[ MDVSA-2008:128 ] - Updated PHP packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:128
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : July 3, 2008
Affected: 2008.1
_______________________________________________________________________
Problem Description:
A number of vulnerabilities have been found and corrected in PHP:
php-cgi in PHP prior to 5.2.6 does not properly calculate the length
of PATH_TRANSLATED, which has unknown impact and attack vectors
(CVE-2008-0599).
The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).
Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).
The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).
In addition, the updated packages provide a number of bug fixes.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
a37818e23e89ac2862f4fb4a64e7a208
2008.1/i586/libphp5_common5-5.2.5-14.1mdv2008.1.i586.rpm
c58445867f86bebdd96e22d4acd38060
2008.1/i586/php-bcmath-5.2.5-14.1mdv2008.1.i586.rpm
1ebbc55b496fa354029f3ed79d2204f3
2008.1/i586/php-bz2-5.2.5-14.1mdv2008.1.i586.rpm
94bebca56612a4ec0116f7f5c53da3d0
2008.1/i586/php-calendar-5.2.5-14.1mdv2008.1.i586.rpm
469701782a3d5b629f43605e0a125afa
2008.1/i586/php-cgi-5.2.5-14.1mdv2008.1.i586.rpm
39079d351109e89c80cfa916d6c239d6
2008.1/i586/php-cli-5.2.5-14.1mdv2008.1.i586.rpm
3e71e18a497ac32aa3153cbf801869b9
2008.1/i586/php-ctype-5.2.5-14.1mdv2008.1.i586.rpm
3cf96d78e7c0baaa470df375f756dbe7
2008.1/i586/php-curl-5.2.5-14.1mdv2008.1.i586.rpm
9d5ace343f0edceb34080f6168d2de54
2008.1/i586/php-dba-5.2.5-14.1mdv2008.1.i586.rpm
88a61df3d3e1b08351c3d28d5b1beaa5
2008.1/i586/php-dbase-5.2.5-14.1mdv2008.1.i586.rpm
e4be850b54e6e823c323df86ddfb9b65
2008.1/i586/php-devel-5.2.5-14.1mdv2008.1.i586.rpm
e08be6d315e4afb0ee8c7abbae1cca30
2008.1/i586/php-dom-5.2.5-14.1mdv2008.1.i586.rpm
94732727478ab8954f987dbb4a7516f3
2008.1/i586/php-exif-5.2.5-14.1mdv2008.1.i586.rpm
aac78c46a893ceff0dd2d17f5acd882f
2008.1/i586/php-fcgi-5.2.5-14.1mdv2008.1.i586.rpm
8a75ef9557cdf74be9e39c45bed337a0
2008.1/i586/php-filter-5.2.5-14.1mdv2008.1.i586.rpm
ddf3778405e2bca02267d7c4d2678d4a
2008.1/i586/php-ftp-5.2.5-14.1mdv2008.1.i586.rpm
e0b1005f29b77a4b210d0470fe83721f
2008.1/i586/php-gd-5.2.5-14.1mdv2008.1.i586.rpm
c9dec9d8c87d3880c093d9eac2a7511f
2008.1/i586/php-gettext-5.2.5-14.1mdv2008.1.i586.rpm
e990f3a9fbd10fed38e9538fb74dccb1
2008.1/i586/php-gmp-5.2.5-14.1mdv2008.1.i586.rpm
e1f22f19e8da5e900989b015ca678cd3
2008.1/i586/php-hash-5.2.5-14.1mdv2008.1.i586.rpm
d8c0143f37376b50f56647efebb43252
2008.1/i586/php-iconv-5.2.5-14.1mdv2008.1.i586.rpm
42c7dd288ed5e0cb5fca59bf0f28168f
2008.1/i586/php-imap-5.2.5-14.1mdv2008.1.i586.rpm
e826965982e300e1bdb3dd39fe41a72f
2008.1/i586/php-json-5.2.5-14.1mdv2008.1.i586.rpm
8f43b850ee69bab574525bf204296864
2008.1/i586/php-ldap-5.2.5-14.1mdv2008.1.i586.rpm
716cc4fbb174ed8f8df8d1ff2c5227f4
2008.1/i586/php-mbstring-5.2.5-14.1mdv2008.1.i586.rpm
c73e47e1c3b5b8bae761bc5705037afd
2008.1/i586/php-mcrypt-5.2.5-14.1mdv2008.1.i586.rpm
74e4c83ddae2b6104993b61092620bda
2008.1/i586/php-mhash-5.2.5-14.1mdv2008.1.i586.rpm
720c20e13ebd9507acefad959a0e02d7
2008.1/i586/php-mime_magic-5.2.5-14.1mdv2008.1.i586.rpm
30c12b2df3ddb506d7ecc430ab4866be
2008.1/i586/php-ming-5.2.5-14.1mdv2008.1.i586.rpm
32fbce35e02d7b65b0cc2cdbc6d08586
2008.1/i586/php-mssql-5.2.5-14.1mdv2008.1.i586.rpm
9cf62b9e2ddd9336e6f524a6d90780e7
2008.1/i586/php-mysql-5.2.5-14.1mdv2008.1.i586.rpm
e522238c50ebcbc6ca91f358be4e1c2e
2008.1/i586/php-mysqli-5.2.5-14.1mdv2008.1.i586.rpm
1dd4dad359a05f08196abf13221abf20
2008.1/i586/php-ncurses-5.2.5-14.1mdv2008.1.i586.rpm
7db383a489801c8353894e4b9f7e6512
2008.1/i586/php-odbc-5.2.5-14.1mdv2008.1.i586.rpm
5f63c09754e30903b4876f2c2a822f6a
2008.1/i586/php-openssl-5.2.5-14.1mdv2008.1.i586.rpm
4e96480d6769fac868af9566c091b3fc
2008.1/i586/php-pcntl-5.2.5-14.1mdv2008.1.i586.rpm
0718aa1bffe5e7c91b10f70c7eec68f3
2008.1/i586/php-pdo-5.2.5-14.1mdv2008.1.i586.rpm
7c0b4674ec56c2a6fe87c7b224e1ccab
2008.1/i586/php-pdo_dblib-5.2.5-14.1mdv2008.1.i586.rpm
7e3881d1059fb8c1b5986b1852f97696
2008.1/i586/php-pdo_mysql-5.2.5-14.1mdv2008.1.i586.rpm
0f3d7ede7adf2cae8d0a2735ada5fbc4
2008.1/i586/php-pdo_odbc-5.2.5-14.1mdv2008.1.i586.rpm
b9dbde00f72ae70b8328441ce041bcac
2008.1/i586/php-pdo_pgsql-5.2.5-14.1mdv2008.1.i586.rpm
bebde3a51ea7599d4cab973b0d21caed
2008.1/i586/php-pdo_sqlite-5.2.5-14.1mdv2008.1.i586.rpm
fd9f335c54865f610bb3d5d708fef9bb
2008.1/i586/php-pgsql-5.2.5-14.1mdv2008.1.i586.rpm
5466493db048f4bed3dc5e3d8b13aed2
2008.1/i586/php-posix-5.2.5-14.1mdv2008.1.i586.rpm
127092f9644567139b8205269215adbb
2008.1/i586/php-pspell-5.2.5-14.1mdv2008.1.i586.rpm
1d121691eaa30b2dc6a6704b39d03ce1
2008.1/i586/php-readline-5.2.5-14.1mdv2008.1.i586.rpm
f9980c14e99ed971263dbe0b4c92ce71
2008.1/i586/php-recode-5.2.5-14.1mdv2008.1.i586.rpm
c0307d2020f00104e0c4d4043f5e5437
2008.1/i586/php-session-5.2.5-14.1mdv2008.1.i586.rpm
eada076c0ee76e265288c4ebbb255635
2008.1/i586/php-shmop-5.2.5-14.1mdv2008.1.i586.rpm
83ccb133b2599af455f477320035c561
2008.1/i586/php-snmp-5.2.5-14.1mdv2008.1.i586.rpm
e7bb2545d59e14f092557451dfcc160a
2008.1/i586/php-soap-5.2.5-14.1mdv2008.1.i586.rpm
f2d2d080d7c96c1fc7c8f9b6c33e99b0
2008.1/i586/php-sockets-5.2.5-14.1mdv2008.1.i586.rpm
bbebe55b2bceb651c326259534a0468d
2008.1/i586/php-sqlite-5.2.5-14.1mdv2008.1.i586.rpm
3abc11b2e11b6357320e7f7e64369924
2008.1/i586/php-sysvmsg-5.2.5-14.1mdv2008.1.i586.rpm
5d7fda3b32ac01f36959b567921f7cf2
2008.1/i586/php-sysvsem-5.2.5-14.1mdv2008.1.i586.rpm
fa966a7d383c29cee238ce0537226c0c
2008.1/i586/php-sysvshm-5.2.5-14.1mdv2008.1.i586.rpm
60844677bf0322abd1c7beef732bf33b
2008.1/i586/php-tidy-5.2.5-14.1mdv2008.1.i586.rpm
8c3bce1a573136ab356d1640f1be9fa3
2008.1/i586/php-tokenizer-5.2.5-14.1mdv2008.1.i586.rpm
74576d184434f0bd36821b5f3963f533
2008.1/i586/php-wddx-5.2.5-14.1mdv2008.1.i586.rpm
058bfe6e2ba389dae88e3dbdc19fda00
2008.1/i586/php-xml-5.2.5-14.1mdv2008.1.i586.rpm
8ebd48b983d0a5e68bc6ef81b6698964
2008.1/i586/php-xmlreader-5.2.5-14.1mdv2008.1.i586.rpm
908064c9dc1ddd6337d5ff4d619fb6c4
2008.1/i586/php-xmlrpc-5.2.5-14.1mdv2008.1.i586.rpm
a01f3cf2339e062cec8652898791e800
2008.1/i586/php-xmlwriter-5.2.5-14.1mdv2008.1.i586.rpm
ca7d59d3a9eec66673b71bd56aea8dfe
2008.1/i586/php-xsl-5.2.5-14.1mdv2008.1.i586.rpm
6616f95893cd6fce078149160fe4399e
2008.1/i586/php-zlib-5.2.5-14.1mdv2008.1.i586.rpm
c682f37976c4704d2cfeaa7cd431178b 2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
37c9c71baaf2a3d871d2fb03adec4cf0
2008.1/x86_64/lib64php5_common5-5.2.5-14.1mdv2008.1.x86_64.rpm
7d231c361203d4b5d0408125cf1f8649
2008.1/x86_64/php-bcmath-5.2.5-14.1mdv2008.1.x86_64.rpm
47a0fe202badead8966c79f853f8dc89
2008.1/x86_64/php-bz2-5.2.5-14.1mdv2008.1.x86_64.rpm
e31174f0b54331b56db910c4fb2c79a5
2008.1/x86_64/php-calendar-5.2.5-14.1mdv2008.1.x86_64.rpm
3853e043253e63cad86fb2dd947091d8
2008.1/x86_64/php-cgi-5.2.5-14.1mdv2008.1.x86_64.rpm
1d290d98029652e2d5c2492859581162
2008.1/x86_64/php-cli-5.2.5-14.1mdv2008.1.x86_64.rpm
6506809c7d37f485d99f8fc21eeed0a8
2008.1/x86_64/php-ctype-5.2.5-14.1mdv2008.1.x86_64.rpm
7b091eebb11aaacf07d4939ff512c88b
2008.1/x86_64/php-curl-5.2.5-14.1mdv2008.1.x86_64.rpm
7bb1bcda1b3a2d54477d04f27bd1f333
2008.1/x86_64/php-dba-5.2.5-14.1mdv2008.1.x86_64.rpm
bc0b1006a1743e88e49256b964997e57
2008.1/x86_64/php-dbase-5.2.5-14.1mdv2008.1.x86_64.rpm
5912b191d3faff077ac26d7820dcc8c0
2008.1/x86_64/php-devel-5.2.5-14.1mdv2008.1.x86_64.rpm
31fece421e022bc04abe1357c1d4f7e2
2008.1/x86_64/php-dom-5.2.5-14.1mdv2008.1.x86_64.rpm
f8a4115d99dc3015861726179cfc866e
2008.1/x86_64/php-exif-5.2.5-14.1mdv2008.1.x86_64.rpm
fd6d2f5101133ef83fcece1d07b8af64
2008.1/x86_64/php-fcgi-5.2.5-14.1mdv2008.1.x86_64.rpm
3f74157d45ffa63d859882bbffcbe919
2008.1/x86_64/php-filter-5.2.5-14.1mdv2008.1.x86_64.rpm
2a732c2d7a96f3a1121dd12a7efd9daf
2008.1/x86_64/php-ftp-5.2.5-14.1mdv2008.1.x86_64.rpm
b93cf200e2ae6e01d492fdc94ea07482
2008.1/x86_64/php-gd-5.2.5-14.1mdv2008.1.x86_64.rpm
18cd2997f1f00662691a181dc43a8ec1
2008.1/x86_64/php-gettext-5.2.5-14.1mdv2008.1.x86_64.rpm
4dafaf30e6d723648f1bd7030dc1a8e6
2008.1/x86_64/php-gmp-5.2.5-14.1mdv2008.1.x86_64.rpm
edd1290a6aaa8a017c1831ad11130e27
2008.1/x86_64/php-hash-5.2.5-14.1mdv2008.1.x86_64.rpm
853ea355568c412d690ac7ddde72546d
2008.1/x86_64/php-iconv-5.2.5-14.1mdv2008.1.x86_64.rpm
ad0cf57cfc042eb64d112ad59a40c421
2008.1/x86_64/php-imap-5.2.5-14.1mdv2008.1.x86_64.rpm
f4a0b0017d988de9929d89b086b349ef
2008.1/x86_64/php-json-5.2.5-14.1mdv2008.1.x86_64.rpm
b27cd3253b5c00ebd67745ad13243c84
2008.1/x86_64/php-ldap-5.2.5-14.1mdv2008.1.x86_64.rpm
676b808a0b587a4257f88d11036e3aa0
2008.1/x86_64/php-mbstring-5.2.5-14.1mdv2008.1.x86_64.rpm
fe20ac6413273ac7fa4485256e60995a
2008.1/x86_64/php-mcrypt-5.2.5-14.1mdv2008.1.x86_64.rpm
dcf40cacec48726612f8411ba34ed8f4
2008.1/x86_64/php-mhash-5.2.5-14.1mdv2008.1.x86_64.rpm
b3fb128a1a3a1561bc862c2796b95298
2008.1/x86_64/php-mime_magic-5.2.5-14.1mdv2008.1.x86_64.rpm
7f1e71f77fe2106f0242e783d5257b52
2008.1/x86_64/php-ming-5.2.5-14.1mdv2008.1.x86_64.rpm
e56f6b325bddbfb3c4a8fcbbbf3d95e1
2008.1/x86_64/php-mssql-5.2.5-14.1mdv2008.1.x86_64.rpm
499affb25800bab89d30e72be7b887d4
2008.1/x86_64/php-mysql-5.2.5-14.1mdv2008.1.x86_64.rpm
a7b61b06508a6d220380a3de3a3ee545
2008.1/x86_64/php-mysqli-5.2.5-14.1mdv2008.1.x86_64.rpm
555ac0b707dc050b2557559474e45e92
2008.1/x86_64/php-ncurses-5.2.5-14.1mdv2008.1.x86_64.rpm
dfd63fe4e7e853d1ca298d3d0f273847
2008.1/x86_64/php-odbc-5.2.5-14.1mdv2008.1.x86_64.rpm
4682fe6bb3a0b060e88af72754def31b
2008.1/x86_64/php-openssl-5.2.5-14.1mdv2008.1.x86_64.rpm
87559329a3c48b52ead4d0565c8b245c
2008.1/x86_64/php-pcntl-5.2.5-14.1mdv2008.1.x86_64.rpm
9d5c6b3e1c7cf51ecdc18f591d2db51d
2008.1/x86_64/php-pdo-5.2.5-14.1mdv2008.1.x86_64.rpm
d65c65b59daf765bb59102b6c7efaa8f
2008.1/x86_64/php-pdo_dblib-5.2.5-14.1mdv2008.1.x86_64.rpm
710d8e5738610884f6a05d92216f4f92
2008.1/x86_64/php-pdo_mysql-5.2.5-14.1mdv2008.1.x86_64.rpm
1041b835da177f8a23c57fc27b1b950d
2008.1/x86_64/php-pdo_odbc-5.2.5-14.1mdv2008.1.x86_64.rpm
233b492c194e5c2ea8a57e97c5957280
