Advisories

Mandriva Advisories

Package name	php
Date	August 21st, 2006
Advisory ID	MDKSA-2006:144
Affected versions	CS3.0, MNF2.0, 2006.0
Synopsis	Updated php packages fix vulnerability

Problem Description

A vulnerability was discovered in the sscanf function that could allow
attackers in certain circumstances to execute arbitrary code via
argument swapping which incremented an index past the end of an array
and triggered a buffer over-read.

Updated packages have been patched to correct these issues.

Updated Packages

Corporate Server 3.0

 e78d38e4f23349aef5fd8fb0ce21f9ed  corporate/3.0/RPMS/libphp_common432-4.3.4-4.19.C30mdk.i586.rpm
 e02ce53ce1a53d1d2868c7751bfdb4e5  corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.i586.rpm
 f911c1968c8c4600e304da4cbf6cd91b  corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.i586.rpm
 1555db6b00d118207bb07ef987dea7d0  corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.i586.rpm
 cac345df4a30ed6668aae005b88c5469  corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 1af2ab4b349ba0e751716a915b2da80c  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.19.C30mdk.x86_64.rpm
 ba056de7a5bc14e1d013b64bd83cd765  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.x86_64.rpm
 d15a90260a0b2d0a5b9c3d5a24e18b93  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.x86_64.rpm
 ab47db1054598cd47994044be0d58f2a  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.x86_64.rpm
 cac345df4a30ed6668aae005b88c5469  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

Multi Network Firewall 2.0

 c148d89f0bf1c0f6079fe83ef6718402  mnf/2.0/RPMS/libphp_common432-4.3.4-4.19.M20mdk.i586.rpm
 1697ade79fd11a329c68b3ed525facf5  mnf/2.0/RPMS/php432-devel-4.3.4-4.19.M20mdk.i586.rpm
 f1085937ffe9b8f77cb9ce0d5f6f6e51  mnf/2.0/RPMS/php-cgi-4.3.4-4.19.M20mdk.i586.rpm
 85065b170be58a5d6b7248cef13e2404  mnf/2.0/RPMS/php-cli-4.3.4-4.19.M20mdk.i586.rpm
 80d16af425dc23129b0bf396344f83d5  mnf/2.0/SRPMS/php-4.3.4-4.19.M20mdk.src.rpm

Mandriva Linux 2006

 c4156de63b5b04c72129e275184c8589  2006.0/RPMS/libphp5_common5-5.0.4-9.13.20060mdk.i586.rpm
 d8a272fb6115fcb185bf273307cfa945  2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.i586.rpm
 1cdca894d3ec7810c031329bf9b022b5  2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.i586.rpm
 5729200eecf5a7e8e7113f4b43116723  2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.i586.rpm
 8fa33cfb6ccdd669f27ba1686db24fcd  2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.i586.rpm
 60462a513b931f23a15d7b4e6af9af90  2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 a05922ab7f687dbe9cd74b5546e2ec4f  x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.13.20060mdk.x86_64.rpm
 00599ac74cb16ef47988addae1a01e94  x86_64/2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.x86_64.rpm
 0b4ff38a92b2ddf41a25abe1155b6bb8  x86_64/2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.x86_64.rpm
 39eda4d79d65a2ce4f0f9b8d2f66414d  x86_64/2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.x86_64.rpm
 be71b05ae1fdb0a38bd5a5831cdb7b2f  x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.x86_64.rpm
 60462a513b931f23a15d7b4e6af9af90  x86_64/2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer