rPSA-2007-0188-1 php5 php5-cgi php5-mysql php5-pear php5-pgsql php5-soap php5-xsl



rPath Security Advisory: 2007-0188-1
Published: 2007-09-17
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php5=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-cgi=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-mysql=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-pear=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-pgsql=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-soap=/conary.rpath.com@rpl:1/5.2.4-2-1
php5-xsl=/conary.rpath.com@rpl:1/5.2.4-2-1

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4661
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4662
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4663
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
https://issues.rpath.com/browse/RPL-1702

Description:
Previous versions of the php5 package contain multiple
vulnerabilities, the most serious of which may allow a
remote attacker to execute arbitrary code or commands.
Other attack vulnerabilities include Denial of Service,
Information Exposure, and Privilege Escalation.

In its default configuration, rPath Linux 1 does not
install php5 and is thus not vulnerable to these attacks;
however, systems to which php5 has been added may be
vulnerable to one or more of these attacks.

Note that one additional vulnerability fixed in php5
5.2.4, CVE-2007-3996, was already fixed in a previous
update to rPath Linux.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html



Relevant Pages

  • [Full-disclosure] rPSA-2007-0182-1 httpd mod_ssl
    ... Remote System User Deterministic Denial of Service ... Denial of Service attacks, one of which allows a remote attacker ... rPath Linux 1 is not vulnerable to ... Note that two additional vulnerabilities fixed in httpd 2.0.61, ...
    (Full-Disclosure)
  • [Full-disclosure] rPSA-2007-0188-1 php5 php5-cgi php5-mysql php5-pear ph
    ... Previous versions of the php5 package contain multiple ... Other attack vulnerabilities include Denial of Service, ... rPath Linux 1 does not ... vulnerable to one or more of these attacks. ...
    (Full-Disclosure)
  • rPSA-2007-0182-1 httpd mod_ssl
    ... Remote System User Deterministic Denial of Service ... Denial of Service attacks, one of which allows a remote attacker ... rPath Linux 1 is not vulnerable to ... Note that two additional vulnerabilities fixed in httpd 2.0.61, ...
    (Bugtraq)
  • [Full-disclosure] rPSA-2007-0071-1 kernel
    ... Previous versions of the kernel package have several vulnerabilities ... system crash in the appletalk protocol module, ... but the tools to configure appletalk are not included in rPath Linux, ... The other vulnerabilities involve local users; ...
    (Full-Disclosure)
  • rPSA-2006-0150-1 krb5 krb5-server krb5-services krb5-test krb5-workstati
    ... Local Root Deterministic Privilege Escalation ... Previous versions of the krb5 packages are vulnerable to local ... vulnerabilities are not exposed in the default configuration on ... rPath Linux, but some rPath Linux users may have configured krb5 ...
    (Bugtraq)