Advisories

Mandriva Advisories

Package name	php
Date	February 28th, 2002
Advisory ID	MDKSA-2002:017
Affected versions	7.1, 7.2, 8.0, 8.1, CS1.0
Synopsis	Updated php packages fix file upload vulnerability

Problem Description

Several flaws exist in various versions of PHP in the way it handles
multipart/form-data POST requests, which are used for file uploads.
The php_mime_split() function could be used by an attacker to execute
arbitrary code on the server. This affects both PHP4 and PHP3. The
authors have fixed this in PHP 4.1.2 and provided patches for older
versions of PHP.

Updated Packages

Mandrakelinux 7.1

 b467bf615e96ff6f19441fb76c31e66e  7.1/RPMS/php-4.0.6-5.8mdk.i586.rpm
9c94c50c3f0a417612070d907ac3913a  7.1/RPMS/php-common-4.0.6-5.8mdk.i586.rpm
b6d1c7eee93643970e912a0068ea108e  7.1/RPMS/php-devel-4.0.6-5.8mdk.i586.rpm
d0db071e71527246c027d858627bd79a  7.1/SRPMS/php-4.0.6-5.8mdk.src.rpm

Mandrakelinux 7.2

 f2551aaca5328f7ec9cd3acff45bd0ef  7.2/RPMS/php-4.0.6-5.7mdk.i586.rpm
3b48cebd7b87ab6d44140db24bca3677  7.2/RPMS/php-common-4.0.6-5.7mdk.i586.rpm
97c976cbfc17a8858943522fb9a61cd8  7.2/RPMS/php-devel-4.0.6-5.7mdk.i586.rpm
8eb30f21520e5450271eef6cb81b9fd6  7.2/SRPMS/php-4.0.6-5.7mdk.src.rpm

Mandrakelinux 8.0

 40692c18d192b6590f9515490e1ba5ff  8.0/RPMS/php-4.0.6-5.6mdk.i586.rpm
5519419aaf2e801c73b6d544dd1dab13  8.0/RPMS/php-common-4.0.6-5.6mdk.i586.rpm
4405dfea6e9004e418c0d3bf46e5c3b3  8.0/RPMS/php-devel-4.0.6-5.6mdk.i586.rpm
27d88658bd8b9b55ade2c5865caf21b7  8.0/SRPMS/php-4.0.6-5.6mdk.src.rpm

Mandrakelinux 8.0/PPC

 ad1d2fb5fa7a4f5ef24cb972090c2e58  ppc/8.0/RPMS/php-4.0.6-5.6mdk.ppc.rpm
46b21874e5927b6df63597aaf0fd98a2  ppc/8.0/RPMS/php-common-4.0.6-5.6mdk.ppc.rpm
e45f1e5aba41d580dbeba24ad24a154c  ppc/8.0/RPMS/php-devel-4.0.6-5.6mdk.ppc.rpm
27d88658bd8b9b55ade2c5865caf21b7  ppc/8.0/SRPMS/php-4.0.6-5.6mdk.src.rpm

Mandrakelinux 8.1

 a6908e6f35d2940ed79f3c80c2891b12  8.1/RPMS/php-4.0.6-5.5mdk.i586.rpm
00f6eb55d1cedd253ca191aeb77ccda7  8.1/RPMS/php-common-4.0.6-5.5mdk.i586.rpm
faeb0148322ff3bb0b6691fc9accdfc5  8.1/RPMS/php-devel-4.0.6-5.5mdk.i586.rpm
f33a409f14e64efe14db7e2fa331555f  8.1/SRPMS/php-4.0.6-5.5mdk.src.rpm

Mandrakelinux 8.1/IA64

 d126433068216b59801123022982925d  ia64/8.1/RPMS/php-4.0.6-5.5mdk.ia64.rpm
cb8c57101d1768c528fa8956fd85f9b9  ia64/8.1/RPMS/php-common-4.0.6-5.5mdk.ia64.rpm
a677dae70eafeda055c2b30058c377a5  ia64/8.1/RPMS/php-devel-4.0.6-5.5mdk.ia64.rpm
f33a409f14e64efe14db7e2fa331555f  ia64/8.1/SRPMS/php-4.0.6-5.5mdk.src.rpm

Corporate Server 1.0.1

 b467bf615e96ff6f19441fb76c31e66e  1.0.1/RPMS/php-4.0.6-5.8mdk.i586.rpm
9c94c50c3f0a417612070d907ac3913a  1.0.1/RPMS/php-common-4.0.6-5.8mdk.i586.rpm
b6d1c7eee93643970e912a0068ea108e  1.0.1/RPMS/php-devel-4.0.6-5.8mdk.i586.rpm
d0db071e71527246c027d858627bd79a  1.0.1/SRPMS/php-4.0.6-5.8mdk.src.rpm

References

http://security.e-matters.de/advisories/012002.html

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer