Home / vulnerabilities MDKSA-2007-038.txt
Posted on 08 February 2007
Source : packetstormsecurity.org Link
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:038
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : February 6, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
open_basedir restrictions via a malicious path and a null byte before a
";" in a session_save_path argument, followed by an allowed path, which
causes a parsing inconsistency in which PHP validates the allowed path
but sets session.save_path to the malicious path. (CVE-2006-6383)
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font. PHP uses an embedded
copy of GD and may be susceptible to the same issue. (CVE-2007-0455)
Updated packages have been patched to correct these issues. Users must
restart Apache for the changes to take effect.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
f4975722488c515d7701f3f2475c45c1 2006.0/i586/libphp5_common5-5.0.4-9.18.20060mdk.i586.rpm
df6d91c7fb6deadd6447c68d41a7a57f 2006.0/i586/php-cgi-5.0.4-9.18.20060mdk.i586.rpm
861b613a3caa594e9d18de2f66711c1c 2006.0/i586/php-cli-5.0.4-9.18.20060mdk.i586.rpm
aa74ed178e6523b28d6f0ee1cfb2b9a6 2006.0/i586/php-devel-5.0.4-9.18.20060mdk.i586.rpm
cdc33f50531e2815c3f39a2f12eca69d 2006.0/i586/php-fcgi-5.0.4-9.18.20060mdk.i586.rpm
0df45677da595137066ec38171463402 2006.0/i586/php-gd-5.0.4-2.1.20060mdk.i586.rpm
09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
94d70f0d65bebd9b8b235ec523bef3c4 2006.0/x86_64/lib64php5_common5-5.0.4-9.18.20060mdk.x86_64.rpm
3e145f94684bd8aaae230b181a3bab18 2006.0/x86_64/php-cgi-5.0.4-9.18.20060mdk.x86_64.rpm
5a460212062d85cc35c52c6c42e3babc 2006.0/x86_64/php-cli-5.0.4-9.18.20060mdk.x86_64.rpm
a31b6a63963f4486ee7839e449fb60ef 2006.0/x86_64/php-devel-5.0.4-9.18.20060mdk.x86_64.rpm
6c0ae39e3a6b8cb07a44271e5b128e2f 2006.0/x86_64/php-fcgi-5.0.4-9.18.20060mdk.x86_64.rpm
228bb108271c28550034b39b9f6cafee 2006.0/x86_64/php-gd-5.0.4-2.1.20060mdk.x86_64.rpm
09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm
Mandriva Linux 2007.0:
c8879f538ab9a93f1999c9dc8aa2f6c7 2007.0/i586/libphp5_common5-5.1.6-1.4mdv2007.0.i586.rpm
e8c050d86574fb1d2a52a5b3ec85a255 2007.0/i586/php-cgi-5.1.6-1.4mdv2007.0.i586.rpm
92391d48bd18ab9e20e64039a4a9f2ff 2007.0/i586/php-cli-5.1.6-1.4mdv2007.0.i586.rpm
d7b3ddc58da98113342434d45e04c3a8 2007.0/i586/php-devel-5.1.6-1.4mdv2007.0.i586.rpm
a5dd9b692fbd9c41be42fa2d59539c1d 2007.0/i586/php-fcgi-5.1.6-1.4mdv2007.0.i586.rpm
a2d2a3091d51ffc74793760ed31a1faa 2007.0/i586/php-gd-5.1.6-1.1mdv2007.0.i586.rpm
719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
5bf3650bbe564873a14ea8b6bf3ade06 2007.0/x86_64/lib64php5_common5-5.1.6-1.4mdv2007.0.x86_64.rpm
34ed4aa6be49dcb88f7bbc0a5c2e8690 2007.0/x86_64/php-cgi-5.1.6-1.4mdv2007.0.x86_64.rpm
608fc651103e04774dd99542ac9c24e3 2007.0/x86_64/php-cli-5.1.6-1.4mdv2007.0.x86_64.rpm
ade70a35519251e33fece3b184a5e42c 2007.0/x86_64/php-devel-5.1.6-1.4mdv2007.0.x86_64.rpm
32a0cd75a40a80b04d4f62e7a5695cf6 2007.0/x86_64/php-fcgi-5.1.6-1.4mdv2007.0.x86_64.rpm
b65ee3000cc55d6835bde68de1285708 2007.0/x86_64/php-gd-5.1.6-1.1mdv2007.0.x86_64.rpm
719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm
Corporate 3.0:
a4d72dc3de251851206c67e9706432a6 corporate/3.0/i586/libphp_common432-4.3.4-4.23.C30mdk.i586.rpm
b8e1d56bb999975f9ea0a66d8877847f corporate/3.0/i586/php-cgi-4.3.4-4.23.C30mdk.i586.rpm
433ae81fdc6d1238c0931e43f6989a9b corporate/3.0/i586/php-cli-4.3.4-4.23.C30mdk.i586.rpm
2a1717d00d78a6a6f34cddb987c0f279 corporate/3.0/i586/php-gd-4.3.4-1.5.C30mdk.i586.rpm
