[Security Announce] [ MDKSA-2006:035 ] - Updated php packages fix vulnerability
Posted on: 02/07/2006 09:42 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:035
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : February 7, 2006
Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions via
unknown attack vectors.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
73fb60b80de60eac15425466e59dca39 10.1/RPMS/libphp_common432-4.3.8-3.8.101mdk.i586.rpm
b28919e0310bf29bf5866dae1ee16d98 10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.i586.rpm
d83eaac3668f09924156f177cd15f201 10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.i586.rpm
143fc214304a1c289fca9706a2a1c3a8 10.1/RPMS/php-cli-4.3.8-3.8.101mdk.i586.rpm
78c983eccc5b8423c97ef382438b2e65 10.1/RPMS/php-gd-4.3.8-2.1.101mdk.i586.rpm
677522c6ed558432f3dbf15616083610 10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
aac1a54955e947f6c15c8b8059ae4181 10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
106d6d5ca6b8f39c392bd13ec1dc42d4 x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.8.101mdk.x86_64.rpm
b4c808eec06082b85642bb130f8415dc x86_64/10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.x86_64.rpm
471cb69b308907e438d462c99980dea0 x86_64/10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.x86_64.rpm
553db3e91f87e7a515ac135e8d7f15f0 x86_64/10.1/RPMS/php-cli-4.3.8-3.8.101mdk.x86_64.rpm
ec747cf48a3dad42141f27e44325033e x86_64/10.1/RPMS/php-gd-4.3.8-2.1.101mdk.x86_64.rpm
677522c6ed558432f3dbf15616083610 x86_64/10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
aac1a54955e947f6c15c8b8059ae4181 x86_64/10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Mandriva Linux 10.2:
13cf3adeda0a0cd1d0ccde575cbe63ec 10.2/RPMS/libphp_common432-4.3.10-7.6.102mdk.i586.rpm
18302ef915b8f1b2245b9c0f79d574aa 10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.i586.rpm
c58efdb3973bb63914463628936cf2db 10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.i586.rpm
401059a0058df93d7b8567813b082b7e 10.2/RPMS/php-cli-4.3.10-7.6.102mdk.i586.rpm
887e86064d91d133d3c98245b39335b3 10.2/RPMS/php-gd-4.3.10-5.1.102mdk.i586.rpm
b677b123040f0279e39a047aa706a853 10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
393e9bde7b571bc6aee17cf48929e0d5 10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b457eff82dcedc940afda2b137dc9058 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.6.102mdk.x86_64.rpm
6075916423066e4a026814cd38332528 x86_64/10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.x86_64.rpm
4e1c918a571c85e3e4ce065edd249576 x86_64/10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.x86_64.rpm
a222ddab3ffff21bcd82420fce7951da x86_64/10.2/RPMS/php-cli-4.3.10-7.6.102mdk.x86_64.rpm
ccf2d23979006f1f7bbc9d2a1efd6043 x86_64/10.2/RPMS/php-gd-4.3.10-5.1.102mdk.x86_64.rpm
b677b123040f0279e39a047aa706a853 x86_64/10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
393e9bde7b571bc6aee17cf48929e0d5 x86_64/10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

Corporate 3.0:
1980e0259fe7747380a824f8d22e6547 corporate/3.0/RPMS/libphp_common432-4.3.4-4.10.C30mdk.i586.rpm
390c85972981566b353b594fe22197dc corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.i586.rpm
d9a49155ce3a80cdbc277f2412a13518 corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.i586.rpm
d0cbbd7fb891a7541929c67aa0343df6 corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.i586.rpm
238811f03e72ceecb0b91be525380cb9 corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.i586.rpm
d54f4e12d35cedbef0f718170620ace4 corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
c1a3d05a9501024102944e6820bc5501 corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
a8dce337033e676378664c0db6b469f7 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.10.C30mdk.x86_64.rpm
c7b1cfd80cd506eff43f22b80aa75de6 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.x86_64.rpm
1c5e085cb86ad4f7af6a0da6d05a1d62 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.x86_64.rpm
9eec60e7a700c07da18b4f787ad3f58c x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.x86_64.rpm
500eedf63f7cbccb7920a94e7959e7ac x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.x86_64.rpm
d54f4e12d35cedbef0f718170620ace4 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
c1a3d05a9501024102944e6820bc5501 x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
505744d67c4a0d9d438eb59635a1b854 mnf/2.0/RPMS/libphp_common432-4.3.4-4.10.M20mdk.i586.rpm
415fb09281493e6b5e262b8a919b2eb9 mnf/2.0/RPMS/php432-devel-4.3.4-4.10.M20mdk.i586.rpm
71f1a80d1bf23652a8001a7e48fe139c mnf/2.0/RPMS/php-cgi-4.3.4-4.10.M20mdk.i586.rpm
5ad32b1fb9e6b12be629ea44168d5138 mnf/2.0/RPMS/php-cli-4.3.4-4.10.M20mdk.i586.rpm
0b23cfbdff6ccd70f06cd3ab13813cb5 mnf/2.0/RPMS/php-gd-4.3.4-1.1.M20mdk.i586.rpm
27c29e02d28e0aea1dadd7d149636b83 mnf/2.0/SRPMS/php-4.3.4-4.10.M20mdk.src.rpm
ca1601d0a1fa257c8916715582a1df41 mnf/2.0/SRPMS/php-gd-4.3.4-1.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6M4NmqjQ0CJFipgRAvWSAJ0Yd7hn/GFf8yzTndtqIQyoglmadgCg5Tyo
2VeXltESjHb2bQZrROv66Ao=
=uN12
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006035__updated_php_packages_fix_vulnerability.html)