MDKSA-2005:213 - Updated php packages fix multiple vulnerabilities

From: Mandriva Security Team (security_at_mandriva.com)
Date: 11/17/05

  • Next message: alireza hassani: "[KAPDA::#13] - XMB HTML Injection & Path Disclosure."
    To: bugtraq@securityfocus.com
    Date: Wed, 16 Nov 2005 20:59:00 -0700
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

     _______________________________________________________________________
     
     Mandriva Linux Security Advisory MDKSA-2005:213
     http://www.mandriva.com/security/
     _______________________________________________________________________
     
     Package : php
     Date : November 16, 2005
     Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
               Multi Network Firewall 2.0
     _______________________________________________________________________
     
     Problem Description:
     
     A number of vulnerabilities were discovered in PHP:
     
     An issue with fopen_wrappers.c would not properly restrict access to
     other directories when the open_basedir directive included a trailing
     slash (CVE-2005-3054); this issue does not affect Corporate Server 2.1.
     
     An issue with the apache2handler SAPI in mod_php could allow an
     attacker to cause a Denial of Service via the session.save_path option
     in an .htaccess file or VirtualHost stanza (CVE-2005-3319); this issue
     does not affect Corporate Server 2.1.
     
     A Denial of Service vulnerability was discovered in the way that PHP
     processes EXIF image data which could allow an attacker to cause PHP
     to crash by supplying carefully crafted EXIF image data
     (CVE-2005-3353).
     
     A cross-site scripting vulnerability was discovered in the phpinfo()
     function which could allow for the injection of javascript or HTML
     content onto a page displaying phpinfo() output, or to steal data such
     as cookies (CVE-2005-3388).
     
     A flaw in the parse_str() function could allow for the enabling of
     register_globals, even if it was disabled in the PHP configuration
     file (CVE-2005-3389).
     
     A vulnerability in the way that PHP registers global variables during
     a file upload request could allow a remote attacker to overwrite the
     $GLOBALS array which could potentially lead the execution of arbitrary
     PHP commands. This vulnerability only affects systems with
     register_globals enabled (CVE-2005-3390).
     
     The updated packages have been patched to address this issue. Once the
     new packages have been installed, you will need to restart your Apache
     server using "service httpd restart" in order for the new packages to
     take effect ("service httpd2-naat restart" for MNF2).
     _______________________________________________________________________

     References:
     
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3054
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3319
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
     http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
     http://www.hardened-php.net/advisory_202005.79.html
     http://www.hardened-php.net/advisory_192005.78.html
     http://www.hardened-php.net/advisory_182005.77.html
     _______________________________________________________________________
     
     Updated Packages:
     
     Mandriva Linux 10.1:
     3966e335bc3a2ae6dffbbc8e83575865 10.1/RPMS/libphp_common432-4.3.8-3.6.101mdk.i586.rpm
     199fa9e0baf46bda77e660555626ed4e 10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.i586.rpm
     05ef30fa2004ffd60f4519fd41a444e3 10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.i586.rpm
     fe48fbbb47b3bcdab5054ffdd2067b6a 10.1/RPMS/php-cli-4.3.8-3.6.101mdk.i586.rpm
     90b47f8c1515b5043d513db11d6607ca 10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm

     Mandriva Linux 10.1/X86_64:
     9fe206e55dca158523dab0a85f1a5dec x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.6.101mdk.x86_64.rpm
     d36a3e7f90980388196aa58b6dbb94af x86_64/10.1/RPMS/php432-devel-4.3.8-3.6.101mdk.x86_64.rpm
     416b3bacf2b57f1a9cae5ca172e39135 x86_64/10.1/RPMS/php-cgi-4.3.8-3.6.101mdk.x86_64.rpm
     0c27298aadb7d0a847a93316ce4d9d57 x86_64/10.1/RPMS/php-cli-4.3.8-3.6.101mdk.x86_64.rpm
     90b47f8c1515b5043d513db11d6607ca x86_64/10.1/SRPMS/php-4.3.8-3.6.101mdk.src.rpm

     Mandriva Linux 10.2:
     e972e5e5cadb586a390a39bffa1cb56e 10.2/RPMS/libphp_common432-4.3.10-7.4.102mdk.i586.rpm
     c26646613d41a7f3e82b5d2d11c21b7c 10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.i586.rpm
     098e0a1e4b8b597bf95461fc085c037a 10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.i586.rpm
     99f0eaa02942f7b6753309ca56979100 10.2/RPMS/php-cli-4.3.10-7.4.102mdk.i586.rpm
     7df363e2e2309ec26b40c3490a0d75ae 10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm

     Mandriva Linux 10.2/X86_64:
     d9d33311690b0c5f69e3834a5ba6bc10 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.4.102mdk.x86_64.rpm
     f5d2b45ace0ab4208ba911159a47e429 x86_64/10.2/RPMS/php432-devel-4.3.10-7.4.102mdk.x86_64.rpm
     0c7e0acb3bd80a9a7220ecf919b3d795 x86_64/10.2/RPMS/php-cgi-4.3.10-7.4.102mdk.x86_64.rpm
     7df6f5a5b19c07e9fa3d6851f210f847 x86_64/10.2/RPMS/php-cli-4.3.10-7.4.102mdk.x86_64.rpm
     7df363e2e2309ec26b40c3490a0d75ae x86_64/10.2/SRPMS/php-4.3.10-7.4.102mdk.src.rpm

