From: Mandriva Security Team <security@mandriva.com.>
To: [email protected]Subject: MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities
Message-Id: <E1EcavM-000339-Ew@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
Date: Wed, 16 Nov 2005 20:59:00 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:213
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : November 16, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in PHP:
An issue with fopen_wrappers.c would not properly restrict access to
other directories when the open_basedir directive included a trailing
slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1.
An issue with the apache2handler SAPI in mod_php could allow an
attacker to cause a Denial of Service via the session.save_path option
in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue
does not affect Corporate Server 2.1.
A Denial of Service vulnerability was discovered in the way that PHP
processes EXIF image data which could allow an attacker to cause PHP
to crash by supplying carefully crafted EXIF image data
(CVE-2005-3353).
A cross-site scripting vulnerability was discovered in the phpinfo()
function which could allow for the injection of javascript or HTML
content onto a page displaying phpinfo() output, or to steal data such
as cookies (CVE-2005-3388).
A flaw in the parse_str() function could allow for the enabling of
register_globals, even if it was disabled in the PHP configuration
file (CVE-2005-3389).
A vulnerability in the way that PHP registers global variables during
a file upload request could allow a remote attacker to overwrite the
$GLOBALS array which could potentially lead the execution of arbitrary
PHP commands. This vulnerability only affects systems with
register_globals enabled (CVE-2005-3390).
The updated packages have been patched to address this issue. Once the
new packages have been installed, you will need to restart your Apache
server using "service httpd restart" in order for the new packages to
take effect ("service httpd2-naat restart" for MNF2).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390http://www.hardened-php.net/advisory_202005.79.htmlhttp://www.hardened-php.net/advisory_192005.78.htmlhttp://www.hardened-php.net/advisory_182005.77.html
_______________________________________________________________________
Updated Packages:
Mandriva Linux 10.1:
3966e335bc3a2ae6dffbbc8e83575865 10.1/RPMS/libphp_common432-4.3.8-3.6.101mdk.i586.rpm
199fa9e0baf46bda77e660555626ed4e 10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.i586.rpm
05ef30fa2004ffd60f4519fd41a444e3 10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.i586.rpm
fe48fbbb47b3bcdab5054ffdd2067b6a 10.1/RPMS/php-cli-4.3.8-3.6.101mdk.i586.rpm
90b47f8c1515b5043d513db11d6607ca 10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
9fe206e55dca158523dab0a85f1a5dec x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.6.101mdk.x86_64.rpm
d36a3e7f90980388196aa58b6dbb94af x86_64/10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.x86_64.rpm
416b3bacf2b57f1a9cae5ca172e39135 x86_64/10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.x86_64.rpm
0c27298aadb7d0a847a93316ce4d9d57 x86_64/10.1/RPMS/php-cli-4.3.8-3.6.101mdk.x86_64.rpm
90b47f8c1515b5043d513db11d6607ca x86_64/10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm
Mandriva Linux 10.2:
e972e5e5cadb586a390a39bffa1cb56e 10.2/RPMS/libphp_common432-4.3.10-7.4.102mdk.i586.rpm
c26646613d41a7f3e82b5d2d11c21b7c 10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.i586.rpm
098e0a1e4b8b597bf95461fc085c037a 10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.i586.rpm
99f0eaa02942f7b6753309ca56979100 10.2/RPMS/php-cli-4.3.10-7.4.102mdk.i586.rpm
7df363e2e2309ec26b40c3490a0d75ae 10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
d9d33311690b0c5f69e3834a5ba6bc10 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.4.102mdk.x86_64.rpm
f5d2b45ace0ab4208ba911159a47e429 x86_64/10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.x86_64.rpm
0c7e0acb3bd80a9a7220ecf919b3d795 x86_64/10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.x86_64.rpm
