SUSE Security Announcement: php4 bugfix update (SUSE-SA:2006:034)
Posted on: 06/22/2006 06:42 PM

A security announcement from SUSE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

SUSE Security Announcement

Package: php4
Announcement ID: SUSE-SA:2006:034
Date: Thu, 22 Jun 2006 14:00:00 +0000
Affected Products: SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE LINUX 9.2
SUSE LINUX 9.1
SuSE Linux Enterprise Server 8
SUSE SLES 9
UnitedLinux 1.0
Vulnerability Type: bug fix
Severity (1-10): 0
SUSE Default Package: no
Cross-References: CVE-2006-2657

Content of This Advisory:
1) Security Vulnerability Resolved:
bugfix update for previous PHP 4 release
Problem Description
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

In SUSE-SA:2006:031 we announced bugfixes for PHP4.

Unfortunately the patches to fix CVE-2006-2657 contained a bug
which made arrays work unreliable or not all and so broke several
PHP applications.

We have released fixed packages for this problem, as listed below.

Only PHP4 was affected, the PHP5 updates do not contain this problem.

2) Solution or Work-Around

There is no known workaround, please install the update packages.

3) Special Instructions and Notes

Please close and restart all running instances of apache and/or
apache2 after the update.

4) Package Location and Checksums

The preferred method for installing security updates is to use the YaST
Online Update (YOU) tool. YOU detects which updates are required and
automatically performs the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually
and verify their integrity by the methods listed in Section 6 of this
announcement. Then install the packages using the command

rpm -Fhv <file.rpm>

to apply the update, replacing <file.rpm> with the filename of the
downloaded RPM package.


x86 Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.0-6.15.i586.rpm
68b04b2efbea6b19dc795ae5cd99e5a2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.15.i586.rpm
4a560750c14b6941d22ad59961f4ba53
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.15.i586.rpm
08ddd002efc044415257b1598c00ff7c
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.15.i586.rpm
22dbc5373d389e29dede7989bfae1fbd
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gd-4.4.0-6.15.i586.rpm
f0591b69b2997552c7c6ebc69e2ea626
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6.15.i586.rpm
3b6546de3ae1a8d1c7b105323cee19c2
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.15.i586.rpm
4dc4650c61dd0127d67fa735ccc14c0b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6.15.i586.rpm
dc2e140fb600b7b02498fab0717f2afa

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.25.i586.rpm
6c26bb11835f27035f1f1987dae32c3e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.25.i586.rpm
56b81821f4c6efcfce3cfee712c829ff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.25.i586.rpm
f89e007d5b05dd5d24312edfd5256e82
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.25.i586.rpm
32a4784f5df6bbbd27f5f179600b379b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.25.i586.rpm
571207c1432a33a28dd90958538bca1f
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.25.i586.rpm
cf7c0649419b8492c3f09aeef1b3941a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-gd-4.3.10-14.25.i586.rpm
505eab04c381d7f5ab479b276fe4aca7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mbstring-4.3.10-14.25.i586.rpm
8738a92c30421636cab3ca00d796b05c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.25.i586.rpm
9deaf549ef63a4d3313ca6953915b9fc
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.25.i586.rpm
56340826fc1e4be798c78c2c5752cf34
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.25.i586.rpm
8cf3dbcc97638fb38b92a3e5d213d67d

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.28.i586.rpm
187ce3402645353d214c2b3a0cd1f9ed
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.28.i586.rpm
1b0e6a47ad9a463e656130a943d42387
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.28.i586.rpm
659424773f5dd2f49e7eb4de3321b67a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.28.i586.rpm
e1990370e6f794b212701aa96cab248f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.28.i586.rpm
6e018a422474a3e94937230549d6c9f6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.28.i586.rpm
ce308f4fd305f1d426a0e77196b40ed2
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-gd-4.3.8-8.28.i586.rpm
62d1e99398fe2564d9b1e6d891e289f9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-mbstring-4.3.8-8.28.i586.rpm
2d89c210f1f69cc379b561c47f71723a
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.28.i586.rpm
f9134199842dd3ec2549accee184e1e6
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.28.i586.rpm
8335d15b6b282fccce7c602692d5c190
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.28.i586.rpm
2a3c67e33f12256fee0aab9d7203e8fb

SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.61.i586.rpm
a39b9471efb52224a5822aafbd9aae05
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.61.i586.rpm
7575d11737d891adcf454c7319006976
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.61.i586.rpm
6ce7cf156885adc543ecbade468b7885
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.61.i586.rpm
e427a7b430327577facc994a061657f2
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.61.i586.rpm
5624c13f07417578785053c13e9159c7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.61.i586.rpm
045bee7e27e3523e95fd0037292d0fb3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.61.i586.rpm
1023c2db204dfa98360580581515af20
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-gd-4.3.4-43.61.i586.rpm
d7baf7c1b3856bea32e3084a3d1ec3c3
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.61.i586.rpm
b0ddc9522bb3e56aa77c6b298aee0e96
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mbstring-4.3.4-43.61.i586.rpm
c818d87c8324c929254bec4ef4ef1553
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.61.i586.rpm
1d4126b943f6d412d382ea5a36754ec0
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.61.i586.rpm
b559fd1c85fc6be0611afd23c1dd6f18
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.61.i586.rpm
a1c3499ebff3c3493f49977abd82d8ef
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.61.i586.rpm
ea2c506fa449c18090d8d81c5fda1da7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.61.i586.rpm
934fcd686006ba5e3cdef9f0763abca4
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.61.i586.rpm
ada042141532ceb503499022bd343200
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.61.i586.rpm
40c4eded2b858de9a596fdc6d9e21a42

Power PC Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0-6.15.ppc.rpm
a140b3feb66d4aaeaef41b2399e0a788
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.15.ppc.rpm
91d0a696e9bb5bd9193d7963fc2c06b8
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.15.ppc.rpm
3b444d35b210ab2463332092aff75a49
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.15.ppc.rpm
10810749229a4cee68d94cf039126c24
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gd-4.4.0-6.15.ppc.rpm
6e40b40f62337e8ccc6ebe8da992486a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4.0-6.15.ppc.rpm
228fcf57bcbf6fe631d2996c92df34d3
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.15.ppc.rpm
f2adf27d69a3ef54e5d3da39da46903d

x86-64 Platform:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.4.0-6.15.x86_64.rpm
bb1df56dd702ce6af3c55bdb89866d3b
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.15.x86_64.rpm
16a0307d33c644711f8073a246c2f6ef
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.15.x86_64.rpm
671bbcd235e2322ddf5d247969be05e5
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.15.x86_64.rpm
7c6f4fd05ebb4e92f57f63d8ddfd93db
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-6.15.x86_64.rpm
67e2a98d581f8ccccb680fc4d0bb776d
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gd-4.4.0-6.15.x86_64.rpm
1d849d989158068f478d5c7027e6686a
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring-4.4.0-6.15.x86_64.rpm
5ae332bccfee664c040a9f30186b8852
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-6.15.x86_64.rpm
90ef9cbfaa8a837543b0b08f8b32377f
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0-6.15.x86_64.rpm
0657f62fc9bbcd0ebe5679ab62168a2d

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3.10-14.25.x86_64.rpm
187682919d052dab78c2fa25da5ca285
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3.10-14.25.x86_64.rpm
689e899498be1dcf1a671ceb533d6a32
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.11.x86_64.rpm
ea830e8cfea0cded96b8edcf809525ba
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.25.x86_64.rpm
6a48c70dad81fb5712ea35c4aef2075e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14.25.x86_64.rpm
9f6b614c5095376a28c3f288e8a5f50b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.25.x86_64.rpm
47cb30945e8fc5c3798b5983fb7cb94c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-14.25.x86_64.rpm
694aadb8908ef9d8d138e54bc6d42b24
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-gd-4.3.10-14.25.x86_64.rpm
afb9584831f5a6f8322d00f2282703aa
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mbstring-4.3.10-14.25.x86_64.rpm
3e7b8b67f49b1f0c476af84c0dbd5694
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.25.x86_64.rpm
f8efb254ef885a3a2d04252e902f4f33
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-14.25.x86_64.rpm
52a54d535a5185533ddb2a29d0e7cb08
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-14.25.x86_64.rpm
1461201a76c5b430e71c56d6b2fa4777

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.28.x86_64.rpm
518fdd320cfb21b2dc08f9c55b16d6ba
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3.8-8.28.x86_64.rpm
da409dc041243c8b12b5fbd149f190da
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200606201045.x86_64.rpm
eefc10a16242a3ba2b0c713007b96f1b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.28.x86_64.rpm
45d1776a156304c009a4c4f8ae6c15aa
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.28.x86_64.rpm
9f4d1dbc5d73964c32bb3dd0ab419eec
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.28.x86_64.rpm
81710c6db8fb97c4bf97b13ac9e185fc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8.28.x86_64.rpm
c312c20ddd6af00a5fd00f2bd2cedabc
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-gd-4.3.8-8.28.x86_64.rpm
55ef3a2542547f5f167c56a41f320d52
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-mbstring-4.3.8-8.28.x86_64.rpm
8bb0ea1ccd830011cb04bac05fc5061e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.28.x86_64.rpm
20971cc05c837d423d35f7584a71617c
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8.28.x86_64.rpm
e9c3a24289b1d00133fc23082f65d02e
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8.28.x86_64.rpm
4949447f09a8ebd00dd21df9a34b68b9

SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.61.x86_64.rpm
b966b6665a32c1b437152b6a2468a1ab
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.61.x86_64.rpm
c9d3000f4ff9d70fd53a01afa1ea6528
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4.3.4-43.61.x86_64.rpm
87a554fcce1cb600c81815203b718502
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.61.x86_64.rpm
07d7a77a3504b4748b22f228c07bf6ef
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-43.61.x86_64.rpm
968d6a01832ede73530c0f1dd356e276
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-exif-4.3.4-43.61.x86_64.rpm
ef6441a0ea53d002431cc39a630c62ce
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4-43.61.x86_64.rpm
e0de13330b9c81dbfea13d4e20762e4c
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-gd-4.3.4-43.61.x86_64.rpm
0b46e1136f22d99e911087f627420a80
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43.61.x86_64.rpm
0ff2aeb36eeccb96fa5b81c58331d7db
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mbstring-4.3.4-43.61.x86_64.rpm
d175e8217d17a9faa779a61eaafbb1b5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-43.61.x86_64.rpm
6e0b1814909753e432856e36c257130f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-pear-4.3.4-43.61.x86_64.rpm
f28fd61c54d6d55895c0228f96341098
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-43.61.x86_64.rpm
538fcc0e2f64235f1564c03fe5dcf1d0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4-43.61.x86_64.rpm
38e483e109067fc0fed78ec172bc4823
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4-43.61.x86_64.rpm
286d218356729415ccbff4ab3a3034ad
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4-43.61.x86_64.rpm
c4e11b7dc6ca5aa190071effe867ac25
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43.61.x86_64.rpm
9ea11b3924f67cbb3b929da72d6cd396

Sources:

SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.15.src.rpm
b22894e000afd9eec90ea7481ccf737e

SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.25.src.rpm
b00346afb847c32b00e66ad24887b5a8

SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.28.src.rpm
b122c554e82537bafdd7ed721c220fe6

SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.61.src.rpm
82ee0ce0dd5d1704c3e64abfd8747582
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.61.src.rpm
dcf6c840cf7f236db987d2f91d6f65d6

Our maintenance customers are notified individually. The packages are
offered for installation from the maintenance web:

SUSE CORE 9 for Itanium Processor Family
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/872c84fe4ddb36cc6c947d71d9705360.html

SUSE SLES 9
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/154731d4e512c74bcb44fc5c8c40119b.html

UnitedLinux 1.0
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/af51507882deee03c0144869d7ce9bf2.html

SuSE Linux Enterprise Server 8
http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/af51507882deee03c0144869d7ce9bf2.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

- Announcement authenticity verification:

SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.

