[CLA-2005:915] Conectiva Security Announcement - php4

From: Conectiva Updates (secure_at_conectiva.com.br)
Date: 01/13/05

  • Next message: Martin Schulze: "[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution"
    Date: Thu, 13 Jan 2005 11:41:22 -0200
    To: conectiva-updates@papaleguas.conectiva.com.br, lwn@lwn.net, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com, linsec@lists.seifried.org
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - --------------------------------------------------------------------------
    CONECTIVA LINUX SECURITY ANNOUNCEMENT
    - --------------------------------------------------------------------------

    PACKAGE : php4
    SUMMARY : Fixes for multiple php4 vulnerabilities
    DATE : 2005-01-13 11:40:00
    ID : CLA-2005:915
    RELEVANT
    RELEASES : 9, 10

    - -------------------------------------------------------------------------

    DESCRIPTION
     PHP[1] is a very popular scripting language used by web servers to
     offer dynamic content.
     
     This announcement fixes seven vulnerabilities[2] found by Stefan
     Esser and four other vulnerabilities. For further information, please
     refer to php4's changelog[3].

    SOLUTION
     It is recommended that all PHP4 users upgrade their packages.
     
     IMPORTANT:
     If PHP4 is being used as an Apache module, the web server has to be
     restarted after the upgrade if it was already running. To do so,
     please run, as root:
     
     # service httpd stop
     
     (wait a few seconds and check with "ps ax|grep httpd" if there are
     any httpd processes running. On a busy webserver this could take a
     little longer.)
     
     # service httpd start
     
     
     REFERENCES
     1.http://www.php.net/
     2.http://www.hardened-php.net/advisories/012004.txt
     3.http://www.php.net/release_4_3_10.php

    UPDATED PACKAGES
    ftp://atualizacoes.conectiva.com.br/10/SRPMS/php4-4.3.10-72720U10_5cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-dba-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-devel-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-es-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-pt_BR-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-imap-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-ldap-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mcrypt-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mhash-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mnogosearch-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mssql-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mysql-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-odbc-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-pgsql-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-snmp-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-sybase-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-sybase-ct-4.3.10-72720U10_5cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/SRPMS/php4-4.3.10-26997U90_4cl.src.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-devel-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-es-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-pt_BR-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-imap-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-ldap-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mcrypt-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mysql-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-odbc-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-pgsql-4.3.10-26997U90_4cl.i386.rpm
    ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-snmp-4.3.10-26997U90_4cl.i386.rpm

    ADDITIONAL INSTRUCTIONS
     The apt tool can be used to perform RPM packages upgrades:

     - run: apt-get update
     - after that, execute: apt-get upgrade

     Detailed instructions regarding the use of apt and upgrade examples
     can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

    - -------------------------------------------------------------------------
    All packages are signed with Conectiva's GPG key. The key and instructions
    on how to import it can be found at
    http://distro.conectiva.com.br/seguranca/chave/?idioma=en
    Instructions on how to check the signatures of the RPM packages can be
    found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

    - -------------------------------------------------------------------------
    All our advisories and generic update instructions can be viewed at
    http://distro.conectiva.com.br/atualizacoes/?idioma=en

    - -------------------------------------------------------------------------
    Copyright (c) 2004 Conectiva Inc.
    http://www.conectiva.com

    - -------------------------------------------------------------------------
    subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
    unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQFB5nqB42jd0JmAcZARAo9lAKC2Uq1I72LJYv5p3uQ0bi9Ng17xXACg0hFG
    t/1oYcJTYvRM3xMLokvAIPg=
    =I5j8
    -----END PGP SIGNATURE-----


  • Next message: Martin Schulze: "[SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution"