FLSA-2005:2344: Updated php packages fix security issues
Posted on: 03/07/2005 11:50 AM

Updated php packages are available for Red Hat Linux 7.3, 9, and Fedora Core 1

---------------------------------------------------------------------
Fedora Legacy Update Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: FLSA:2344
Issue date: 2005-03-07
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
Cross references: https://bugzilla.fedora.us/show_bug.cgi?id=2344
CVE Names: CAN-2004-0958 CAN-2004-0959 CAN-2004-1018
CAN-2004-1019 CAN-2004-1065 CAN-2004-1392
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated php packages that fix various security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386

3. Problem description:

An information disclosure bug was discovered in the parsing of "GPC" variables in PHP (query strings or cookies, and POST form data). If particular scripts used the values of the GPC variables, portions of the memory space of an httpd child process could be revealed to the client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0958 to this issue.

A file access bug was discovered in the parsing of "multipart/form-data" forms, used by PHP scripts which allow file uploads. In particular configurations, some scripts could allow a malicious client to upload files to an arbitrary directory where the "apache" user has write access. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0959 to this issue.

Flaws were found in shmop_write, pack, and unpack PHP functions. These functions are not normally passed user supplied data, so would require a malicious PHP script to be exploited. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1018 to this issue.

Flaws including possible information disclosure, double free, and negative reference index array underflow were found in the deserialization code of PHP. PHP applications may use the unserialize function on untrusted user data, which could allow a remote attacker to gain access to memory or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1019 to this issue.

A flaw in the exif extension of PHP was found which lead to a stack overflow. An attacker could create a carefully crafted image file in such a way that if parsed by a PHP script using the exif extension it could cause a crash or potentially execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1065 to this issue.

A flaw in the PHP cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1392 to this issue.

Users of PHP should upgrade to these updated packages, which contain fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs.

Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #2344 - multiple php vulns

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.14.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.14.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.10.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.10.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.10.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.10-1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.10-1.1.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name
---------------------------------------------------------------------

b88c0d83d4a9aeb974a6ee54ce66a27ecefa392a
redhat/7.3/updates/i386/php-4.1.2-7.3.14.legacy.i386.rpm
48fd82779841a679e84e93f8ef1b612965acb342
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.14.legacy.i386.rpm
573aad4bab9f4f4399aedea743999020b3246614
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.14.legacy.i386.rpm
1a18d347e68013d29586f6a8db8283bdf7f6ff66
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.14.legacy.i386.rpm
2a84f086225993aeccb0dfe2dd21ca8fcd78f26e
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.14.legacy.i386.rpm
d856fcc947e9386db2116f581cd0faf9efa5cf39
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.14.legacy.i386.rpm
5621afdf4dd720ca24b489ccd115f6ead0b5343d
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.14.legacy.i386.rpm
41bc8b4cf9c357c8030c09c4454c0e2173e0c523
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.14.legacy.i386.rpm
42bec2bd2e0f98fed8e01e82eef7a845c37020d2
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.14.legacy.i386.rpm
8c6cf550cb6b6f4a75742120f56c6b77ff3d49e4
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.14.legacy.src.rpm
7fdeae44517dc2ef29fbb0480f9046fc6dadc8e3
redhat/9/updates/i386/php-4.2.2-17.10.legacy.i386.rpm
e9244f6732eb2c83128d91e57439e7cc36c3c982
redhat/9/updates/i386/php-devel-4.2.2-17.10.legacy.i386.rpm
054f45490faa2d6bc641b22bade7f3db92d07cde
redhat/9/updates/i386/php-imap-4.2.2-17.10.legacy.i386.rpm
76ade25210bb37b4757b535d48de39e8c2dec622
redhat/9/updates/i386/php-ldap-4.2.2-17.10.legacy.i386.rpm
53d0e83c9b10e9d84e0150c9dbdb70f4df3a930a
redhat/9/updates/i386/php-manual-4.2.2-17.10.legacy.i386.rpm
81ac7899358407bbd2c38baf7547136413970372
redhat/9/updates/i386/php-mysql-4.2.2-17.10.legacy.i386.rpm
cceed4ce195fa9ff864eb6561b7bfb6297eb5bff
redhat/9/updates/i386/php-odbc-4.2.2-17.10.legacy.i386.rpm
839c239b525265df7abaeac1c5f0c08092c74944
redhat/9/updates/i386/php-pgsql-4.2.2-17.10.legacy.i386.rpm
b1cd0eb61b109a2b5da15791b8781806b44c7efc
redhat/9/updates/i386/php-snmp-4.2.2-17.10.legacy.i386.rpm
fe9529ca28ff2663a9b520fd5e774cf931e0b135
redhat/9/updates/SRPMS/php-4.2.2-17.10.legacy.src.rpm
dd0daa7c3d6b4f491605e698c39cb451edff50ba
fedora/1/updates/i386/php-4.3.10-1.1.legacy.i386.rpm
c07635eca5d2ce4f1972c5faf3e14f4c00a19f2d
fedora/1/updates/i386/php-devel-4.3.10-1.1.legacy.i386.rpm
2658aabd4ebe409b0b9532baf0894abfe15c0f38
fedora/1/updates/i386/php-domxml-4.3.10-1.1.legacy.i386.rpm
b38d0ef81f4ccc1ef914bdeb4077461d4dba2d7b
fedora/1/updates/i386/php-imap-4.3.10-1.1.legacy.i386.rpm
e8d7d69f35641f915edba0eb9c5915db60e318d5
fedora/1/updates/i386/php-ldap-4.3.10-1.1.legacy.i386.rpm
f9a609b45b56e028080246ea7df8a53d1e0c33b7
fedora/1/updates/i386/php-mbstring-4.3.10-1.1.legacy.i386.rpm
f34d4ab35fc29149a8c8f84140940c9470356415
fedora/1/updates/i386/php-mysql-4.3.10-1.1.legacy.i386.rpm
71c362c35b2368348b56d8cd5f7c03812f7b7aa2
fedora/1/updates/i386/php-odbc-4.3.10-1.1.legacy.i386.rpm
de668bafb64e2f7cb8e3d1add11e8037159ce90d
fedora/1/updates/i386/php-pgsql-4.3.10-1.1.legacy.i386.rpm
d2bc37081e2633c0cbd721b24cbbeadffc0196be
fedora/1/updates/i386/php-snmp-4.3.10-1.1.legacy.i386.rpm
1538dab5f7b07a29191f459441478a4c9cc2c11e
fedora/1/updates/i386/php-xmlrpc-4.3.10-1.1.legacy.i386.rpm
125b673172ebeb9cf0bdefe5adc0060ae10d3c9d
fedora/1/updates/SRPMS/php-4.3.10-1.1.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm --checksig -v lt;filenamegt;

If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command:

sha1sum lt;filenamegt;

8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1065
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392

9. Contact:

The Fedora Legacy security contact is lt;secnotice@fedoralegacy.orggt;. More project details at http://www.fedoralegacy.org


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/flsa_20052344_updated_php_packages_fix_security_issues.html)