Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-105-1: PHP4 vulnerabilities
Posted by Philipp Esselbach on: 04/05/2005 05:50 AM [ Print | 0 comment(s) ]
A PHP4 security update is available for Ubuntu Linux
==========================================================
Ubuntu Security Notice USN-105-1 April 05, 2005
php4 vulnerabilities
CAN-2005-0524, CAN-2005-0525
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.7. In general, a standard system upgrade is sufficient to effect the necessary changes.
==========================================================
Ubuntu Security Notice USN-105-1 April 05, 2005
php4 vulnerabilities
CAN-2005-0524, CAN-2005-0525
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libapache2-mod-php4
php4-cgi
The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.7. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image files, a remote attacker could render the server unavailable by uploading specially crafted images.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.diff.gz
Size/MD5: 614584 e1e4658c0bae269863b66a49bb1789cc
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.dsc
Size/MD5: 1624 53c60faf1cf695e843a9fed0aab32c77
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 332096 d29a70597ebf8701dbb770a5a2df99c6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 333216 214989078c962bdd8e3c68efdea24e79
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1688788 282c770eeceb3b622bff45dbb1f3697f
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 3197760 688aaee04cfbedbf28f444ff78643275
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17270 d5b8ca553be39d5c7dc5433662b829a9
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 40426 a222fd13d29d2ac9e8a6f3ca2332f075
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 33490 850faabd6c74a780fc5dac1e04e77305
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21226 6adc5a2fec65a578637fb2c8d4d61287
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 18402 8c830761ed1cf819bfb716cd062f2d99
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7990 dd174278067bea68130997ebbf8a3f36
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 23104 acc54ef8616addca8b13bd7705715469
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 28320 06043332850b57bec6689d08e525e77a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7616 e30ee5ae5a87fe517852fa99c5541a8f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 12976 5e08d2d6eef94a91c6dc83e1ec4a3ad1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21504 3392a02bebfb734e56624fa8f6e05c9f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17246 94f0b4443e8df88bf8adc06ec113225b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1704842 dac6b7d637b559a8ac6f53d6c2cd4e4c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1630616 84cb8a55df23a51feaecf303154d3829
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 3044204 015a09b97c147de9a747f060c068ea13
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 16852 cee9e1885827277cb1a16bb7deec639e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 35554 dac653d1fe82fd71419a0e6bace784b2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 31068 b51bd380ad14556b0ccaeb5599cfd7c1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 19474 e05e15801bd839f5f9ea94cda102267d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 17054 d40c6352b3283626d210437f733251ae
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7736 eee3b5f201d4cd174732b4cef81b1479
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20900 63ce98c0ce7aeda7201c47eb346cbebe
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 26064 6cbaa547ab716198142a569bd38c823c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7372 5ed54eb594586ae56f202bf678451ec0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 12320 449d214d5a3df63b798432793b837711
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20008 7df58c1a5dc6bf1f391ead2ce51da017
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 15880 25572c6d71cc59b64847dde954a24412
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1645276 b6bc44c59dd99f01bbaae144abe7c828
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1690610 3857d24f10f0a950b76e03c8b1e1d663
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 3203548 ac2e9c91f5fd9d80f97c4e5f44256d57
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19076 560c45fd8cc01d6ed85bb4124a9878a7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 38278 e780094260109fb3127647e9f33357d2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 34000 1222155b9a80cbdacabf345810a64848
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 21474 e7b955ecd7c36d079af80c31a05ffc30
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19300 02d564e04e540773720eaceb42ad07e5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9312 4ddb42c6ad8bab5f901eca499d085c25
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22680 65c22c805385f10129b1594e57dc66f1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 28398 21c858449fa712269b2fd16db5657d00
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9004 8284d0b18f6951c5d06693c4932d1985
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 14322 46838ddd2207c1ced82d39df732497fd
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22194 f680fec5a3f461bbf31874cb1d8d7136
