Linux Compatible
  • News
    • Channels
    • Archive
    • Search
    • Submit
  • Articles
    • Categories
  • Knowledgebase
  • Compatibility
    • Search
  • Links
  • Forums
  • Twitter
Advertisement

Latest News
[ Windows | Linux | Apple ]

· AMD 2nd Gen Ryzen Reviews and more
· Windows 10 Insider Preview Build 17650 released
· MySQL and Libreoffice Updates for Debian 7 LTS
· Apache and OpenSSL Security Update for Ubuntu Linux
· MySQL 8.0.11 released
· Popular YouTuber Says Apple Won't Fix His iMac Pro Damaged While Disassembled and more
· GD Update (SSA:2018-108-01) for Slackware
· Wieshark and Opencv Updates for Debian 7 LTS
· 16 Oracle Linux Updates
· WebKitGTK+ 2.21.1 released

Upcoming News
· Samsung 860 Pro SSD Review @ Vortez
· Raijintek Orcus 240 @ TechPowerUp
· Team Group Cardea Zero 240 GB @ TechPowerUp
· Guru3D Rig of the Month - January 2018
· Cooler Master MK750 Review @ Vortez
· Seagate Skyhawk 10TB SATA III HDD Review
· Vulkan Continues To Show Its Gaming Strength On Low-End Hardware
· Seagate IronWolf ST12000VN0007 12TB Hard Drive Review @ APH Networks
· Sennheiser Game One @ TechPowerUp
· be quiet! Straight Power 11 1000W Power Supply Review

Linux Compatibility
· Brother DCP-L2540DN
· Sound Blaster E5
· WD Elements 500GB external hard drive
· Canon D660U Flatbad scanner
· Umax Astra 4500 USB Scanner
· Logitech QuickCam Pro 4000
· Dell Latitude E6420
· Creative Sound Blaster Z
· Photosmart 5520
· TB-5300 Slimline Design Tablet

New Forum Topics
· Dale
by: Dale Blinco
on: 2018-02-05 00:26
1 replies, 1193 views

· modem driver needed
by: jongiffen777
on: 2017-12-13 11:11
1 replies, 2366 views

· Need a decent browser for XP Pro!
by: percy
on: 2017-12-05 11:02
2 replies, 4249 views

· Comodo Time Machine + Faronics Deep Freeze
by: Jabberwocky
on: 2017-11-15 23:17
1 replies, 2855 views

· Linux compatablity
by: ibme
on: 2017-10-04 18:05
1 replies, 4772 views

News Channels
· Drivers
· Guides
· Reviews
· Security
· Software
· Press Release
· Updates
· Interviews
· Linux
· General
· Debian
· Red Hat
· Slackware
· Gentoo
· Mandriva
· White Box
· SUSE
· GNOME
· KDE
· CentOS
· Ubuntu
· MEPIS
· Android
· Oracle Linux
· Arch Linux

What's New
Login to see an overview of all news stories since your last visit.

Welcome to our website

To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.

Linux Compatible » News » April 2005 » USN-112-1: PHP4 vulnerabilities

USN-112-1: PHP4 vulnerabilities

Posted by Philipp Esselbach on: 04/14/2005 06:22 AM [ Print | 0 comment(s) ]

A php4 security update is available for Ubuntu Linux 4.10

===========================================================
Ubuntu Security Notice USN-112-1 April 14, 2005
php4 vulnerabilities
CAN-2005-1042, CAN-2005-1043
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi

The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.8. After performing a standard system upgrade you need to reload the PHP module in the webserver by executing

sudo /etc/init.d/apache2 reload

to effect the necessary changes.




Details follow:

An integer overflow was discovered in the exif_process_IFD_TAG() function in PHP4's EXIF module. EXIF tags with a specially crafted "Image File Directory" (IFD) tag caused a buffer overflow which could have been exploited to execute arbitrary code with the privileges of the PHP4 server. (CAN-2005-1042)

The same module also contained a Denial of Service vulnerability. EXIF headers with a large IFD nesting level caused an unbound recursion which would eventually overflow the stack and cause the executed program to crash. (CAN-2005-1043)

In web applications that automatically process EXIF tags of uploaded images, both vulnerabilities could be exploited remotely.


Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.
8.diff.gz
Size/MD5: 615279 bccbf61fbd657d604778ef0807602269
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.
8.dsc
Size/MD5: 1624 50fb00c9c97235f29bd5e0b5be38719f
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.
gz
Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubun
tu7.8_all.deb
Size/MD5: 332212 c7b9169952458bc1c9c6bb38894e44dd
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-
3ubuntu7.8_all.deb
Size/MD5: 333344 8df62c694a6f3161c9856ce3ddc72880

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_
4.3.8-3ubuntu7.8_amd64.deb
Size/MD5: 1689076 ea68676e40465cfaf63e9c040097cf5e
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubun
tu7.8_amd64.deb
Size/MD5: 3198192 73d27ba5818baffd5364bf600bde839d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 17268 af6a393057cbc02db58bf8161971c920
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.
8-3ubuntu7.8_amd64.deb
Size/MD5: 40424 68c1a0c15a6cf8a73e34312ab4490fda
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3u
buntu7.8_amd64.deb
Size/MD5: 33490 04e4f118c9c254f124647d3f79331b40
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 21228 7b3a3ec6ee219d8a20b5ae4908356223
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 18402 3ccc063e13e057bb046134106f7a4af0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8
-3ubuntu7.8_amd64.deb
Size/MD5: 7984 3a6f3b7fa3c05de874ff133efed8a005
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8
-3ubuntu7.8_amd64.deb
Size/MD5: 23106 c5eb05dc58ec37535f4abbcca2fd376b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 28318 ba50aa51d1878db08656192e4942a672
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.
8-3ubuntu7.8_amd64.deb
Size/MD5: 7612 492f40b7948f52691ba10aefda76509c
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 12966 e4c676a19934de18daea3c7c5558c6bb
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.
8-3ubuntu7.8_amd64.deb
Size/MD5: 21504 5634e0379238d42bbd446c768f19d865
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-
3ubuntu7.8_amd64.deb
Size/MD5: 17244 b3ade86c59d1bf070936cc8d3e0798ec
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubun
tu7.8_amd64.deb
Size/MD5: 1704972 48b6f63a1bd9e74a32d1765f83a7a766

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_
4.3.8-3ubuntu7.8_i386.deb
Size/MD5: 1630966 33f6c6e64aeee06c9f4ce5529bfb5270
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubun
tu7.8_i386.deb
Size/MD5: 3044286 a0d8f50a76ba83181ff3120086615610
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 16846 452346f69df9d3610c1e49be50c20bda
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.
8-3ubuntu7.8_i386.deb
Size/MD5: 35546 33628c2ce0a6c4dce3ffd9191004a7c0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3u
buntu7.8_i386.deb
Size/MD5: 31064 d04e46c79926bfe840141ae8de168e71
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 19464 3b1e7da084cc652c54ed7ee809262bc5
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 17038 320f44d0b84c2d1907f85f16464b05f7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8
-3ubuntu7.8_i386.deb
Size/MD5: 7742 a82e71021460f23a3c27258a60dec76d
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8
-3ubuntu7.8_i386.deb
Size/MD5: 20898 0bdc2c8eb237dcbd9fcdb65348f583d2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 26058 0fb042c54fcdf259142a599f287597e0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.
8-3ubuntu7.8_i386.deb
Size/MD5: 7374 60bff288d952728c56839059830a46d0
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 12318 1873822251912089841c8b9ad5087fa2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.
8-3ubuntu7.8_i386.deb
Size/MD5: 20002 5073920959f7e45ba0440cc40d5d2a0b
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-
3ubuntu7.8_i386.deb
Size/MD5: 15878 c5bb3e00817367294f83e239e16876ec
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubun
tu7.8_i386.deb
Size/MD5: 1645576 f0f01be88bdc787ab135d1a865f4f308

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_
4.3.8-3ubuntu7.8_powerpc.deb
Size/MD5: 1690872 071804bfe714bbfa054aade588d40023
http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubun
tu7.8_powerpc.deb
Size/MD5: 3203670 3fa86de2cf426a6eaa6e99a5c7bdd4b7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 19086 7acaf730006b0a0ebc103057c28b74e2
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.
8-3ubuntu7.8_powerpc.deb
Size/MD5: 38282 010967a7de5cd770e9748937376f0560
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3u
buntu7.8_powerpc.deb
Size/MD5: 34008 ad454fc9b99f41b76c76b58b54a7f32f
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 21478 7a57f51114a5990b40aa326b6224afaa
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 19312 e4d275a2e44183a608e3a120ec23175a
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8
-3ubuntu7.8_powerpc.deb
Size/MD5: 9320 3566967bd9d610d91106222756584dcc
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8
-3ubuntu7.8_powerpc.deb
Size/MD5: 22690 c1a2e74f03baba2cedc8dec36329e794
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 28408 090402935f36668bcd42b459935b1fa3
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.
8-3ubuntu7.8_powerpc.deb
Size/MD5: 9006 87db57559484b64fd0e4d68909859710
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 14322 fa6f48dc42e8734e260c83a8efbd2703
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.
8-3ubuntu7.8_powerpc.deb
Size/MD5: 22192 e4d2b2a283cfd4a8d1ac92d6e2327b0e
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-
3ubuntu7.8_powerpc.deb
Size/MD5: 18058 18411dc4784022996fcc5e7387b32ac7
http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubun
tu7.8_powerpc.deb
Size/MD5: 1708846 82dee976e21613a81b3e5935a1e2f590


Bookmark and Share

« USN-111-1: Squid vulnerability · The Cleaner Database Update 3779 »

Linux Compatible » News » April 2005 » USN-112-1: PHP4 vulnerabilities
All products mentioned are registered trademarks or trademarks of their respective owners.
© 2002-2018 Esselbach Internet Solutions - All Rights Reserved. Terms and privacy policy
Powered by Contentteller® Business Edition