[Security Announce] [ MDKSA-2007:048 ] - Updated php packages fix multiple vulnerabilities
Posted on: 02/23/2007 07:15 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:048
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : February 22, 2007
Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A number of vulnerabilities were discovered in PHP language.

Many buffer overflow flaws were discovered in the PHP session
extension, the str_replace() function, and the imap_mail_compose()
function. An attacker able to use a PHP application using any of
these functions could trigger these flaws and possibly execute
arbitrary code as the apache user (CVE-2007-0906).

A one-byte memory read will always occur prior to the beginning of a
buffer, which could be triggered, for example, by any use of the
header() function in a script (CVE-2007-0907).

The wddx extension, if used to import WDDX data from an untrusted
source, may allow a random portion of heap memory to be exposed due
to certain WDDX input packets (CVE-2007-0908).

The odbc_result_all() function, if used to display data from a
database,
and if the contents of the database are under the control of an
attacker, could lead to the execution of arbitrary code due to a format
string vulnerability (CVE-2007-0909).

Several flaws in the PHP could allow attackers to clobber certain
super-global variables via unspecified vectors (CVE-2007-0910).

The zend_hash_init() function can be forced into an infinite loop
if unserializing untrusted data on a 64-bit platform, resulting in
the consumption of CPU resources until the script timeout alarm aborts
the execution of the script (CVE-2007-0988).

Updated package have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
14a536e0c07f48b553986725223f54dc 2006.0/i586/libphp5_common5-5.0.4-9.19.20060mdk.i586.rpm
762bc7a2f5500dca2eb7effdb96b6cf0 2006.0/i586/php-cgi-5.0.4-9.19.20060mdk.i586.rpm
3055c27939b2b6451872b39654c7564f 2006.0/i586/php-cli-5.0.4-9.19.20060mdk.i586.rpm
042909d1305a2ceeab45fa11fa4ff434 2006.0/i586/php-devel-5.0.4-9.19.20060mdk.i586.rpm
0bcc6a996a381e6d8ee7c5271bbea166 2006.0/i586/php-fcgi-5.0.4-9.19.20060mdk.i586.rpm
69bc4325439a8ee9ba99ed28af7ed0e2 2006.0/i586/php-imap-5.0.4-2.5.20060mdk.i586.rpm
b9a273cc6b7b5e35efea231b27bbc2e5 2006.0/i586/php-odbc-5.0.4-1.1.20060mdk.i586.rpm
7b499c1b38392d556619692780ed41f4 2006.0/i586/php-session-5.0.4-1.1.20060mdk.i586.rpm
452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
0ccd978c2b32e74087d237e334a46779 2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
d7549d0a1c8dd9a8989bbf2519d923fa 2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
92abeadef4272b1e1dff61c956923d23 2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
9e66a63f9b6a4694e3b6440afc4e0bd5 2006.0/x86_64/lib64php5_common5-5.0.4-9.19.20060mdk.x86_64.rpm
a07a6011defb76f88eba66fc429221e3 2006.0/x86_64/php-cgi-5.0.4-9.19.20060mdk.x86_64.rpm
964d1e6c84a4a8b20fc5257435e64d6e 2006.0/x86_64/php-cli-5.0.4-9.19.20060mdk.x86_64.rpm
a0b074323affacd0c3b26302bb791d0a 2006.0/x86_64/php-devel-5.0.4-9.19.20060mdk.x86_64.rpm
74f357e2b7db2b3c1d7e179ab9341b10 2006.0/x86_64/php-fcgi-5.0.4-9.19.20060mdk.x86_64.rpm
6bad08844fe2a99bd12defc982e75e5f 2006.0/x86_64/php-imap-5.0.4-2.5.20060mdk.x86_64.rpm
183f14e7c52ad0b14692661afd478e3c 2006.0/x86_64/php-odbc-5.0.4-1.1.20060mdk.x86_64.rpm
f156370ad26f48adcc9fbdb17eb04db1 2006.0/x86_64/php-session-5.0.4-1.1.20060mdk.x86_64.rpm
452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm
0ccd978c2b32e74087d237e334a46779 2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm
d7549d0a1c8dd9a8989bbf2519d923fa 2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm
92abeadef4272b1e1dff61c956923d23 2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm

Mandriva Linux 2007.0:
cf3ef7426074a91964ef0086459cc889 2007.0/i586/libphp5_common5-5.1.6-1.6mdv2007.0.i586.rpm
8567efb3d4d7a41bcfeecd1c0a3c64e5 2007.0/i586/php-cgi-5.1.6-1.6mdv2007.0.i586.rpm
675213bf0e797a294776da1bbcbddc69 2007.0/i586/php-cli-5.1.6-1.6mdv2007.0.i586.rpm
115be2e3b5ca6b285dd359374ab4cf5c 2007.0/i586/php-devel-5.1.6-1.6mdv2007.0.i586.rpm
b3ca1cf50e10f01d57d9471baf5f330c 2007.0/i586/php-fcgi-5.1.6-1.6mdv2007.0.i586.rpm
40225dcc5e0e4293be737a5043436010 2007.0/i586/php-imap-5.1.6-1.1mdv2007.0.i586.rpm
ba41c7d542423eb42539dc6ab3e2ac9f 2007.0/i586/php-odbc-5.1.6-1.1mdv2007.0.i586.rpm
639ede4d200b60c4164f396d6e215b69 2007.0/i586/php-session-5.1.6-1.1mdv2007.0.i586.rpm
0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
7d90955ba0926450ae4d3fe854744f36 2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3 2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
2959ad88632828e143d5ac98fae79a7b 2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
0f3a963e7808ed8be25e7b17544c0c05 2007.0/x86_64/lib64php5_common5-5.1.6-1.6mdv2007.0.x86_64.rpm
b7bb612bfc0cb39bb5648dd0b7ea4d37 2007.0/x86_64/php-cgi-5.1.6-1.6mdv2007.0.x86_64.rpm
c4b459dc63debe260e8f06d4260e30fd 2007.0/x86_64/php-cli-5.1.6-1.6mdv2007.0.x86_64.rpm
18534448cbe23231900e3da51333dc67 2007.0/x86_64/php-devel-5.1.6-1.6mdv2007.0.x86_64.rpm
6bbd4f1f6c4e060de408183798a2f312 2007.0/x86_64/php-fcgi-5.1.6-1.6mdv2007.0.x86_64.rpm
b8c0a446c7fa433e0678e3e58effccab 2007.0/x86_64/php-imap-5.1.6-1.1mdv2007.0.x86_64.rpm
f49bb567345c6728baf879e943e15002 2007.0/x86_64/php-odbc-5.1.6-1.1mdv2007.0.x86_64.rpm
e60efa04d5b12f98a1c9800c8d3d4a21 2007.0/x86_64/php-session-5.1.6-1.1mdv2007.0.x86_64.rpm
0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm
7d90955ba0926450ae4d3fe854744f36 2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm
ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3 2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm
2959ad88632828e143d5ac98fae79a7b 2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm

Corporate 3.0:
b976e6b9cadf8cf26eb00611b5b47274 corporate/3.0/i586/libphp_common432-4.3.4-4.24.C30mdk.i586.rpm
21a6ed462d981442f42aa22f4b2dc09b corporate/3.0/i586/php-cgi-4.3.4-4.24.C30mdk.i586.rpm
13515b3d016198d636d37abf967e5c20 corporate/3.0/i586/php-cli-4.3.4-4.24.C30mdk.i586.rpm
ba84264eeab995355deab7c9323aedd1 corporate/3.0/i586/php-imap-4.3.4-1.5.C30mdk.i586.rpm
128dc7b4d3b2e925b7a0b1d850d0895a corporate/3.0/i586/php432-devel-4.3.4-4.24.C30mdk.i586.rpm
56f90fe0b8a96f6a6fe5bf0620cd4408 corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
2ab806c5a8f696fdce5e4f1037e1404d corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm

Corporate 3.0/X86_64:
8ccfdbf8075179e44035bb97f3e75d7d corporate/3.0/x86_64/lib64php_common432-4.3.4-4.24.C30mdk.x86_64.rpm
18b243d3ce9ea60777d66980280c37ba corporate/3.0/x86_64/php-cgi-4.3.4-4.24.C30mdk.x86_64.rpm
404152b4a6a773895b7eff209f1fb1d5 corporate/3.0/x86_64/php-cli-4.3.4-4.24.C30mdk.x86_64.rpm
fdeb1accc67c123bace512c287a656c2 corporate/3.0/x86_64/php-imap-4.3.4-1.5.C30mdk.x86_64.rpm
14a01cc331d4ce489a8f9fdee3959c31 corporate/3.0/x86_64/php432-devel-4.3.4-4.24.C30mdk.x86_64.rpm
56f90fe0b8a96f6a6fe5bf0620cd4408 corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm
2ab806c5a8f696fdce5e4f1037e1404d corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm

Corporate 4.0:
c509fc3368d31c1dca47d065b28f2fea corporate/4.0/i586/libphp4_common4-4.4.4-1.4.20060mlcs4.i586.rpm
4901007b7f7d98585f926c76692e3c3e corporate/4.0/i586/libphp5_common5-5.1.6-1.5.20060mlcs4.i586.rpm
e3ffeda22f59f1f947acfeba34a9d23f corporate/4.0/i586/php-cgi-5.1.6-1.5.20060mlcs4.i586.rpm
aecf1f88ba7c6e964f8f96a90cbf10c2 corporate/4.0/i586/php-cli-5.1.6-1.5.20060mlcs4.i586.rpm
39268f16090d55a4c969734263036be4 corporate/4.0/i586/php-devel-5.1.6-1.5.20060mlcs4.i586.rpm
3db35d86b2943802a54cc3272662e91c corporate/4.0/i586/php-fcgi-5.1.6-1.5.20060mlcs4.i586.rpm
a8e96cedb24e719f32c83d5e6bc02e3e corporate/4.0/i586/php-imap-5.1.6-1.1.20060mlcs4.i586.rpm
169fef5a69d5d3c1b385d218ddaf68fd corporate/4.0/i586/php-odbc-5.1.6-1.1.20060mlcs4.i586.rpm
d3191c857cee1b6ed1c9978d0eea5a8c corporate/4.0/i586/php-session-5.1.6-1.1.20060mlcs4.i586.rpm
58777631a4cc9b7f064b3eb41b773b60 corporate/4.0/i586/php-wddx-5.1.6-1.1.20060mlcs4.i586.rpm
981f2fe117ddd4a025b095bd98f988b6 corporate/4.0/i586/php4-cgi-4.4.4-1.4.20060mlcs4.i586.rpm
d0845bd223c59cc23a487cc11822940c corporate/4.0/i586/php4-cli-4.4.4-1.4.20060mlcs4.i586.rpm
ce46c6aa0f58d6b87392e0c7b471dc4b corporate/4.0/i586/php4-devel-4.4.4-1.4.20060mlcs4.i586.rpm
cb618d8c7536749f010445b5f7c1ad5a corporate/4.0/i586/php4-imap-4.4.4-0.1.20060mlcs4.i586.rpm
df7aa75f1bbdd6051f71d62692417b00 corporate/4.0/i586/php4-odbc-4.4.4-0.1.20060mlcs4.i586.rpm
a5743e7b00125f3fbfc9815e5bedacfe corporate/4.0/i586/php4-wddx-4.4.4-0.1.20060mlcs4.i586.rpm
b912cf9745221ccf19f08c9e9e6e9724 corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
12771ab58ff701a26a3dff54e3cb757a corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
3ac73928485a9d003f9ab410da73f496 corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
b6d3c63e004e44c8bef821d14e9dfb95 corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
c30202c77c1a1a5a8694536733b7efb3 corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
bc686b9f2bd178263c6e211c3781f0fb corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
4ec41380503d039ba368e1b5a375042f corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
a151cddb0bb46bf5046091e9ee0683c1 corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
afa5569276637c92cfec4fca0b700434 corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