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 18052 ab288cf61f4d35627ef0113438227997
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1708412 f2d8a566456a811453039f722d2e779f
Two Denial of Service vulnerabilities have been discovered in the getimagesize() function. getimagesize() uses format specific internal functions php_handle_iff() and php_handle_jpeg() which get stuck in infinite loops when certain (invalid) size parameters are read from the image. In web applications that allow users to upload arbitrary image files, a remote attacker could render the server unavailable by uploading specially crafted images.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.diff.gz
Size/MD5: 614584 e1e4658c0bae269863b66a49bb1789cc
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.7.dsc
Size/MD5: 1624 53c60faf1cf695e843a9fed0aab32c77
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 332096 d29a70597ebf8701dbb770a5a2df99c6
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.7_all.deb
Size/MD5: 333216 214989078c962bdd8e3c68efdea24e79
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1688788 282c770eeceb3b622bff45dbb1f3697f
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 3197760 688aaee04cfbedbf28f444ff78643275
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17270 d5b8ca553be39d5c7dc5433662b829a9
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 40426 a222fd13d29d2ac9e8a6f3ca2332f075
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 33490 850faabd6c74a780fc5dac1e04e77305
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21226 6adc5a2fec65a578637fb2c8d4d61287
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 18402 8c830761ed1cf819bfb716cd062f2d99
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7990 dd174278067bea68130997ebbf8a3f36
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 23104 acc54ef8616addca8b13bd7705715469
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 28320 06043332850b57bec6689d08e525e77a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 7616 e30ee5ae5a87fe517852fa99c5541a8f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 12976 5e08d2d6eef94a91c6dc83e1ec4a3ad1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 21504 3392a02bebfb734e56624fa8f6e05c9f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 17246 94f0b4443e8df88bf8adc06ec113225b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_amd64.deb
Size/MD5: 1704842 dac6b7d637b559a8ac6f53d6c2cd4e4c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1630616 84cb8a55df23a51feaecf303154d3829
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 3044204 015a09b97c147de9a747f060c068ea13
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 16852 cee9e1885827277cb1a16bb7deec639e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 35554 dac653d1fe82fd71419a0e6bace784b2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 31068 b51bd380ad14556b0ccaeb5599cfd7c1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 19474 e05e15801bd839f5f9ea94cda102267d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 17054 d40c6352b3283626d210437f733251ae
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7736 eee3b5f201d4cd174732b4cef81b1479
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20900 63ce98c0ce7aeda7201c47eb346cbebe
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 26064 6cbaa547ab716198142a569bd38c823c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 7372 5ed54eb594586ae56f202bf678451ec0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 12320 449d214d5a3df63b798432793b837711
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 20008 7df58c1a5dc6bf1f391ead2ce51da017
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 15880 25572c6d71cc59b64847dde954a24412
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_i386.deb
Size/MD5: 1645276 b6bc44c59dd99f01bbaae144abe7c828
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1690610 3857d24f10f0a950b76e03c8b1e1d663
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 3203548 ac2e9c91f5fd9d80f97c4e5f44256d57
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19076 560c45fd8cc01d6ed85bb4124a9878a7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 38278 e780094260109fb3127647e9f33357d2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 34000 1222155b9a80cbdacabf345810a64848
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 21474 e7b955ecd7c36d079af80c31a05ffc30
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 19300 02d564e04e540773720eaceb42ad07e5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9312 4ddb42c6ad8bab5f901eca499d085c25
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22680 65c22c805385f10129b1594e57dc66f1
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 28398 21c858449fa712269b2fd16db5657d00
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 9004 8284d0b18f6951c5d06693c4932d1985
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 14322 46838ddd2207c1ced82d39df732497fd
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 22194 f680fec5a3f461bbf31874cb1d8d7136
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 18052 ab288cf61f4d35627ef0113438227997
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.7_powerpc.deb
Size/MD5: 1708412 f2d8a566456a811453039f722d2e779f
