[ MDKSA-2007:048 ] - Updated php packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:048
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : February 22, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in PHP language.
Many buffer overflow flaws were discovered in the PHP session
extension, the str_replace() function, and the imap_mail_compose()
function. An attacker able to use a PHP application using any of
these functions could trigger these flaws and possibly execute
arbitrary code as the apache user (CVE-2007-0906).
A one-byte memory read will always occur prior to the beginning of a
buffer, which could be triggered, for example, by any use of the
header() function in a script (CVE-2007-0907).
The wddx extension, if used to import WDDX data from an untrusted
source, may allow a random portion of heap memory to be exposed due
to certain WDDX input packets (CVE-2007-0908).
The odbc_result_all() function, if used to display data from a
database,
and if the contents of the database are under the control of an
attacker, could lead to the execution of arbitrary code due to a format
string vulnerability (CVE-2007-0909).
Several flaws in the PHP could allow attackers to clobber certain
super-global variables via unspecified vectors (CVE-2007-0910).
The zend_hash_init() function can be forced into an infinite loop
if unserializing untrusted data on a 64-bit platform, resulting in
the consumption of CPU resources until the script timeout alarm aborts
the execution of the script (CVE-2007-0988).
Updated package have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
14a536e0c07f48b553986725223f54dc
2006.0/i586/libphp5_common5-5.0.4-9.19.20060mdk.i586.rpm
762bc7a2f5500dca2eb7effdb96b6cf0
2006.0/i586/php-cgi-5.0.4-9.19.20060mdk.i586.rpm
3055c27939b2b6451872b39654c7564f
2006.0/i586/php-cli-5.0.4-9.19.20060mdk.i586.rpm
042909d1305a2ceeab45fa11fa4ff434
2006.0/i586/php-devel-5.0.4-9.19.20060mdk.i586.rpm
0bcc6a996a381e6d8ee7c5271bbea166
2006.0/i586/php-fcgi-5.0.4-9.19.20060mdk.i586.rpm
69bc4325439a8ee9ba99ed28af7ed0e2
2006.0/i586/php-imap-5.0.4-2.5.20060mdk.i586.rpm
b9a273cc6b7b5e35efea231b27bbc2e5
2006.0/i586/php-odbc-5.0.4-1.1.20060mdk.i586.rpm
7b499c1b38392d556619692780ed41f4
2006.0/i586/php-session-5.0.4-1.1.20060mdk.i586.rpm
452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
0ccd978c2b32e74087d237e334a46779
2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
d7549d0a1c8dd9a8989bbf2519d923fa
2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
92abeadef4272b1e1dff61c956923d23
2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
9e66a63f9b6a4694e3b6440afc4e0bd5
2006.0/x86_64/lib64php5_common5-5.0.4-9.19.20060mdk.x86_64.rpm
a07a6011defb76f88eba66fc429221e3
2006.0/x86_64/php-cgi-5.0.4-9.19.20060mdk.x86_64.rpm
964d1e6c84a4a8b20fc5257435e64d6e
2006.0/x86_64/php-cli-5.0.4-9.19.20060mdk.x86_64.rpm
a0b074323affacd0c3b26302bb791d0a
2006.0/x86_64/php-devel-5.0.4-9.19.20060mdk.x86_64.rpm
74f357e2b7db2b3c1d7e179ab9341b10
2006.0/x86_64/php-fcgi-5.0.4-9.19.20060mdk.x86_64.rpm
