Advisories

Mandriva Advisories

Package name	php
Date	February 7th, 2006
Advisory ID	MDKSA-2006:035
Affected versions	10.1, CS3.0, MNF2.0, 10.2
Synopsis	Updated php packages fix vulnerability

Problem Description

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions via
unknown attack vectors.

The updated packages have been patched to correct this issue.

Updated Packages

Mandrakelinux 10.1

 73fb60b80de60eac15425466e59dca39  10.1/RPMS/libphp_common432-4.3.8-3.8.101mdk.i586.rpm
 b28919e0310bf29bf5866dae1ee16d98  10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.i586.rpm
 d83eaac3668f09924156f177cd15f201  10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.i586.rpm
 143fc214304a1c289fca9706a2a1c3a8  10.1/RPMS/php-cli-4.3.8-3.8.101mdk.i586.rpm
 78c983eccc5b8423c97ef382438b2e65  10.1/RPMS/php-gd-4.3.8-2.1.101mdk.i586.rpm
 677522c6ed558432f3dbf15616083610  10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
 aac1a54955e947f6c15c8b8059ae4181  10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 106d6d5ca6b8f39c392bd13ec1dc42d4  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.8.101mdk.x86_64.rpm
 b4c808eec06082b85642bb130f8415dc  x86_64/10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.x86_64.rpm
 471cb69b308907e438d462c99980dea0  x86_64/10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.x86_64.rpm
 553db3e91f87e7a515ac135e8d7f15f0  x86_64/10.1/RPMS/php-cli-4.3.8-3.8.101mdk.x86_64.rpm
 ec747cf48a3dad42141f27e44325033e  x86_64/10.1/RPMS/php-gd-4.3.8-2.1.101mdk.x86_64.rpm
 677522c6ed558432f3dbf15616083610  x86_64/10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
 aac1a54955e947f6c15c8b8059ae4181  x86_64/10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Corporate Server 3.0

 1980e0259fe7747380a824f8d22e6547  corporate/3.0/RPMS/libphp_common432-4.3.4-4.10.C30mdk.i586.rpm
 390c85972981566b353b594fe22197dc  corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.i586.rpm
 d9a49155ce3a80cdbc277f2412a13518  corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.i586.rpm
 d0cbbd7fb891a7541929c67aa0343df6  corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.i586.rpm
 238811f03e72ceecb0b91be525380cb9  corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.i586.rpm
 d54f4e12d35cedbef0f718170620ace4  corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
 c1a3d05a9501024102944e6820bc5501  corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 a8dce337033e676378664c0db6b469f7  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.10.C30mdk.x86_64.rpm
 c7b1cfd80cd506eff43f22b80aa75de6  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.x86_64.rpm
 1c5e085cb86ad4f7af6a0da6d05a1d62  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.x86_64.rpm
 9eec60e7a700c07da18b4f787ad3f58c  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.x86_64.rpm
 500eedf63f7cbccb7920a94e7959e7ac  x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.x86_64.rpm
 d54f4e12d35cedbef0f718170620ace4  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
 c1a3d05a9501024102944e6820bc5501  x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 505744d67c4a0d9d438eb59635a1b854  mnf/2.0/RPMS/libphp_common432-4.3.4-4.10.M20mdk.i586.rpm
 415fb09281493e6b5e262b8a919b2eb9  mnf/2.0/RPMS/php432-devel-4.3.4-4.10.M20mdk.i586.rpm
 71f1a80d1bf23652a8001a7e48fe139c  mnf/2.0/RPMS/php-cgi-4.3.4-4.10.M20mdk.i586.rpm
 5ad32b1fb9e6b12be629ea44168d5138  mnf/2.0/RPMS/php-cli-4.3.4-4.10.M20mdk.i586.rpm
 0b23cfbdff6ccd70f06cd3ab13813cb5  mnf/2.0/RPMS/php-gd-4.3.4-1.1.M20mdk.i586.rpm
 27c29e02d28e0aea1dadd7d149636b83  mnf/2.0/SRPMS/php-4.3.4-4.10.M20mdk.src.rpm
 ca1601d0a1fa257c8916715582a1df41  mnf/2.0/SRPMS/php-gd-4.3.4-1.1.M20mdk.src.rpm

Mandriva Linux LE2005

 13cf3adeda0a0cd1d0ccde575cbe63ec  10.2/RPMS/libphp_common432-4.3.10-7.6.102mdk.i586.rpm
 18302ef915b8f1b2245b9c0f79d574aa  10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.i586.rpm
 c58efdb3973bb63914463628936cf2db  10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.i586.rpm
 401059a0058df93d7b8567813b082b7e  10.2/RPMS/php-cli-4.3.10-7.6.102mdk.i586.rpm
 887e86064d91d133d3c98245b39335b3  10.2/RPMS/php-gd-4.3.10-5.1.102mdk.i586.rpm
 b677b123040f0279e39a047aa706a853  10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
 393e9bde7b571bc6aee17cf48929e0d5  10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 b457eff82dcedc940afda2b137dc9058  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.6.102mdk.x86_64.rpm
 6075916423066e4a026814cd38332528  x86_64/10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.x86_64.rpm
 4e1c918a571c85e3e4ce065edd249576  x86_64/10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.x86_64.rpm
 a222ddab3ffff21bcd82420fce7951da  x86_64/10.2/RPMS/php-cli-4.3.10-7.6.102mdk.x86_64.rpm
 ccf2d23979006f1f7bbc9d2a1efd6043  x86_64/10.2/RPMS/php-gd-4.3.10-5.1.102mdk.x86_64.rpm
 b677b123040f0279e39a047aa706a853  x86_64/10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
 393e9bde7b571bc6aee17cf48929e0d5  x86_64/10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer