[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ MDVSA-2009:023 ] php



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:023
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : php
 Date    : January 21, 2009
 Affected: Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability in PHP allowed context-dependent attackers to cause
 a denial of service (crash) via a certain long string in the glob()
 or fnmatch() functions (CVE-2007-4782).
 
 A vulnerability in the cURL library in PHP allowed context-dependent
 attackers to bypass safe_mode and open_basedir restrictions and read
 arbitrary files using a special URL request (CVE-2007-4850).
 
 An integer overflow in PHP allowed context-dependent attackers to
 cause a denial of serivce via a special printf() format parameter
 (CVE-2008-1384).
 
 A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown
 impact and attack vectors (CVE-2008-2050).
 
 Tavis Ormandy of the Google Security Team discovered a heap-based
 buffer overflow when compiling certain regular expression patterns.
 This could be used by a malicious attacker by sending a specially
 crafted regular expression to an application using the PCRE library,
 resulting in the possible execution of arbitrary code or a denial of
 service (CVE-2008-2371).  PHP in Corporate Server 4.0 is affected by
 this issue.
 
 A buffer overflow in the imageloadfont() function in PHP allowed
 context-dependent attackers to cause a denial of service (crash)
 and potentially execute arbitrary code via a crafted font file
 (CVE-2008-3658).
 
 A buffer overflow in the memnstr() function allowed context-dependent
 attackers to cause a denial of service (crash) and potentially execute
 arbitrary code via the delimiter argument to the explode() function
 (CVE-2008-3659).
 
 PHP, when used as a FastCGI module, allowed remote attackers to cause
 a denial of service (crash) via a request with multiple dots preceding
 the extension (CVE-2008-3660).
 
 An array index error in the imageRotate() function in PHP allowed
 context-dependent attackers to read the contents of arbitrary memory
 locations via a crafted value of the third argument to the function
 for an indexed image (CVE-2008-5498).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
 _______________________________________________________________________

 Updated Packages:

 Corporate 4.0:
 d55d5489013a1f9e95262571a5ef2979  
corporate/4.0/i586/libphp5_common5-5.1.6-1.10.20060mlcs4.i586.rpm
 8701a5ab0e71009171216ccda307e547  
corporate/4.0/i586/php-cgi-5.1.6-1.10.20060mlcs4.i586.rpm
 d3e8b97d03ccd01127a1aeb9e17d3d7e  
corporate/4.0/i586/php-cli-5.1.6-1.10.20060mlcs4.i586.rpm
 6e0aa2965637f3dbc25cff1d5064bb8c  
corporate/4.0/i586/php-curl-5.1.6-1.1.20060mlcs4.i586.rpm
 0458b8aa8daa0e39cd329761eae9d654  
corporate/4.0/i586/php-devel-5.1.6-1.10.20060mlcs4.i586.rpm
 89487acc8fa77864d25e5aebc40bc9b4  
corporate/4.0/i586/php-fcgi-5.1.6-1.10.20060mlcs4.i586.rpm
 bf404efb4e9567f431256d36833fc8d6  
corporate/4.0/i586/php-pcre-5.1.6-1.1.20060mlcs4.i586.rpm 
 c62fb74e0d8744077e4c8ff6f50df98b  
corporate/4.0/SRPMS/php-5.1.6-1.10.20060mlcs4.src.rpm
 e46cf717872ddfbf6a13f6d45d225533  
corporate/4.0/SRPMS/php-curl-5.1.6-1.1.20060mlcs4.src.rpm
 b188d26d6a781b5066d515ed5ae36ace  
corporate/4.0/SRPMS/php-pcre-5.1.6-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 70d99222e5692b2fd88fcb05f8f5e620  
corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.10.20060mlcs4.x86_64.rpm
 62448b1b344cdc098b6620e0e773ef17  
corporate/4.0/x86_64/php-cgi-5.1.6-1.10.20060mlcs4.x86_64.rpm
 dc0df43cfe80f4b5017924152d43a91f  
corporate/4.0/x86_64/php-cli-5.1.6-1.10.20060mlcs4.x86_64.rpm
 9ac37cd014c4012a964e65cbe9d1b01a  
corporate/4.0/x86_64/php-curl-5.1.6-1.1.20060mlcs4.x86_64.rpm
 6ac51f6b50172ee6d5eb36ce8b8cba77  
corporate/4.0/x86_64/php-devel-5.1.6-1.10.20060mlcs4.x86_64.rpm
 ab26bfe0c8370bd2bf37205cbc1df63b  
corporate/4.0/x86_64/php-fcgi-5.1.6-1.10.20060mlcs4.x86_64.rpm
 e570ffbbd17e30630e7f14a67b57cffd  
corporate/4.0/x86_64/php-pcre-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 c62fb74e0d8744077e4c8ff6f50df98b  
corporate/4.0/SRPMS/php-5.1.6-1.10.20060mlcs4.src.rpm
 e46cf717872ddfbf6a13f6d45d225533  
corporate/4.0/SRPMS/php-curl-5.1.6-1.1.20060mlcs4.src.rpm
 b188d26d6a781b5066d515ed5ae36ace  
corporate/4.0/SRPMS/php-pcre-5.1.6-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJd4y5mqjQ0CJFipgRAlpVAJ4oOl0atBrwZTu5WA3RvdNxzIDroACgi+UH
4tzIz9f+JcmDA5Q469nYg5M=
=804z
-----END PGP SIGNATURE-----