44c2653add5bf2cc23a2d8f6bfa3b31e corporate/3.0/i586/php432-devel-4.3.4-4.23.C30mdk.i586.rpm
b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
cfd5971fec1866bf5fe3c5e23adaba58 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.23.C30mdk.x86_64.rpm
14be94ecf6ddc1f3b910b802624de67c corporate/3.0/x86_64/php-cgi-4.3.4-4.23.C30mdk.x86_64.rpm
b016f2131f015adf8a0d0da27033569f corporate/3.0/x86_64/php-cli-4.3.4-4.23.C30mdk.x86_64.rpm
9355a4e63f1e5193f43f5048541885bf corporate/3.0/x86_64/php-gd-4.3.4-1.5.C30mdk.x86_64.rpm
77c18b09786f412789f63d6094a4fd23 corporate/3.0/x86_64/php432-devel-4.3.4-4.23.C30mdk.x86_64.rpm
b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm
Corporate 4.0:
64274f70614e93e30b479a7ba0613e8a corporate/4.0/i586/libphp4_common4-4.4.4-1.3.20060mlcs4.i586.rpm
43f22e53482c4451a24f3008a7ba75eb corporate/4.0/i586/libphp5_common5-5.1.6-1.3.20060mlcs4.i586.rpm
2c1b8b75b49bf78b6a677d36832e116c corporate/4.0/i586/php-cgi-5.1.6-1.3.20060mlcs4.i586.rpm
64261b179e2db73b5838d96020835cae corporate/4.0/i586/php-cli-5.1.6-1.3.20060mlcs4.i586.rpm
dfd172a482e20943dabd3b3fbef9ba95 corporate/4.0/i586/php-devel-5.1.6-1.3.20060mlcs4.i586.rpm
1a57eb8f5b70cd4ea28b98b462493e51 corporate/4.0/i586/php-fcgi-5.1.6-1.3.20060mlcs4.i586.rpm
bd060ffd97d1ede4a3c9453de8287970 corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm
e7d645e78c829242e3f81ab16aa8903d corporate/4.0/i586/php4-cgi-4.4.4-1.3.20060mlcs4.i586.rpm
1379c35acd8c2a414d482d5d0f5c782a corporate/4.0/i586/php4-cli-4.4.4-1.3.20060mlcs4.i586.rpm
10f753850f58ea02962272a4a30b8ed0 corporate/4.0/i586/php4-devel-4.4.4-1.3.20060mlcs4.i586.rpm
ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
a667b24b7182332997da97d003095bf4 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.3.20060mlcs4.x86_64.rpm
96860c73274abe165290ad70a1f8bbec corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.3.20060mlcs4.x86_64.rpm
e53ed6e99e23219f351b9dd0faf1fbf8 corporate/4.0/x86_64/php-cgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
2894870436518afda0788313f6fe9d6e corporate/4.0/x86_64/php-cli-5.1.6-1.3.20060mlcs4.x86_64.rpm
3e78d378968a67edda64f8a1db752b21 corporate/4.0/x86_64/php-devel-5.1.6-1.3.20060mlcs4.x86_64.rpm
16b8070a55f06ede6cce10bbac1f5706 corporate/4.0/x86_64/php-fcgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
f3fccbe495f311fb13e64b3c2532323b corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm
e8825bc14914ae4f896b28ab1b04e7ae corporate/4.0/x86_64/php4-cgi-4.4.4-1.3.20060mlcs4.x86_64.rpm
1249dfd5f50a707ac6a31c18dec924e0 corporate/4.0/x86_64/php4-cli-4.4.4-1.3.20060mlcs4.x86_64.rpm
f38d55e2315ba81db68dcb237a783ef0 corporate/4.0/x86_64/php4-devel-4.4.4-1.3.20060mlcs4.x86_64.rpm
ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
1a5b0a4fa1fe65d9b01ac1fcb87e57f4 mnf/2.0/i586/libphp_common432-4.3.4-4.23.M20mdk.i586.rpm
1ca60ff9165bc3fc897f5a4fac0a27ab mnf/2.0/i586/php-cgi-4.3.4-4.23.M20mdk.i586.rpm
5ecb69d1ba9a1aefb943fdf00922a67e mnf/2.0/i586/php-cli-4.3.4-4.23.M20mdk.i586.rpm
43adb03ed86a75a3e90387c075f36bea mnf/2.0/i586/php-gd-4.3.4-1.5.M20mdk.i586.rpm
e83875b4d3307b9d16602bf2da0c245a mnf/2.0/i586/php432-devel-4.3.4-4.23.M20mdk.i586.rpm
fb782af12ca499a56594703feb6bed2c mnf/2.0/SRPMS/php-4.3.4-4.23.M20mdk.src.rpm
fb344c42cba2a62c03c42b864b2e3151 mnf/2.0/SRPMS/php-gd-4.3.4-1.5.M20mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFyQv3mqjQ0CJFipgRAjDEAKCLn4/gWRIof2G9RBEcR3PlAb0YswCeNKkK
lRvByGSY6blc0yvvmysCSV0=
=rtk4
-----END PGP SIGNATURE-----