7df6f5a5b19c07e9fa3d6851f210f847 x86_64/10.2/RPMS/php-cli-4.3.10-7.4.102mdk.x86_64.rpm
7df363e2e2309ec26b40c3490a0d75ae x86_64/10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm
Mandriva Linux 2006.0:
826c36fdb07b7c341a39507b679e31a9 2006.0/RPMS/libphp5_common5-5.0.4-9.1.20060mdk.i586.rpm
2be5d91979fa3c8f77744a86fee8a423 2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.i586.rpm
950c43ac1569610fa31b15803fc50d40 2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm
1a19b2cc5607bf65c3fe7a339f97ce72 2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm
e8d70f64d363821fe29e7cf39e93cd71 2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm
fe70481a5316019e303e45e5f0e59adb 2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm
9c6a477d87cebf040cee39b75423c040 2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
f2b058c92a3c2107f97a4b07d34dc1c8 2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
044e1542f327cf7552fa4d4124843f1f x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm
60f4edc9196ea58d9614c3f2ed66a9f6 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm
9f6c1eb1a1da44518993957d13eb10bf x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm
3c5d616931098f198eeb0f41011144aa x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm
d16ba71605fc37881443605025534440 x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm
0f10f24c8b43317904a79ac66f0405de x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm
9c6a477d87cebf040cee39b75423c040 x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
f2b058c92a3c2107f97a4b07d34dc1c8 x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm
Corporate Server 2.1:
18b1c4dab517ae624ee96b7558112d84 corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm
25e79b0cbb0b1ed8c0915db93efe7863 corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm
c818089e5fe42953da5ca48855c52a39 corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm
aaafac3f547795f1e4ab50094fb05bb8 corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm
590fd7d0a4340ac62e443a1c1543fe60 corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
d3ad20980ced61773e64fc0cd347dbc0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm
74dc4c2cd5a48ebc77d081ae64fe38cd x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm
5acad2f71a4e4728a986f08a7966846a x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm
39856102ebde84daad4d917cfa94b067 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm
590fd7d0a4340ac62e443a1c1543fe60 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm
Corporate 3.0:
c2b5c67cd95e5ea7725a98c516b9742f corporate/3.0/RPMS/libphp_common432-4.3.4-4.8.C30mdk.i586.rpm
a8eef95a35ce6916836ee78d1d473939 corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.i586.rpm
6c00ce7c4952e9cfcbc654a594d94b18 corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.i586.rpm
fad4d2d37aeae89eb52ab10a35b8b3b4 corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.i586.rpm
97ed320ad4011d18f69f8f957295a7d7 corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm
Corporate 3.0/X86_64:
db82bf6b28383e687974a6e3ea8ef632 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.8.C30mdk.x86_64.rpm
740b5d6160992055e5e84dc03480cf45 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.x86_64.rpm
6e2fd52cca98a8b208acaec013cb7630 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.x86_64.rpm
679c794a8904940946d8cb52e529413a x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.x86_64.rpm
97ed320ad4011d18f69f8f957295a7d7 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm
Multi Network Firewall 2.0:
82bae104a4800c62bf0a007d5af84941 mnf/2.0/RPMS/libphp_common432-4.3.4-4.8.M20mdk.i586.rpm
b64e2f00d014aa894d94271351b1cef0 mnf/2.0/RPMS/php432-devel-4.3.4-4.8.M20mdk.i586.rpm
c306907caa4c66c77653a2f264fdcdbe mnf/2.0/RPMS/php-cgi-4.3.4-4.8.M20mdk.i586.rpm
46b577275216cfc259a6caba5d4b82f3 mnf/2.0/RPMS/php-cli-4.3.4-4.8.M20mdk.i586.rpm
c528b16fd83ddd8732609863ffe0a16a mnf/2.0/SRPMS/php-4.3.4-4.8.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDe9IImqjQ0CJFipgRAm1aAJ4lHTfZ0FX+0LkLxE2UZ+3U90NQlgCfW8XP
GDuewXy9EIzNQOsJzWNByRY=
=UcRs
-----END PGP SIGNATURE-----