The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:089
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : April 18, 2007
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
(CVE-2007-1001).

A DoS flaw was found in how PHP processed a deeply nested array.
A remote attacker could cause the PHP intrerpreter to creash
by submitting an input variable with a deeply nested array
(CVE-2007-1285).

A vulnerability in the way the mbstring extension set global variables
was discovered where a script using the mb_parse_str() function to
set global variables could be forced to to enable the register_globals
configuration option, possibly resulting in global variable injection
(CVE-2007-1583).

A vulnerability in how PHP's mail() function processed header data was
discovered. If a script sent mail using a subject header containing
a string from an untrusted source, a remote attacker could send bulk
email to unintended recipients (CVE-2007-1718).

A buffer overflow in the sqlite_decode_function() in the bundled
sqlite library could allow context-dependent attackers to execute
arbitrary code (CVE-2007-1887).

Updated packages have been patched to correct these issues. Also note
that the default use of the Hardened PHP patch helped to protect
against some of these issues prior to patching.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1887
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
9cf466b76665bc033530c80f504eb54e 2007.0/i586/libphp5_common5-5.1.6-1.7mdv2007.0.i586.rpm
a1d9ebfcc187c4494af7e1e39fdf0f47 2007.0/i586/php-cgi-5.1.6-1.7mdv2007.0.i586.rpm
55439de9b2c70cc97cee9b51fb5a89a9 2007.0/i586/php-cli-5.1.6-1.7mdv2007.0.i586.rpm
8c77d342600f50e6157a3df4f1f9b8f1 2007.0/i586/php-devel-5.1.6-1.7mdv2007.0.i586.rpm
f3c5bc37d6a24279a5f63b9f18e913f9 2007.0/i586/php-fcgi-5.1.6-1.7mdv2007.0.i586.rpm
ca1858b16d0a4d080e052bc182fc391f 2007.0/i586/php-gd-5.1.6-1.2mdv2007.0.i586.rpm
ddb1de61592f7a7281e5e91449398305 2007.0/i586/php-mbstring-5.1.6-1.1mdv2007.0.i586.rpm
083edc863400b03a69056dca44ba3a2e 2007.0/i586/php-sqlite-5.1.6-1.1mdv2007.0.i586.rpm
eb4be9590d4b82d63d3041b5963dd365 2007.0/SRPMS/php-5.1.6-1.7mdv2007.0.src.rpm
c488b9c4f369ac8f7bb7b727938d75bc 2007.0/SRPMS/php-gd-5.1.6-1.2mdv2007.0.src.rpm
85269cbd42e2900ee754891e240120b3 2007.0/SRPMS/php-mbstring-5.1.6-1.1mdv2007.0.src.rpm
3672001f271ae73ac8024455a887ef6e 2007.0/SRPMS/php-sqlite-5.1.6-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
4da00df59f3a9fc8105c3b540cf4054a 2007.0/x86_64/lib64php5_common5-5.1.6-1.7mdv2007.0.x86_64.rpm
6eb974c7d025e406bd8ee1b72f5972fe 2007.0/x86_64/php-cgi-5.1.6-1.7mdv2007.0.x86_64.rpm
e4922361429c9aab92a44496e04eb409 2007.0/x86_64/php-cli-5.1.6-1.7mdv2007.0.x86_64.rpm
17e01392077a6c435455d0b521e82d7a 2007.0/x86_64/php-devel-5.1.6-1.7mdv2007.0.x86_64.rpm
f73924c3f06c16e1382be7d18e1d1494 2007.0/x86_64/php-fcgi-5.1.6-1.7mdv2007.0.x86_64.rpm
3a88b1be7ed446e0d5a09ae8f0d64cf4 2007.0/x86_64/php-gd-5.1.6-1.2mdv2007.0.x86_64.rpm
d983f296eba0b5d1642c1a673bf6673c 2007.0/x86_64/php-mbstring-5.1.6-1.1mdv2007.0.x86_64.rpm
3f1e547ebc7cb5debd2c818ad3746404 2007.0/x86_64/php-sqlite-5.1.6-1.1mdv2007.0.x86_64.rpm
eb4be9590d4b82d63d3041b5963dd365 2007.0/SRPMS/php-5.1.6-1.7mdv2007.0.src.rpm
c488b9c4f369ac8f7bb7b727938d75bc 2007.0/SRPMS/php-gd-5.1.6-1.2mdv2007.0.src.rpm
85269cbd42e2900ee754891e240120b3 2007.0/SRPMS/php-mbstring-5.1.6-1.1mdv2007.0.src.rpm
3672001f271ae73ac8024455a887ef6e 2007.0/SRPMS/php-sqlite-5.1.6-1.1mdv2007.0.src.rpm