     Mandriva Linux 2006.0:
     826c36fdb07b7c341a39507b679e31a9 2006.0/RPMS/libphp5_common5-5.0.4-9.1.20060mdk.i586.rpm
     2be5d91979fa3c8f77744a86fee8a423 2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.i586.rpm
     950c43ac1569610fa31b15803fc50d40 2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.i586.rpm
     1a19b2cc5607bf65c3fe7a339f97ce72 2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.i586.rpm
     e8d70f64d363821fe29e7cf39e93cd71 2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.i586.rpm
     fe70481a5316019e303e45e5f0e59adb 2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.i586.rpm
     9c6a477d87cebf040cee39b75423c040 2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
     f2b058c92a3c2107f97a4b07d34dc1c8 2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm

     Mandriva Linux 2006.0/X86_64:
     044e1542f327cf7552fa4d4124843f1f x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.1.20060mdk.x86_64.rpm
     60f4edc9196ea58d9614c3f2ed66a9f6 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.1.20060mdk.x86_64.rpm
     9f6c1eb1a1da44518993957d13eb10bf x86_64/2006.0/RPMS/php-cli-5.0.4-9.1.20060mdk.x86_64.rpm
     3c5d616931098f198eeb0f41011144aa x86_64/2006.0/RPMS/php-devel-5.0.4-9.1.20060mdk.x86_64.rpm
     d16ba71605fc37881443605025534440 x86_64/2006.0/RPMS/php-exif-5.0.4-1.1.20060mdk.x86_64.rpm
     0f10f24c8b43317904a79ac66f0405de x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.1.20060mdk.x86_64.rpm
     9c6a477d87cebf040cee39b75423c040 x86_64/2006.0/SRPMS/php-5.0.4-9.1.20060mdk.src.rpm
     f2b058c92a3c2107f97a4b07d34dc1c8 x86_64/2006.0/SRPMS/php-exif-5.0.4-1.1.20060mdk.src.rpm

     Corporate Server 2.1:
     18b1c4dab517ae624ee96b7558112d84 corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.i586.rpm
     25e79b0cbb0b1ed8c0915db93efe7863 corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.i586.rpm
     c818089e5fe42953da5ca48855c52a39 corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.i586.rpm
     aaafac3f547795f1e4ab50094fb05bb8 corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.i586.rpm
     590fd7d0a4340ac62e443a1c1543fe60 corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm

     Corporate Server 2.1/X86_64:
     d3ad20980ced61773e64fc0cd347dbc0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.6.C21mdk.x86_64.rpm
     74dc4c2cd5a48ebc77d081ae64fe38cd x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.6.C21mdk.x86_64.rpm
     5acad2f71a4e4728a986f08a7966846a x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.6.C21mdk.x86_64.rpm
     39856102ebde84daad4d917cfa94b067 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.6.C21mdk.x86_64.rpm
     590fd7d0a4340ac62e443a1c1543fe60 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.6.C21mdk.src.rpm

     Corporate 3.0:
     c2b5c67cd95e5ea7725a98c516b9742f corporate/3.0/RPMS/libphp_common432-4.3.4-4.8.C30mdk.i586.rpm
     a8eef95a35ce6916836ee78d1d473939 corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.i586.rpm
     6c00ce7c4952e9cfcbc654a594d94b18 corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.i586.rpm
     fad4d2d37aeae89eb52ab10a35b8b3b4 corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.i586.rpm
     97ed320ad4011d18f69f8f957295a7d7 corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm

     Corporate 3.0/X86_64:
     db82bf6b28383e687974a6e3ea8ef632 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.8.C30mdk.x86_64.rpm
     740b5d6160992055e5e84dc03480cf45 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.8.C30mdk.x86_64.rpm
     6e2fd52cca98a8b208acaec013cb7630 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.8.C30mdk.x86_64.rpm
     679c794a8904940946d8cb52e529413a x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.8.C30mdk.x86_64.rpm
     97ed320ad4011d18f69f8f957295a7d7 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.8.C30mdk.src.rpm

     Multi Network Firewall 2.0:
     82bae104a4800c62bf0a007d5af84941 mnf/2.0/RPMS/libphp_common432-4.3.4-4.8.M20mdk.i586.rpm
     b64e2f00d014aa894d94271351b1cef0 mnf/2.0/RPMS/php432-devel-4.3.4-4.8.M20mdk.i586.rpm
     c306907caa4c66c77653a2f264fdcdbe mnf/2.0/RPMS/php-cgi-4.3.4-4.8.M20mdk.i586.rpm
     46b577275216cfc259a6caba5d4b82f3 mnf/2.0/RPMS/php-cli-4.3.4-4.8.M20mdk.i586.rpm
     c528b16fd83ddd8732609863ffe0a16a mnf/2.0/SRPMS/php-4.3.4-4.8.M20mdk.src.rpm
     _______________________________________________________________________

     To upgrade automatically use MandrivaUpdate or urpmi. The verification
     of md5 checksums and GPG signatures is performed automatically for you.

     All packages are signed by Mandriva for security. You can obtain the
     GPG public key of the Mandriva Security Team by executing:

      gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

     You can view other update advisories for Mandriva Linux at:

      http://www.mandriva.com/security/advisories

     If you want to report vulnerabilities, please contact

      security_(at)_mandriva.com
     _______________________________________________________________________

     Type Bits/KeyID Date User ID
     pub 1024D/22458A98 2000-07-10 Mandriva Security Team
      <security*mandriva.com>
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFDe9IImqjQ0CJFipgRAm1aAJ4lHTfZ0FX+0LkLxE2UZ+3U90NQlgCfW8XP
    GDuewXy9EIzNQOsJzWNByRY=
    =UcRs
    -----END PGP SIGNATURE-----


  • Next message: alireza hassani: "[KAPDA::#13] - XMB HTML Injection & Path Disclosure."

    Relevant Pages