Home / vulnerabilitiesPDF  

MDKSA-2007-187.txt

Posted on 25 September 2007
Source : packetstormsecurity.org Link

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:187
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : September 21, 2007
Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Numerous vulnerabilities were discovered in the PHP scripting language
that are corrected with this update.

An integer overflow in the substr_compare() function allows
context-dependent attackers to read sensitive memory via a large
value in the length argument. This only affects PHP5 (CVE-2007-1375).

A stack-based buffer overflow in the zip:// URI wrapper in PECL
ZIP 1.8.3 and earlier allowes remote attackers to execute arbitrary
code via a long zip:// URL. This only affects Corporate Server 4.0
(CVE-2007-1399).

A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
could allow an attacker to inject arbitrary email headers via a
special email address. This only affects Mandriva Linux 2007.1
(CVE-2007-1900).

The mcrypt_create_iv() function calls php_rand_r() with an
uninitialized seed variable, thus always generating the same
initialization vector, which may allow an attacker to decrypt
certain data more easily because of the guessable encryption keys
(CVE-2007-2727).

The soap extension calls php_rand_r() with an uninitialized seec
variable, which has unknown impact and attack vectors; an issue
similar to that affecting mcrypt_create_iv(). This only affects PHP5
(CVE-2007-2728).

The substr_count() function allows attackers to obtain sensitive
information via unspecified vectors. This only affects PHP5
(CVE-2007-2748).

An infinite loop was found in the gd extension that could be used to
cause a denial of service if a script were forced to process certain
PNG images from untrusted sources (CVE-2007-2756).

An integer overflow flaw was found in the chunk_split() function that
ould possibly execute arbitrary code as the apache user if a remote
attacker was able to pass arbitrary data to the third argument of
chunk_split() (CVE-2007-2872).

A flaw in the PHP session cookie handling could allow an attacker to
create a cross-site cookie insertion attack if a victim followed an
untrusted carefully-crafted URL (CVE-2007-3799).

Various integer overflow flaws were discovered in the PHP gd extension
that could allow a remote attacker to execute arbitrary code as the
apache user (CVE-2007-3996).

A flaw in the wordwrap() frunction could result in a denial of ervice
if a remote attacker was able to pass arbitrary data to the function
(CVE-2007-3998).

A flaw in the money_format() function could result in an information
leak or denial of service if a remote attacker was able to pass
arbitrary data to this function; this situation would be unlikely
however (CVE-2007-4658).

A bug in the PHP session cookie handling could allow an attacker to
stop a victim from viewing a vulnerable website if the victim first
visited a malicious website under the control of the attacker who
was able to use that page to set a cookie for the vulnerable website
(CVE-2007-4670).