6bad08844fe2a99bd12defc982e75e5f
2006.0/x86_64/php-imap-5.0.4-2.5.20060mdk.x86_64.rpm
183f14e7c52ad0b14692661afd478e3c
2006.0/x86_64/php-odbc-5.0.4-1.1.20060mdk.x86_64.rpm
f156370ad26f48adcc9fbdb17eb04db1
2006.0/x86_64/php-session-5.0.4-1.1.20060mdk.x86_64.rpm
452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
0ccd978c2b32e74087d237e334a46779
2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
d7549d0a1c8dd9a8989bbf2519d923fa
2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
92abeadef4272b1e1dff61c956923d23
2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
cf3ef7426074a91964ef0086459cc889
2007.0/i586/libphp5_common5-5.1.6-1.6mdv2007.0.i586.rpm
8567efb3d4d7a41bcfeecd1c0a3c64e5
2007.0/i586/php-cgi-5.1.6-1.6mdv2007.0.i586.rpm
675213bf0e797a294776da1bbcbddc69
2007.0/i586/php-cli-5.1.6-1.6mdv2007.0.i586.rpm
115be2e3b5ca6b285dd359374ab4cf5c
2007.0/i586/php-devel-5.1.6-1.6mdv2007.0.i586.rpm
b3ca1cf50e10f01d57d9471baf5f330c
2007.0/i586/php-fcgi-5.1.6-1.6mdv2007.0.i586.rpm
40225dcc5e0e4293be737a5043436010
2007.0/i586/php-imap-5.1.6-1.1mdv2007.0.i586.rpm
ba41c7d542423eb42539dc6ab3e2ac9f
2007.0/i586/php-odbc-5.1.6-1.1mdv2007.0.i586.rpm
639ede4d200b60c4164f396d6e215b69
2007.0/i586/php-session-5.1.6-1.1mdv2007.0.i586.rpm
0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
7d90955ba0926450ae4d3fe854744f36
2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3
2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
2959ad88632828e143d5ac98fae79a7b
2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
0f3a963e7808ed8be25e7b17544c0c05
2007.0/x86_64/lib64php5_common5-5.1.6-1.6mdv2007.0.x86_64.rpm
b7bb612bfc0cb39bb5648dd0b7ea4d37
2007.0/x86_64/php-cgi-5.1.6-1.6mdv2007.0.x86_64.rpm
c4b459dc63debe260e8f06d4260e30fd
2007.0/x86_64/php-cli-5.1.6-1.6mdv2007.0.x86_64.rpm
18534448cbe23231900e3da51333dc67
2007.0/x86_64/php-devel-5.1.6-1.6mdv2007.0.x86_64.rpm
6bbd4f1f6c4e060de408183798a2f312
2007.0/x86_64/php-fcgi-5.1.6-1.6mdv2007.0.x86_64.rpm
b8c0a446c7fa433e0678e3e58effccab
2007.0/x86_64/php-imap-5.1.6-1.1mdv2007.0.x86_64.rpm
f49bb567345c6728baf879e943e15002
2007.0/x86_64/php-odbc-5.1.6-1.1mdv2007.0.x86_64.rpm
e60efa04d5b12f98a1c9800c8d3d4a21
2007.0/x86_64/php-session-5.1.6-1.1mdv2007.0.x86_64.rpm
0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
7d90955ba0926450ae4d3fe854744f36
2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3
2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
2959ad88632828e143d5ac98fae79a7b
2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm
Corporate 3.0:
b976e6b9cadf8cf26eb00611b5b47274
corporate/3.0/i586/libphp_common432-4.3.4-4.24.C30mdk.i586.rpm
21a6ed462d981442f42aa22f4b2dc09b
corporate/3.0/i586/php-cgi-4.3.4-4.24.C30mdk.i586.rpm
13515b3d016198d636d37abf967e5c20
corporate/3.0/i586/php-cli-4.3.4-4.24.C30mdk.i586.rpm
ba84264eeab995355deab7c9323aedd1
corporate/3.0/i586/php-imap-4.3.4-1.5.C30mdk.i586.rpm
128dc7b4d3b2e925b7a0b1d850d0895a
corporate/3.0/i586/php432-devel-4.3.4-4.24.C30mdk.i586.rpm
56f90fe0b8a96f6a6fe5bf0620cd4408
corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
2ab806c5a8f696fdce5e4f1037e1404d
corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
8ccfdbf8075179e44035bb97f3e75d7d
corporate/3.0/x86_64/lib64php_common432-4.3.4-4.24.C30mdk.x86_64.rpm
18b243d3ce9ea60777d66980280c37ba
corporate/3.0/x86_64/php-cgi-4.3.4-4.24.C30mdk.x86_64.rpm
404152b4a6a773895b7eff209f1fb1d5
corporate/3.0/x86_64/php-cli-4.3.4-4.24.C30mdk.x86_64.rpm
fdeb1accc67c123bace512c287a656c2
corporate/3.0/x86_64/php-imap-4.3.4-1.5.C30mdk.x86_64.rpm
14a01cc331d4ce489a8f9fdee3959c31
corporate/3.0/x86_64/php432-devel-4.3.4-4.24.C30mdk.x86_64.rpm
56f90fe0b8a96f6a6fe5bf0620cd4408
corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
2ab806c5a8f696fdce5e4f1037e1404d
corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm
Corporate 4.0:
c509fc3368d31c1dca47d065b28f2fea
corporate/4.0/i586/libphp4_common4-4.4.4-1.4.20060mlcs4.i586.rpm
4901007b7f7d98585f926c76692e3c3e
corporate/4.0/i586/libphp5_common5-5.1.6-1.5.20060mlcs4.i586.rpm
e3ffeda22f59f1f947acfeba34a9d23f
corporate/4.0/i586/php-cgi-5.1.6-1.5.20060mlcs4.i586.rpm
aecf1f88ba7c6e964f8f96a90cbf10c2
corporate/4.0/i586/php-cli-5.1.6-1.5.20060mlcs4.i586.rpm
39268f16090d55a4c969734263036be4
corporate/4.0/i586/php-devel-5.1.6-1.5.20060mlcs4.i586.rpm
3db35d86b2943802a54cc3272662e91c
corporate/4.0/i586/php-fcgi-5.1.6-1.5.20060mlcs4.i586.rpm
a8e96cedb24e719f32c83d5e6bc02e3e
corporate/4.0/i586/php-imap-5.1.6-1.1.20060mlcs4.i586.rpm
169fef5a69d5d3c1b385d218ddaf68fd
corporate/4.0/i586/php-odbc-5.1.6-1.1.20060mlcs4.i586.rpm
d3191c857cee1b6ed1c9978d0eea5a8c
corporate/4.0/i586/php-session-5.1.6-1.1.20060mlcs4.i586.rpm
58777631a4cc9b7f064b3eb41b773b60
corporate/4.0/i586/php-wddx-5.1.6-1.1.20060mlcs4.i586.rpm
981f2fe117ddd4a025b095bd98f988b6
corporate/4.0/i586/php4-cgi-4.4.4-1.4.20060mlcs4.i586.rpm
d0845bd223c59cc23a487cc11822940c
corporate/4.0/i586/php4-cli-4.4.4-1.4.20060mlcs4.i586.rpm
ce46c6aa0f58d6b87392e0c7b471dc4b
corporate/4.0/i586/php4-devel-4.4.4-1.4.20060mlcs4.i586.rpm
cb618d8c7536749f010445b5f7c1ad5a
corporate/4.0/i586/php4-imap-4.4.4-0.1.20060mlcs4.i586.rpm
df7aa75f1bbdd6051f71d62692417b00
corporate/4.0/i586/php4-odbc-4.4.4-0.1.20060mlcs4.i586.rpm
a5743e7b00125f3fbfc9815e5bedacfe
corporate/4.0/i586/php4-wddx-4.4.4-0.1.20060mlcs4.i586.rpm
b912cf9745221ccf19f08c9e9e6e9724
corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
12771ab58ff701a26a3dff54e3cb757a
corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
3ac73928485a9d003f9ab410da73f496
corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
b6d3c63e004e44c8bef821d14e9dfb95
corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
c30202c77c1a1a5a8694536733b7efb3
corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
bc686b9f2bd178263c6e211c3781f0fb
corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
4ec41380503d039ba368e1b5a375042f
corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
a151cddb0bb46bf5046091e9ee0683c1
corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
afa5569276637c92cfec4fca0b700434
corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
e2031a018eabe7291baa8f14e8aea201
corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.4.20060mlcs4.x86_64.rpm
67e00f079636589757a192db88789be7
corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.5.20060mlcs4.x86_64.rpm
9e8e832216178be8c5c6cf5a7b46011e
corporate/4.0/x86_64/php-cgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
0628d22b004b2948ca17dcfadac43e50
corporate/4.0/x86_64/php-cli-5.1.6-1.5.20060mlcs4.x86_64.rpm
6e5eeeef138b0ae9c458bf3756e551c3
corporate/4.0/x86_64/php-devel-5.1.6-1.5.20060mlcs4.x86_64.rpm
9af58850637ffed2b37ccfa0c881fb1f
corporate/4.0/x86_64/php-fcgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
fbacfda0078e058d0a9c55b0951d7b22
corporate/4.0/x86_64/php-imap-5.1.6-1.1.20060mlcs4.x86_64.rpm
4d4dfb1e89ff5debd4734b09e18282db
corporate/4.0/x86_64/php-odbc-5.1.6-1.1.20060mlcs4.x86_64.rpm
e6cc37b9941ca1c010a83ecfeb80f5ff
corporate/4.0/x86_64/php-session-5.1.6-1.1.20060mlcs4.x86_64.rpm
bd9fce2e55b5445324c605eb739a811c
corporate/4.0/x86_64/php-wddx-5.1.6-1.1.20060mlcs4.x86_64.rpm
6795c92d078f0a9a67abcc44fde3b6ee
corporate/4.0/x86_64/php4-cgi-4.4.4-1.4.20060mlcs4.x86_64.rpm
d6112d336c1d5bc101cc5a624177b38e
corporate/4.0/x86_64/php4-cli-4.4.4-1.4.20060mlcs4.x86_64.rpm
b5c7bd35a04a63839c9a43de0392ee29
corporate/4.0/x86_64/php4-devel-4.4.4-1.4.20060mlcs4.x86_64.rpm
94ae86a2e5b36059eba7f7385df0f79c
corporate/4.0/x86_64/php4-imap-4.4.4-0.1.20060mlcs4.x86_64.rpm
17166588d6b6052e85f395e15fa6a942
corporate/4.0/x86_64/php4-odbc-4.4.4-0.1.20060mlcs4.x86_64.rpm
de8d50be6e2bd6f6cdba304f003bcc24
corporate/4.0/x86_64/php4-wddx-4.4.4-0.1.20060mlcs4.x86_64.rpm
b912cf9745221ccf19f08c9e9e6e9724
corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
12771ab58ff701a26a3dff54e3cb757a
corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
3ac73928485a9d003f9ab410da73f496
corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
b6d3c63e004e44c8bef821d14e9dfb95
corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
c30202c77c1a1a5a8694536733b7efb3
corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
bc686b9f2bd178263c6e211c3781f0fb
corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
4ec41380503d039ba368e1b5a375042f
corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
a151cddb0bb46bf5046091e9ee0683c1
corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
afa5569276637c92cfec4fca0b700434
corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
f67045828bb37de94a16410dd106c839
mnf/2.0/i586/libphp_common432-4.3.4-4.24.M20mdk.i586.rpm
6d6c9770470709db6c849baf1b79ed7c
mnf/2.0/i586/php-cgi-4.3.4-4.24.M20mdk.i586.rpm
f5f3a45ffa8c90a53f541dd575dcfde0
mnf/2.0/i586/php-cli-4.3.4-4.24.M20mdk.i586.rpm
7d8a49eb836d1f7b09afbb67dae77ef4
mnf/2.0/i586/php432-devel-4.3.4-4.24.M20mdk.i586.rpm
9ef4f5c1fd355320945faf7bb3904975 mnf/2.0/SRPMS/php-4.3.4-4.24.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF3lOTmqjQ0CJFipgRAsbpAKDURk8Q4U7KcvcsVpYlNbe8CwIiWQCgobiE
w9pA+mlmA6RVi+gXsxvQWNc=
=u9Od
-----END PGP SIGNATURE-----