2008.1/x86_64/php-pdo_pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm
1dc281eff1f624d93202a664ff415a24
2008.1/x86_64/php-pdo_sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm
496c4cd0662b01c72ef1d88125a32c28
2008.1/x86_64/php-pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm
547460ae2e62432fb8469ad6d57927f3
2008.1/x86_64/php-posix-5.2.5-14.1mdv2008.1.x86_64.rpm
0e4270d3c85e1b08cf28989d5ccc99d7
2008.1/x86_64/php-pspell-5.2.5-14.1mdv2008.1.x86_64.rpm
0f3d47e68701ffcb9a0161efcc9e8423
2008.1/x86_64/php-readline-5.2.5-14.1mdv2008.1.x86_64.rpm
c8b466772de1a950054aaad758f1512d
2008.1/x86_64/php-recode-5.2.5-14.1mdv2008.1.x86_64.rpm
5de0ce9556bbba884cb77b472a4fce45
2008.1/x86_64/php-session-5.2.5-14.1mdv2008.1.x86_64.rpm
98bcdd66540cf1f4c900b99ae75f2d4c
2008.1/x86_64/php-shmop-5.2.5-14.1mdv2008.1.x86_64.rpm
d281db526e9ae8f8032bf5982a54ba28
2008.1/x86_64/php-snmp-5.2.5-14.1mdv2008.1.x86_64.rpm
def9b2719027320b6e03789f05d673f0
2008.1/x86_64/php-soap-5.2.5-14.1mdv2008.1.x86_64.rpm
7590250ef2892572cbe6713554e8f4b8
2008.1/x86_64/php-sockets-5.2.5-14.1mdv2008.1.x86_64.rpm
490f258c279227ef5fea6ab8abc19197
2008.1/x86_64/php-sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm
2111518b9739bb23069cf98914b9065d
2008.1/x86_64/php-sysvmsg-5.2.5-14.1mdv2008.1.x86_64.rpm
0bda452b910ab8c98ba9fd35cc8f2ac5
2008.1/x86_64/php-sysvsem-5.2.5-14.1mdv2008.1.x86_64.rpm
8d75772a16f8582c55a4cf44ad28d50c
2008.1/x86_64/php-sysvshm-5.2.5-14.1mdv2008.1.x86_64.rpm
f6237eba6d016b4c37da619be5411817
2008.1/x86_64/php-tidy-5.2.5-14.1mdv2008.1.x86_64.rpm
2f4ed9b3fe6521c8ba7b18339c651666
2008.1/x86_64/php-tokenizer-5.2.5-14.1mdv2008.1.x86_64.rpm
da555a1459c356f1d0ac3d02f33d977a
2008.1/x86_64/php-wddx-5.2.5-14.1mdv2008.1.x86_64.rpm
c9705d61d3c0ce345a5e7454c76eab6c
2008.1/x86_64/php-xml-5.2.5-14.1mdv2008.1.x86_64.rpm
5e7ab83900d27a1e250e124640ce5821
2008.1/x86_64/php-xmlreader-5.2.5-14.1mdv2008.1.x86_64.rpm
3582889fd9e5830a7d6bf703510382f4
2008.1/x86_64/php-xmlrpc-5.2.5-14.1mdv2008.1.x86_64.rpm
85b704914f5ebb3f25c010e82297dc32
2008.1/x86_64/php-xmlwriter-5.2.5-14.1mdv2008.1.x86_64.rpm
fbfd8f6863d70fee3781d07a72e33152
2008.1/x86_64/php-xsl-5.2.5-14.1mdv2008.1.x86_64.rpm
bc8f8000a2d6a9815a153ddeda04dd1d
2008.1/x86_64/php-zlib-5.2.5-14.1mdv2008.1.x86_64.rpm
c682f37976c4704d2cfeaa7cd431178b 2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIbT7gmqjQ0CJFipgRAqVOAKC/PGY3i2IKO592B0Ukfck2HnZPogCfUijv
tvsSl4XAuy3Fg1iJ05MfgMs=
=M3vw
-----END PGP SIGNATURE-----