Updated packages have been patched to prevent these issues.
In addition, PECL ZIP version 1.8.10 is being provided for Corporate
Server 4.0.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
57a68f47fd8c691db93b9eadbbf19b40 2007.0/i586/libphp5_common5-5.1.6-1.9mdv2007.0.i586.rpm
f82d39f70da087f4d7f9470f81211276 2007.0/i586/php-cgi-5.1.6-1.9mdv2007.0.i586.rpm
a22e66bf85ab53ff1782ce331ffa60a6 2007.0/i586/php-cli-5.1.6-1.9mdv2007.0.i586.rpm
c3cd07dba2182b4f583794a3b240e84e 2007.0/i586/php-devel-5.1.6-1.9mdv2007.0.i586.rpm
265ef0003e043ad3013022b1e566fd89 2007.0/i586/php-fcgi-5.1.6-1.9mdv2007.0.i586.rpm
598e110d6abcc345a0b6ee1676214ee2 2007.0/i586/php-gd-5.1.6-1.3mdv2007.0.i586.rpm
0f9a486f5ccadd55c81aa61705ae5d81 2007.0/i586/php-mcrypt-5.1.6-1.1mdv2007.0.i586.rpm
6d7d80d3cdeae2e4ca286b67be659cef 2007.0/i586/php-soap-5.1.6-1.2mdv2007.0.i586.rpm
06fef845a7f0eb15fbda8e01d2449759 2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
1c4c5379d367dd0ba8c002d2a60eb8b1 2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
4b4382448f9be55ea66f8b910a12a97c 2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
c9e9b415eac3b864ffcece762c6aa6bb 2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
8ddfb570e663d8b61cbfaf5bc8585d54 2007.0/x86_64/lib64php5_common5-5.1.6-1.9mdv2007.0.x86_64.rpm
d05d20ad5c5ddd84649aaed661b83c7a 2007.0/x86_64/php-cgi-5.1.6-1.9mdv2007.0.x86_64.rpm
9ba45cce68ffa043cf1fb23fe765e104 2007.0/x86_64/php-cli-5.1.6-1.9mdv2007.0.x86_64.rpm
26ead0e8cd3bab9ba64cc39f596d6533 2007.0/x86_64/php-devel-5.1.6-1.9mdv2007.0.x86_64.rpm
65673d78e3e1af683d64e30ba832be63 2007.0/x86_64/php-fcgi-5.1.6-1.9mdv2007.0.x86_64.rpm
0d478806da998759a96cdbf8694c0324 2007.0/x86_64/php-gd-5.1.6-1.3mdv2007.0.x86_64.rpm
99ec9336533a6ff74b93841497a73fe1 2007.0/x86_64/php-mcrypt-5.1.6-1.1mdv2007.0.x86_64.rpm
1b5bdc02b561134835c729fb404b0931 2007.0/x86_64/php-soap-5.1.6-1.2mdv2007.0.x86_64.rpm
06fef845a7f0eb15fbda8e01d2449759 2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
1c4c5379d367dd0ba8c002d2a60eb8b1 2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
4b4382448f9be55ea66f8b910a12a97c 2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
c9e9b415eac3b864ffcece762c6aa6bb 2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:
cfb5ebca225920865fd41b8d7379ec04 2007.1/i586/libphp5_common5-5.2.1-4.3mdv2007.1.i586.rpm
fd99e8fd1eba60464844111ba0bf658f 2007.1/i586/php-cgi-5.2.1-4.3mdv2007.1.i586.rpm
d2d5ef2a6eb326c85e5e4e66d5488032 2007.1/i586/php-cli-5.2.1-4.3mdv2007.1.i586.rpm
f8ff08caf4bf9d4b06c84dabf426ad4f 2007.1/i586/php-devel-5.2.1-4.3mdv2007.1.i586.rpm
0e362fc96f32b9046df73d01938f4a4f 2007.1/i586/php-fcgi-5.2.1-4.3mdv2007.1.i586.rpm
3796283e1a18abd35c66e9fdb7cecf84 2007.1/i586/php-gd-5.2.1-1.2mdv2007.1.i586.rpm
8303fdaff4f40f7025e84b9571db7557 2007.1/i586/php-mcrypt-5.2.1-1.1mdv2007.1.i586.rpm
765b7cff3e34bf6be0d31d5e11c6d21f 2007.1/i586/php-openssl-5.2.1-4.3mdv2007.1.i586.rpm
8ed091e407210049489fb70ba4f18e3f 2007.1/i586/php-soap-5.2.1-1.2mdv2007.1.i586.rpm
649f2efadad45640ca14f5ab644de67f 2007.1/i586/php-zlib-5.2.1-4.3mdv2007.1.i586.rpm
8779e5a26aecb35eaf93a5c54f35a798 2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
d16710089832ae31873c0db7e6df87fd 2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
ec8b2d536f13c35dd2c2f1cca92c5694 2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
90f9821184ef2fc8cca2a35e54080f44 2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
4af5b6e98feeeb88b8993768c15497ce 2007.1/x86_64/lib64php5_common5-5.2.1-4.3mdv2007.1.x86_64.rpm
f5e5fbb413e349ff9ae9e8e82a59dd92 2007.1/x86_64/php-cgi-5.2.1-4.3mdv2007.1.x86_64.rpm
c93c070b38a3c2602dbfea38e648fea1 2007.1/x86_64/php-cli-5.2.1-4.3mdv2007.1.x86_64.rpm
5d7fa073092e6599eddaaffab5b4df4f 2007.1/x86_64/php-devel-5.2.1-4.3mdv2007.1.x86_64.rpm
0d593dad6f79e0331d1a9c7544d6fe42 2007.1/x86_64/php-fcgi-5.2.1-4.3mdv2007.1.x86_64.rpm
8652914b9aa256724004e12621111ce3 2007.1/x86_64/php-gd-5.2.1-1.2mdv2007.1.x86_64.rpm
cc2993f0faf2d76eb317162162237049 2007.1/x86_64/php-mcrypt-5.2.1-1.1mdv2007.1.x86_64.rpm
2becb2e136e605d4b6fcbb80b8b96fdc 2007.1/x86_64/php-openssl-5.2.1-4.3mdv2007.1.x86_64.rpm
241a453a1007cc84f0f789b2a11bf96f 2007.1/x86_64/php-soap-5.2.1-1.2mdv2007.1.x86_64.rpm
58a30a4284944ed364d488338c6d4605 2007.1/x86_64/php-zlib-5.2.1-4.3mdv2007.1.x86_64.rpm
8779e5a26aecb35eaf93a5c54f35a798 2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
d16710089832ae31873c0db7e6df87fd 2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
ec8b2d536f13c35dd2c2f1cca92c5694 2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
90f9821184ef2fc8cca2a35e54080f44 2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