To verify the signature of the announcement, save it as text into a file
and run the command

gpg --verify <file>

replacing <file> with the name of the file where you saved the
announcement. The output for a valid signature looks like:

gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team <security@suse.de>"

where <DATE> is replaced by the date the document was signed.

If the security team's key is not contained in your key ring, you can
import it from the first installation CD. To import the key, use the
command

gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

- Package authenticity verification:

SUSE update packages are available on many mirror FTP servers all over the
world. While this service is considered valuable and important to the free
and open source software community, the authenticity and the integrity of
a package needs to be verified to ensure that it has not been tampered
with.

There are two verification methods that can be used independently from
each other to prove the authenticity of a downloaded file or RPM package:

1) Using the internal gpg signatures of the rpm package
2) MD5 checksums as provided in this announcement

1) The internal rpm package signatures provide an easy way to verify the
authenticity of an RPM package. Use the command

rpm -v --checksig <file.rpm>

to verify the signature of the package, replacing <file.rpm> with the
filename of the RPM package downloaded. The package is unmodified if it
contains a valid signature from build@suse.de with the key ID 9C800ACA.

This key is automatically imported into the RPM database (on
RPMv4-based distributions) and the gpg key ring of 'root' during
installation. You can also find it on the first installation CD and at
the end of this announcement.

2) If you need an alternative means of verification, use the md5sum
command to verify the authenticity of the packages. Execute the command

md5sum <filename.rpm>

after you downloaded the file from a SUSE FTP server or its mirrors.
Then compare the resulting md5sum with the one that is listed in the
SUSE security announcement. Because the announcement containing the
checksums is cryptographically signed (by security@suse.de), the
checksums show proof of the authenticity of the package if the
signature of the announcement is valid. Note that the md5 sums
published in the SUSE Security Announcements are valid for the
respective packages only. Newer versions of these packages cannot be
verified.

- SUSE runs two security mailing lists to which any interested party may
subscribe:

suse-security@suse.com
- General Linux and SUSE security discussion.
All SUSE security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-subscribe@suse.com>.

suse-security-announce@suse.com
- SUSE's announce-only mailing list.
Only SUSE's security announcements are sent to this list.
To subscribe, send an e-mail to
<suse-security-announce-subscribe@suse.com>.

For general information or the frequently asked questions (FAQ),
send mail to <suse-security-info@suse.com> or
<suse-security-faq@suse.com>.

=====================================================================
SUSE's security contact is <security@suse.com> or <security@suse.de>.
The <security@suse.de> public key is listed below.
=====================================================================
______________________________________________________________________________

The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way. In particular, the
clear text signature should show proof of the authenticity of the text.

SUSE Linux Products GmbH provides no warranties of any kind whatsoever
with respect to the information contained in this security advisory.

Type Bits/KeyID Date User ID
pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.2 (GNU/Linux)

mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU
F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS
FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW
tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It
Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF
AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+
3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk
YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP
+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR
8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U
8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S
cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh
ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB
UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo
AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n
KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi
BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro
nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg
KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx
yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn
B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV
wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh
UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF
5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3
D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu
zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd
9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi
a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13
CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp
271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE
t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG
B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw
rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt
IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL
rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H
RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa
g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA
CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO
=ypVs
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRJq3vHey5gA9JdPZAQLhqgf+O6QoiB28//KiHCD3My45T1aTS0t3ZfAO
sXYFc4RxMG2jARFBoDfZ/ryOB1pSMxfXcju9aVoooqVXeX3WziV9P1cYlbMRvbjh
E5jgc63YxjyuCU5VZZmhFU10iKFHO+dcFYOFsLS4KkAVIHSqBg3DdpCPE8UA9WbV
mU0pIVy1hZOvFlcWpR4mNnmHmHAtgaPpT5x805V7ftnBWi27NfpUMvv3TpRFmuIX
Xd9BZy989n9wrukQ9s9on3p7NycTZVbtXtR2jPGvbCCPNJbwtPIxSmdnu5sIndWs
J7aaRYTEYPL+dU1X7SYN658JJmYlr/aAiPyCq+2oFw9Af6eKtp2t7Q==
=y7DN
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/suse_security_announcement_php4_bugfix_update_suse_sa2006034.html)