Jump to content

Security update-- PHP

Guest anon

By Guest anon
in Mandriva Security Advisories

 Share

Recommended Posts

Guest anon

Guest anon

Posted
Posted

Mandrakesoft Security Advisories

Package name php

Date July 14th, 2004

Advisory ID MDKSA-2004:068

Affected versions 9.1, 9.2, 10.0, MNF8.2, CS2.1

Synopsis Updated php packages fix multiple vulnerabilities

 

 

Problem Description

 

Stefan Esser discovered a remotely exploitable vulnerability in PHP where a remote attacker could trigger a memory_limit request termination in places where an interruption is unsafe. This could be used to execute arbitrary code.

 

As well, Stefan Esser also found a vulnerability in the handling of allowed tags within PHP's strip_tags() function. This could lead to a number of XSS issues on sites that rely on strip_tags(); however, this only seems to affect the Internet Explorer and Safari browsers.

 

The updated packages have been patched to correct the problem and all users are encouraged to upgrade immediately.

 

Updated Packages

 

Mandrakelinux 9.1

 

53e9be87d1e87c11384c78e656fb045b 9.1/RPMS/libphp_common430-430-11.2.91mdk.i586.rpm

d726c6e61503ace236d41e96dd2aacc4 9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.i586.rpm

c0f0638a6977b0747b9cef6421f0baa2 9.1/RPMS/php-cli-4.3.1-11.2.91mdk.i586.rpm

846433aa57319fcf5ab760bb784c7f60 9.1/RPMS/php430-devel-430-11.2.91mdk.i586.rpm

68d0872d095bdb4976541debcdaa11d7 9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

 

Mandrakelinux 9.1/PPC

 

929514cf49ddeb4ac321b20ffa6fdb49 ppc/9.1/RPMS/libphp_common430-430-11.2.91mdk.ppc.rpm

429cafb67ce1e36012eabad5c46d0a26 ppc/9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.ppc.rpm

0bab7923e30ccaf668a04b41925adc0b ppc/9.1/RPMS/php-cli-4.3.1-11.2.91mdk.ppc.rpm

af5f2be485dad26cb88103f3373a8188 ppc/9.1/RPMS/php430-devel-430-11.2.91mdk.ppc.rpm

68d0872d095bdb4976541debcdaa11d7 ppc/9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

 

Mandrakelinux 9.2

 

f731f578cdb9d458c4880a48f20c0027 9.2/RPMS/libphp_common432-4.3.3-2.1.92mdk.i586.rpm

732ba08087b14490c057a9454c6b706d 9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.i586.rpm

d7aeca9053611e06ddeeb374ebc38fd5 9.2/RPMS/php-cli-4.3.3-2.1.92mdk.i586.rpm

dfdbda0df15baea7861646b4c42eb1d2 9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.i586.rpm

8495c4332df4f8262d3f0b9b2b781739 9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

7440678e5a938931b88953232c5c2a46 amd64/9.2/RPMS/lib64php_common432-4.3.3-2.1.92mdk.amd64.rpm

4375a9c46be6b1ef103959253b469035 amd64/9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.amd64.rpm

3cd4c385732e3b31b9f20fa93b6a7ee5 amd64/9.2/RPMS/php-cli-4.3.3-2.1.92mdk.amd64.rpm

dbf7471c02799c02a32e46a727ee87f3 amd64/9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.amd64.rpm

8495c4332df4f8262d3f0b9b2b781739 amd64/9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

 

Mandrakelinux 10.0

 

62cdddfba4a6efda574d9a7fbade926a 10.0/RPMS/libphp_common432-4.3.4-4.1.100mdk.i586.rpm

c71dc50bc4db1eef210dcdb17bfefb84 10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.i586.rpm

41ec866b7f9017e5e9697f758d96b7dd 10.0/RPMS/php-cli-4.3.4-4.1.100mdk.i586.rpm

6cf53b4acfaf964f2ad27c26c7522850 10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.i586.rpm

805c5ba7b90fd4e53fc09b46d2e4c00c 10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

8f7909d54dca79d0778754a78447c378 amd64/10.0/RPMS/lib64php_common432-4.3.4-4.1.100mdk.amd64.rpm

378466839541330d72df496acc9cd9da amd64/10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.amd64.rpm

3e6b698ba65fd6acb035d97f7c872c79 amd64/10.0/RPMS/php-cli-4.3.4-4.1.100mdk.amd64.rpm

62693eda687695449ff61aee7af8b844 amd64/10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.amd64.rpm

805c5ba7b90fd4e53fc09b46d2e4c00c amd64/10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

 

Multi Network Firewall 8.2

 

f91aac5bc43fa5c79317b8dd2d6fbfb2 mnf8.2/RPMS/php-common-4.1.2-1.3.M82mdk.i586.rpm

9805edbc685f9418c54e9ea20f968b15 mnf8.2/SRPMS/php-4.1.2-1.3.M82mdk.src.rpm

 

Corporate Server 2.1

 

e1326fedc5957661efd6eec69c4e66cf corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.i586.rpm

31337953ddfec7c379c8bcad70e97f7f corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.i586.rpm

346f004bb741c5d3a279d495eadc61c5 corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.i586.rpm

91ef39ceeb256c72f449ebd2f73fdc3a corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.i586.rpm

06a1c08156a866f9b78e1949df881425 corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

 

Corporate Server 2.1/X86_64

 

da53a0003ad75379dd473ca297c9b4f0 x86_64/corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.x86_64.rpm

190da4dbf19fd83c3e8b2db3ebe7e186 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.x86_64.rpm

7c32a33ced47f7feaf47f801718b6d8d x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.x86_64.rpm

0a747e5e17d82642f77cdfee44afe201 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.x86_64.rpm

06a1c08156a866f9b78e1949df881425 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

 

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

http://security.e-matters.de/advisories/112004.html

http://security.e-matters.de/advisories/122004.html

 

Upgrade

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you use MandrakeUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...