Corporate 3.0:
247e24717edaad099d4dfac36d06da11 corporate/3.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
a2fe1080b8981493b83f6bb6c08a6f83 corporate/3.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
0468aa254c2495b128f4ea776b7100f7 corporate/3.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
230476bcb71774884ec17ecbef336e5c corporate/3.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
3cac8eecfdee304b0889fbe99958a6ca corporate/3.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm
74c8bcac18b502174d270a0e2529d8e8 corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
7db08e02ff0b4d59c58bbef5ff25a89b corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
54b38db5000d71f5f4cfe0d55ea8839d corporate/3.0/x86_64/lib64php_common432-4.3.4-4.27.C30mdk.x86_64.rpm
e06d422dedbd7ff39eb86c8afdf23f8c corporate/3.0/x86_64/php-cgi-4.3.4-4.27.C30mdk.x86_64.rpm
66bea84020ec6231dbc345215b6398d4 corporate/3.0/x86_64/php-cli-4.3.4-4.27.C30mdk.x86_64.rpm
6e47af7339e7c939133d3bbab0b54c60 corporate/3.0/x86_64/php-gd-4.3.4-1.7.C30mdk.x86_64.rpm
9aa27728797f8a8b7fe6932237779dc1 corporate/3.0/x86_64/php432-devel-4.3.4-4.27.C30mdk.x86_64.rpm
74c8bcac18b502174d270a0e2529d8e8 corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
7db08e02ff0b4d59c58bbef5ff25a89b corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

