There are two security problems with php4 as shipped in Linux-Mandrake
7.2. It is possible to specify PHP directives on a per-directory basis
under Apache and a remote attacker could carefully craft an HTTP
request that would cause the next page to be served with the wrong
values for these directives. The second problem is that although PHP
may be installed, it can be activated and deactivated on a per-
directory or per-virtual host basis using the "engine=on" or
"engine=off" directive. PHP can "leak" the "engine=off" setting to
other virtual hosts on the same machine, effectively disabling PHP for
those hosts and resulting in PHP source code being sent to the client
instead of being executed on the server. These vulnerabilities are
corrected in PHP 4.0.4pl1.
f54b0ce745c1903794522b04eba99576 7.2/RPMS/mod_php-4.0.4pl1-1.1mdk.i586.rpm c39a3f03e58b3234af7f95e0b1ebbb4d 7.2/RPMS/php-4.0.4pl1-1.1mdk.i586.rpm b74cd72804ec86a6287dcee0c938eb1a 7.2/RPMS/php-dba_gdbm_db2-4.0.4pl1-1.1mdk.i586.rpm d29d2c054274a98726da22c2fa2e02c6 7.2/RPMS/php-devel-4.0.4pl1-1.1mdk.i586.rpm c20961189744753ee91a6fd834a937c0 7.2/RPMS/php-gd-4.0.4pl1-1.1mdk.i586.rpm e9d3312f15355741243450c7d74872d9 7.2/RPMS/php-imap-4.0.4pl1-1.1mdk.i586.rpm a68b22849371aaf36fa8e3c1d549dbbf 7.2/RPMS/php-ldap-4.0.4pl1-1.1mdk.i586.rpm ff06eb076f3e8673b39dc5f260320ee7 7.2/RPMS/php-manual-4.0.4pl1-1.1mdk.i586.rpm 70dc4d1e9175a7ec6dfa1647e7db81ba 7.2/RPMS/php-mysql-4.0.4pl1-1.1mdk.i586.rpm 91f93f9f40b4aa44774a35af508ce17a 7.2/RPMS/php-pgsql-4.0.4pl1-1.1mdk.i586.rpm 4f67c0695fa61c1d76f1cba399441398 7.2/RPMS/php-readline-4.0.4pl1-1.1mdk.i586.rpm 81e7aae1084066990f95a82a2fd07d26 7.2/SRPMS/php-4.0.4pl1-1.1mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.