e2031a018eabe7291baa8f14e8aea201 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.4.20060mlcs4.x86_64.rpm
67e00f079636589757a192db88789be7 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.5.20060mlcs4.x86_64.rpm
9e8e832216178be8c5c6cf5a7b46011e corporate/4.0/x86_64/php-cgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
0628d22b004b2948ca17dcfadac43e50 corporate/4.0/x86_64/php-cli-5.1.6-1.5.20060mlcs4.x86_64.rpm
6e5eeeef138b0ae9c458bf3756e551c3 corporate/4.0/x86_64/php-devel-5.1.6-1.5.20060mlcs4.x86_64.rpm
9af58850637ffed2b37ccfa0c881fb1f corporate/4.0/x86_64/php-fcgi-5.1.6-1.5.20060mlcs4.x86_64.rpm
fbacfda0078e058d0a9c55b0951d7b22 corporate/4.0/x86_64/php-imap-5.1.6-1.1.20060mlcs4.x86_64.rpm
4d4dfb1e89ff5debd4734b09e18282db corporate/4.0/x86_64/php-odbc-5.1.6-1.1.20060mlcs4.x86_64.rpm
e6cc37b9941ca1c010a83ecfeb80f5ff corporate/4.0/x86_64/php-session-5.1.6-1.1.20060mlcs4.x86_64.rpm
bd9fce2e55b5445324c605eb739a811c corporate/4.0/x86_64/php-wddx-5.1.6-1.1.20060mlcs4.x86_64.rpm
6795c92d078f0a9a67abcc44fde3b6ee corporate/4.0/x86_64/php4-cgi-4.4.4-1.4.20060mlcs4.x86_64.rpm
d6112d336c1d5bc101cc5a624177b38e corporate/4.0/x86_64/php4-cli-4.4.4-1.4.20060mlcs4.x86_64.rpm
b5c7bd35a04a63839c9a43de0392ee29 corporate/4.0/x86_64/php4-devel-4.4.4-1.4.20060mlcs4.x86_64.rpm
94ae86a2e5b36059eba7f7385df0f79c corporate/4.0/x86_64/php4-imap-4.4.4-0.1.20060mlcs4.x86_64.rpm
17166588d6b6052e85f395e15fa6a942 corporate/4.0/x86_64/php4-odbc-4.4.4-0.1.20060mlcs4.x86_64.rpm
de8d50be6e2bd6f6cdba304f003bcc24 corporate/4.0/x86_64/php4-wddx-4.4.4-0.1.20060mlcs4.x86_64.rpm
b912cf9745221ccf19f08c9e9e6e9724 corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm
12771ab58ff701a26a3dff54e3cb757a corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm
3ac73928485a9d003f9ab410da73f496 corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm
b6d3c63e004e44c8bef821d14e9dfb95 corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm
c30202c77c1a1a5a8694536733b7efb3 corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm
bc686b9f2bd178263c6e211c3781f0fb corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm
4ec41380503d039ba368e1b5a375042f corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm
a151cddb0bb46bf5046091e9ee0683c1 corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm
afa5569276637c92cfec4fca0b700434 corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
f67045828bb37de94a16410dd106c839 mnf/2.0/i586/libphp_common432-4.3.4-4.24.M20mdk.i586.rpm
6d6c9770470709db6c849baf1b79ed7c mnf/2.0/i586/php-cgi-4.3.4-4.24.M20mdk.i586.rpm
f5f3a45ffa8c90a53f541dd575dcfde0 mnf/2.0/i586/php-cli-4.3.4-4.24.M20mdk.i586.rpm
7d8a49eb836d1f7b09afbb67dae77ef4 mnf/2.0/i586/php432-devel-4.3.4-4.24.M20mdk.i586.rpm
9ef4f5c1fd355320945faf7bb3904975 mnf/2.0/SRPMS/php-4.3.4-4.24.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF3lOTmqjQ0CJFipgRAsbpAKDURk8Q4U7KcvcsVpYlNbe8CwIiWQCgobiE
w9pA+mlmA6RVi+gXsxvQWNc=
=u9Od
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007048__updated_php_packages_fix_multiple_vulnerabilities.html)