Corporate 4.0:
6660cfe8b3e883412a9d138cb4776a17 corporate/4.0/i586/libphp4_common4-4.4.4-1.7.20060mlcs4.i586.rpm
0a43b956bf221f3dc6b534aed4c2c332 corporate/4.0/i586/libphp5_common5-5.1.6-1.8.20060mlcs4.i586.rpm
d01223da70e8e3c6c17b0bd065cf4747 corporate/4.0/i586/php-cgi-5.1.6-1.8.20060mlcs4.i586.rpm
9cdf4d6ba4446811b0118126b31dd80b corporate/4.0/i586/php-cli-5.1.6-1.8.20060mlcs4.i586.rpm
6f486a6a19edef73ac2bc6aba2cf342a corporate/4.0/i586/php-devel-5.1.6-1.8.20060mlcs4.i586.rpm
a126823de602fb9aecae42f052ab2827 corporate/4.0/i586/php-fcgi-5.1.6-1.8.20060mlcs4.i586.rpm
9c198b7e8a34c3e4d03f18174b2b1a84 corporate/4.0/i586/php-gd-5.1.6-1.3.20060mlcs4.i586.rpm
b58d0518a5a44bdb26006df7b3d0b9f4 corporate/4.0/i586/php-mcrypt-5.1.6-1.1.20060mlcs4.i586.rpm
c306da649d383d2ef0d4e568e8f77bd2 corporate/4.0/i586/php-soap-5.1.6-1.2.20060mlcs4.i586.rpm
6fbcf94c677317eaa73f2972afbece1c corporate/4.0/i586/php-zip-1.8.10-0.1.20060mlcs4.i586.rpm
473813677bb2f261182b53f6175908b8 corporate/4.0/i586/php4-cgi-4.4.4-1.7.20060mlcs4.i586.rpm
5c53c5fd3860246341522a47712b7d18 corporate/4.0/i586/php4-cli-4.4.4-1.7.20060mlcs4.i586.rpm
079851b5a916b27cb16aa4bde9bcd86e corporate/4.0/i586/php4-devel-4.4.4-1.7.20060mlcs4.i586.rpm
cf0a080ecd0acb5e01f7e2e41ed3c76d corporate/4.0/i586/php4-gd-4.4.4-1.2.20060mlcs4.i586.rpm
c2333bbae7d3a20b90a2e174f2caf5da corporate/4.0/i586/php4-mcrypt-4.4.4-1.1.20060mlcs4.i586.rpm
b406cd54519867c9611c6c6700827457 corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
491027bf3182f1f56e93e4d3a053d9e0 corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
dd89eef4f40af9dff068c28bd56b4d5b corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
d7107b5be0e7768abad9c15cc8584ded corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
f39e559d753bc59816d4106cd095d0db corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
1f1fd034cfd3d3f911315a34326d553e corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
00447503df74be2f96f4ec4f93de6694 corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
c005bcfb3c95e618ba5a4c928d5b75c7 corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
d04a06f2a1d4c8d36b1ce3de6448577b corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.7.20060mlcs4.x86_64.rpm
b22d1122c842de135ddf34d331641da8 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.8.20060mlcs4.x86_64.rpm
9866242fb135cca7cf3e35e97f5178af corporate/4.0/x86_64/php-cgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
c68e05947bec3bb82e9d1d5c572f96d5 corporate/4.0/x86_64/php-cli-5.1.6-1.8.20060mlcs4.x86_64.rpm
cf53b9aaef91d88655f9d74e3ff2aacb corporate/4.0/x86_64/php-devel-5.1.6-1.8.20060mlcs4.x86_64.rpm
f8c251520d975a4010def1750fd8346d corporate/4.0/x86_64/php-fcgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
5b34f8737e26d00f33c0328d763ab213 corporate/4.0/x86_64/php-gd-5.1.6-1.3.20060mlcs4.x86_64.rpm
758cf65ca6d0a4abebb902e0cba8a340 corporate/4.0/x86_64/php-mcrypt-5.1.6-1.1.20060mlcs4.x86_64.rpm
13bee1adbfe5e67c01ca731ea81dbdd9 corporate/4.0/x86_64/php-soap-5.1.6-1.2.20060mlcs4.x86_64.rpm
4c0b39d8927c6cb19e32befb0539680e corporate/4.0/x86_64/php-zip-1.8.10-0.1.20060mlcs4.x86_64.rpm
5ada3b423910e48a26c77a8cf95cc274 corporate/4.0/x86_64/php4-cgi-4.4.4-1.7.20060mlcs4.x86_64.rpm
84fae5bb1c27d7c4a6dcb7c29966e2ce corporate/4.0/x86_64/php4-cli-4.4.4-1.7.20060mlcs4.x86_64.rpm
ccc04f5e1301a856a4d8e24bd36342cb corporate/4.0/x86_64/php4-devel-4.4.4-1.7.20060mlcs4.x86_64.rpm
0eafa187fc47d54782cba69a73d500f8 corporate/4.0/x86_64/php4-gd-4.4.4-1.2.20060mlcs4.x86_64.rpm
17f6a6e9ff9cb623ba5538c46571fce5 corporate/4.0/x86_64/php4-mcrypt-4.4.4-1.1.20060mlcs4.x86_64.rpm
b406cd54519867c9611c6c6700827457 corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
491027bf3182f1f56e93e4d3a053d9e0 corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
dd89eef4f40af9dff068c28bd56b4d5b corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
d7107b5be0e7768abad9c15cc8584ded corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
f39e559d753bc59816d4106cd095d0db corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
1f1fd034cfd3d3f911315a34326d553e corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
00447503df74be2f96f4ec4f93de6694 corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
c005bcfb3c95e618ba5a4c928d5b75c7 corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
4a0e9e73f51d6118c3580b9f556c0a2d mnf/2.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
f4698dd4eb9c4c9e12528c70cf458e7f mnf/2.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
91e6914a490349580511f216a8220c86 mnf/2.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
b5655d8d54a14d9f5cdb56246ddad2e3 mnf/2.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
752e636b31d84df4b9283fc56b60ef5b mnf/2.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm
dba539a2cc542b14898bea508291fb93 mnf/2.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
86dacced331afeb19a375cdcd5ade744 mnf/2.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG9CU6mqjQ0CJFipgRAs8RAKDsqCO/QPqLczFFlIVUz3pfMnFdUwCePmkK
vvRjTT2T2agDRpYmZWKYhFs=
=4TWc
-----END PGP SIGNATURE-----

 

TOP