Home > Security > Advisories


Mandriva Advisories

Package name php
Date February 19th, 2003
Advisory ID MDKSA-2003:019
Affected versions 9.0
Synopsis Updated php packages fix buffer overflow vulnerability

Problem Description

A buffer overflow was discovered in the wordwrap() function in versions
of PHP greater than 4.1.2 and less than 4.3.0. Under certain
circumstances, this buffer overflow can be used to overwite heap memory
and could potentially lead to remote system compromise.

Updated Packages

Mandrakelinux 9.0

 1dd1c88e1a9a4493a800367acc0bc64d  9.0/RPMS/php-4.2.3-1.1mdk.i586.rpm
00f26b98cf8ab7555b439df231a18359  9.0/RPMS/php-common-4.2.3-1.1mdk.i586.rpm
f333cd5d6bab04605b57de5b403d4f31  9.0/RPMS/php-devel-4.2.3-1.1mdk.i586.rpm
18ebac6f378d0f58e22bf9699af2f430  9.0/RPMS/php-pear-4.2.3-1.1mdk.i586.rpm
f0000512d2fa612c6a190bd25d22558d  9.0/SRPMS/php-4.2.3-1.1mdk.src.rpm




To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.