4c808eec06082b85642bb130f8415dc  
x86_64/10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.x86_64.rpm
 471cb69b308907e438d462c99980dea0  
x86_64/10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.x86_64.rpm
 553db3e91f87e7a515ac135e8d7f15f0  
x86_64/10.1/RPMS/php-cli-4.3.8-3.8.101mdk.x86_64.rpm
 ec747cf48a3dad42141f27e44325033e  
x86_64/10.1/RPMS/php-gd-4.3.8-2.1.101mdk.x86_64.rpm
 677522c6ed558432f3dbf15616083610  
x86_64/10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
 aac1a54955e947f6c15c8b8059ae4181  
x86_64/10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

 Mandriva Linux 10.2:
 13cf3adeda0a0cd1d0ccde575cbe63ec  
10.2/RPMS/libphp_common432-4.3.10-7.6.102mdk.i586.rpm
 18302ef915b8f1b2245b9c0f79d574aa  
10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.i586.rpm
 c58efdb3973bb63914463628936cf2db  10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.i586.rpm
 401059a0058df93d7b8567813b082b7e  10.2/RPMS/php-cli-4.3.10-7.6.102mdk.i586.rpm
 887e86064d91d133d3c98245b39335b3  10.2/RPMS/php-gd-4.3.10-5.1.102mdk.i586.rpm
 b677b123040f0279e39a047aa706a853  10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
 393e9bde7b571bc6aee17cf48929e0d5  10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 b457eff82dcedc940afda2b137dc9058  
x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.6.102mdk.x86_64.rpm
 6075916423066e4a026814cd38332528  
x86_64/10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.x86_64.rpm
 4e1c918a571c85e3e4ce065edd249576  
x86_64/10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.x86_64.rpm
 a222ddab3ffff21bcd82420fce7951da  
x86_64/10.2/RPMS/php-cli-4.3.10-7.6.102mdk.x86_64.rpm
 ccf2d23979006f1f7bbc9d2a1efd6043  
x86_64/10.2/RPMS/php-gd-4.3.10-5.1.102mdk.x86_64.rpm
 b677b123040f0279e39a047aa706a853  
x86_64/10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
 393e9bde7b571bc6aee17cf48929e0d5  
x86_64/10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

 Corporate 3.0:
 1980e0259fe7747380a824f8d22e6547  
corporate/3.0/RPMS/libphp_common432-4.3.4-4.10.C30mdk.i586.rpm
 390c85972981566b353b594fe22197dc  
corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.i586.rpm
 d9a49155ce3a80cdbc277f2412a13518  
corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.i586.rpm
 d0cbbd7fb891a7541929c67aa0343df6  
corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.i586.rpm
 238811f03e72ceecb0b91be525380cb9  
corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.i586.rpm
 d54f4e12d35cedbef0f718170620ace4  
corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
 c1a3d05a9501024102944e6820bc5501  
corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a8dce337033e676378664c0db6b469f7  
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.10.C30mdk.x86_64.rpm
 c7b1cfd80cd506eff43f22b80aa75de6  
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.x86_64.rpm
 1c5e085cb86ad4f7af6a0da6d05a1d62  
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.x86_64.rpm
 9eec60e7a700c07da18b4f787ad3f58c  
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.x86_64.rpm
 500eedf63f7cbccb7920a94e7959e7ac  
x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.x86_64.rpm
 d54f4e12d35cedbef0f718170620ace4  
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
 c1a3d05a9501024102944e6820bc5501  
x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 505744d67c4a0d9d438eb59635a1b854  
mnf/2.0/RPMS/libphp_common432-4.3.4-4.10.M20mdk.i586.rpm
 415fb09281493e6b5e262b8a919b2eb9  
mnf/2.0/RPMS/php432-devel-4.3.4-4.10.M20mdk.i586.rpm
 71f1a80d1bf23652a8001a7e48fe139c  
mnf/2.0/RPMS/php-cgi-4.3.4-4.10.M20mdk.i586.rpm
 5ad32b1fb9e6b12be629ea44168d5138  
mnf/2.0/RPMS/php-cli-4.3.4-4.10.M20mdk.i586.rpm
 0b23cfbdff6ccd70f06cd3ab13813cb5  mnf/2.0/RPMS/php-gd-4.3.4-1.1.M20mdk.i586.rpm
 27c29e02d28e0aea1dadd7d149636b83  mnf/2.0/SRPMS/php-4.3.4-4.10.M20mdk.src.rpm
 ca1601d0a1fa257c8916715582a1df41  mnf/2.0/SRPMS/php-gd-4.3.4-1.1.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6M4NmqjQ0CJFipgRAvWSAJ0Yd7hn/GFf8yzTndtqIQyoglmadgCg5Tyo
2VeXltESjHb2bQZrROv66Ao=
=uN12
-----END PGP SIGNATURE-----