Corporate 4.0:
a15a2db081dbf8b39751a8831e24cfd8 corporate/4.0/i586/libphp5_common5-5.1.6-1.6.20060mlcs4.i586.rpm
00f3d7a49c95ad203105d69dbf60acd1 corporate/4.0/i586/php-cgi-5.1.6-1.6.20060mlcs4.i586.rpm
6579f0081fd03d78bcbbfcec165fa017 corporate/4.0/i586/php-cli-5.1.6-1.6.20060mlcs4.i586.rpm
2e54eaef6e350edb05e57291820b40ea corporate/4.0/i586/php-devel-5.1.6-1.6.20060mlcs4.i586.rpm
a74807717c95d2aa153f65ca94522f99 corporate/4.0/i586/php-fcgi-5.1.6-1.6.20060mlcs4.i586.rpm
e79a2f636d497934ddf8b507d4cb54cc corporate/4.0/i586/php-gd-5.1.6-1.2.20060mlcs4.i586.rpm
18c113b8fd4b1dd9d8d3c8638da5f25b corporate/4.0/i586/php-mbstring-5.1.6-1.1.20060mlcs4.i586.rpm
0464c30285a7d41d295efced9ea13475 corporate/4.0/i586/php-sqlite-5.1.6-1.1.20060mlcs4.i586.rpm
35972da2bd604325e2ce45fee5f2229f corporate/4.0/SRPMS/php-5.1.6-1.6.20060mlcs4.src.rpm
e506bf4c83ce83e4957018d0eae9638d corporate/4.0/SRPMS/php-gd-5.1.6-1.2.20060mlcs4.src.rpm
724ff1f27ef0b5daac393c4ce1f1f238 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.1.20060mlcs4.src.rpm
73e6b41861c52d73d1e744f4a726403b corporate/4.0/SRPMS/php-sqlite-5.1.6-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
cf307c130586c41c75f59a44f9c85d9b corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.6.20060mlcs4.x86_64.rpm
cd0091895f438d0d5cf70653b547c9ff corporate/4.0/x86_64/php-cgi-5.1.6-1.6.20060mlcs4.x86_64.rpm
b037c050f0143b6b28a6915f86a15780 corporate/4.0/x86_64/php-cli-5.1.6-1.6.20060mlcs4.x86_64.rpm
82f04ea296e82ca8e062f1f783dfa6ee corporate/4.0/x86_64/php-devel-5.1.6-1.6.20060mlcs4.x86_64.rpm
4a62890162c10d8757c6ce7398f33948 corporate/4.0/x86_64/php-fcgi-5.1.6-1.6.20060mlcs4.x86_64.rpm
a1eda733d9134658499315de0ccc6d8a corporate/4.0/x86_64/php-gd-5.1.6-1.2.20060mlcs4.x86_64.rpm
280e7b19617244aecbe446f48f3b8c72 corporate/4.0/x86_64/php-mbstring-5.1.6-1.1.20060mlcs4.x86_64.rpm
c94b1c4fe2fc5890443105b365b16d96 corporate/4.0/x86_64/php-sqlite-5.1.6-1.1.20060mlcs4.x86_64.rpm
35972da2bd604325e2ce45fee5f2229f corporate/4.0/SRPMS/php-5.1.6-1.6.20060mlcs4.src.rpm
e506bf4c83ce83e4957018d0eae9638d corporate/4.0/SRPMS/php-gd-5.1.6-1.2.20060mlcs4.src.rpm
724ff1f27ef0b5daac393c4ce1f1f238 corporate/4.0/SRPMS/php-mbstring-5.1.6-1.1.20060mlcs4.src.rpm
73e6b41861c52d73d1e744f4a726403b corporate/4.0/SRPMS/php-sqlite-5.1.6-1.1.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGJthCmqjQ0CJFipgRAovVAKC70IrJBcN4C0S8Stwl7ZbJemOyaQCgguFK
iM9nzjKqkDmAfVjb/BMoJ6w=
=VHym
-----END PGP SIGNATURE-----