Mandriva 1271 Published by

The Mandriva Security Team has published a new security update: MDKSA-2005:152 - Updated php packages fix integer overflow vulnerability for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: php
Advisory ID: MDKSA-2005:152
Date: August 25th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1,
Multi Network Firewall 2.0
______________________________________________________________________

Problem Description:

Integer overflow in pcre_compile.c in Perl Compatible Regular
Expressions (PCRE) before 6.2, as used in multiple products, allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.

The php packages, as shipped, were built using a private copy of pcre.

The updated packages have been rebuilt against the system pcre libs
to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2491
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
eb0e368698b2fda5305b91ab1db8454b 10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
1816cfcc76d579e46733d572b9419fce 10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
44eccf95b5ea20a7980bc57193fd4207 10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
a69cc3baef9baa683242e30f6011f8e2 10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
a0a2f9a9e8241a515cf2b548beae4cb7 10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
fd1a6e1293506461a19e5cc80d90eecb amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
f9374c5b4339d568fe6e05bfb17b81f7 amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
0f811ea9666a35feaeb3176bef2145e4 amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
5cc1e89e7e2d2474d4249713855ab1b1 amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
a0a2f9a9e8241a515cf2b548beae4cb7 amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

Mandrakelinux 10.1:
696d96819a573db2fc9ef77018a1cd5a 10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
cd75f36ce70b59b1e7d89ec17e939c01 10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
190fb5d7390f421ab639f086b0d4b830 10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
92d72f61dba2582098b490790d1dd759 10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
7c1fd0570af6566a47ef240e072757e3 10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
497261e30c8f34eeb074273dff2e51cd x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
08f0ba426c68ae93549dc9617aec9fa7 x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
beb9dfc3eabafd3491f3996f339b89a7 x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
3b9dfd200b756098165f7df0381e4fbd x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
7c1fd0570af6566a47ef240e072757e3 x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

Mandrakelinux 10.2:
586822538c1277d23958c0ccc7ca5f5b 10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
eda7407c1646e614949886cc0779c317 10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
cc5883ec909c52dd3c8eafd069bfefad 10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
7ba1ae1b35dcae80c87e934f7942ba4b 10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
8e6141b81f2a0852338915b5b5f78f43 10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
df8091c501dc846ee06d91843bb5bb01 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm
d6ed3306dbdf94e2d9a9331e787082c6 x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
9fae82418ec0cb926515a401563cd6f6 x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
0a966fc75dfeba6697907a9d85365521 x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
8e6141b81f2a0852338915b5b5f78f43 x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

Multi Network Firewall 2.0:
9512ea70132f3edb788c48a4d3ac7e34 mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
5df5f70c8470ece4238d11f0cb213fb0 mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
c1c3eae72209c6742cbaa204fe1174d4 mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

Corporate Server 2.1:
20e4fe9664591d97bd7e87bce7abf8a1 corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
b5c53e71a69a7d8812bb2871cef26aaf corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
483f7f2db9ec6d49e29ba7c4488996ee corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
1b3cbc4961e4ef50c6304d6a8f03cd0a corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
0b15baacbb3243b46143fd041a8dd8f4 corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
734b15eebd17d63cef3e3a7f042c9fb1 x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
d3c6941f8c98f4e868e5b9b2366e8886 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm
8eed243db07e3b87186598d050dcee8b x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
839e1b9811714d35ce87b6d7bdd4a326 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
0b15baacbb3243b46143fd041a8dd8f4 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

Corporate 3.0:
0058c2f1310f1d9d96699565d285a9f2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
6d8a5bad11aa6891a21ed9ad3da4dc45 corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
12c74a0af4df6572420c5ba18881cc3c corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
e1e8b213071496d8bcd20d8c54288b4a corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
d29855cc6df3d29b38eba206acf7c1d2 corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

Corporate 3.0/X86_64:
de5bbf1a212dda1610ba9cb39429ee03 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm
bb62cee7751251be364cb9a42467066b x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
28a83cd6fdf175ea0e7f0907b708acd4 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
91d3df83d21e58d339ac5f84e97b7386 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm
d29855cc6df3d29b38eba206acf7c1d2 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkrImqjQ0CJFipgRAmZsAJwPg2M9yYquQzxTwFsfTR/zeDpRjwCfU/25
0iO114SDZxGvdjZiNj6oj3k=
=M1FP
-----END PGP SIGNATURE-----