Advisories
Mandriva Advisories
|
 |
| Problem Description |
A number of vulnerabilities are addressed in this PHP update:
Stefano Di Paolo discovered integer overflows in PHP's pack(),
unpack(), and shmop_write() functions which could allow a malicious
script to break out of safe mode and execute arbitray code with
privileges of the PHP interpreter (CAN-2004-1018; this was previously
fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151).
Stefan Esser discovered two safe mode bypasses which would allow
malicious scripts to circumvent path restrictions by using
virtual_popen() with a current directory containing shell meta-
characters (CAN-2004-1063) or by creating a specially crafted
directory whose length exceeded the capacity of realpath()
(CAN-2004-1064; both of these were previously fixed in Mandrakelinux
>= 10.0 in MDKSA-2004:151).
Two Denial of Service vulnerabilities were found in the getimagesize()
function which uses the format-specific internal functions
php_handle_iff() and php_handle_jpeg() which would get stuck in
infinite loops when certain (invalid) size parameters are read from
the image (CAN-2005-0524 and CAN-2005-0525).
An integer overflow was discovered in the exif_process_IFD_TAG()
function in PHP's EXIF module. EXIF tags with a specially crafted
"Image File Directory" (IFD) tag would cause a buffer overflow which
could be exploited to execute arbitrary code with the privileges of
the PHP server (CAN-2005-1042).
Another vulnerability in the EXIF module was also discovered where
headers with a large IFD nesting level would cause an unbound
recursion which would eventually overflow the stack and cause the
executed program to crash (CAN-2004-1043).
All of these issues are addressed in the Corporate Server 2.1 packages
and the last three issues for all other platforms, which had
previously included the first two issues but had not been mentioned
in MDKSA-2004:151.
| Updated Packages |
Mandrakelinux 10.0
f7d974aa23e07a33ffc28d24d57ae6d1 10.0/RPMS/libphp_common432-4.3.4-4.5.100mdk.i586.rpm 345a78284dee2a035f627e348e73923b 10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.i586.rpm 14a9a57cb05438a2b95ac47fa68755be 10.0/RPMS/php-cli-4.3.4-4.5.100mdk.i586.rpm 1d43beb4125253db8a9bdaaffec6abce 10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.i586.rpm 44a1aa8be7f1f56120568028d3cce0a0 10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
9651a95c09fef8db80f8d0455f1d4aae amd64/10.0/RPMS/lib64php_common432-4.3.4-4.5.100mdk.amd64.rpm d883ef32f7f60531cf2be850d5e9dcba amd64/10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.amd64.rpm 21f487c746312c589115e12b9ed0d13e amd64/10.0/RPMS/php-cli-4.3.4-4.5.100mdk.amd64.rpm 0a9e996779cc13cfa458c39aa6bf6472 amd64/10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.amd64.rpm 44a1aa8be7f1f56120568028d3cce0a0 amd64/10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm
Mandrakelinux 10.1
f75cb008b1eafcce1167f487fd0742ef 10.1/RPMS/libphp_common432-4.3.8-3.3.101mdk.i586.rpm 6522017c3e097f22a37f293d765f4141 10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.i586.rpm 4ba9ade6db11e4035f73ede36e361ad7 10.1/RPMS/php-cli-4.3.8-3.3.101mdk.i586.rpm 63d4d58bbc3a01b89c688660be399af0 10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.i586.rpm f4fe82b93cf84987b0787e297d5189de 10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
fb08286032f45020ecd96e07b0da51af x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.3.101mdk.x86_64.rpm e1ae8214e11a7e62e987cde10e53c609 x86_64/10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.x86_64.rpm 44c080a9d90e282da95b5d809e90df52 x86_64/10.1/RPMS/php-cli-4.3.8-3.3.101mdk.x86_64.rpm d23e51652be1cb62f4704a5c4fe4a7a9 x86_64/10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.x86_64.rpm f4fe82b93cf84987b0787e297d5189de x86_64/10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm
Corporate Server 2.1
f418349daa18087f1b2bd2d06d07a7d7 corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.i586.rpm f55f290333af492f34104d1821ece93d corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.i586.rpm ff25be7d53aa1f8efa1ac7ea06935c60 corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.i586.rpm 38a6771932090c0b49a495caa244047f corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.i586.rpm 57a79e60657b372524d7b8af3535cfe6 corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64
0459cb20800a58b6ee41fc6ac2dc55b2 x86_64/corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.x86_64.rpm 462186f5005cafbfe66dd99cb9110e30 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.x86_64.rpm 5f6c49093da250595d27917455fff5bd x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.x86_64.rpm 5fb114b6761fcd231cbbbfde6e41252d x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.x86_64.rpm 57a79e60657b372524d7b8af3535cfe6 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm
Corporate Server 3.0
eab4aa42fbd404630d0eb350ea17efd1 corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm 3138545d861d0c28acc81f77424e95c5 corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm b26d65545512c6698cfb5d3280961677 corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm 6bfa6303f2f8a52c963f9df4bf59c639 corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm 9f017d501ff162d276b0e2832468a5c8 corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm
Corporate Server 3.0/X86_64
eab4aa42fbd404630d0eb350ea17efd1 x86_64/corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm 3138545d861d0c28acc81f77424e95c5 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm b26d65545512c6698cfb5d3280961677 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm 6bfa6303f2f8a52c963f9df4bf59c639 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm 9f017d501ff162d276b0e2832468a5c8 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm
Mandriva Linux LE2005
cc1f7f17fdcaf8dc87efcad94a241eca 10.2/RPMS/libphp_common432-4.3.10-7.1.102mdk.i586.rpm 3655f4254ca1ee329462e1f744533ed2 10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.i586.rpm a6084914e21c0a5873d5b94bb914411f 10.2/RPMS/php-cli-4.3.10-7.1.102mdk.i586.rpm 41a0168e7a2fdb581b59e5550c02418f 10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.i586.rpm 2e3bf475cc0a73a2402d487e1bcaa741 10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
17130ea081a475bebce9ef1f4ea89c22 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.1.102mdk.x86_64.rpm 5b9712e9d2b3709243080eefe5f36037 x86_64/10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.x86_64.rpm 6e77ec1f4a00e757e9144c798f86b465 x86_64/10.2/RPMS/php-cli-4.3.10-7.1.102mdk.x86_64.rpm f55fc2c228f012266c55e830cc858698 x86_64/10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.x86_64.rpm 2e3bf475cc0a73a2402d487e1bcaa741 x86_64/10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.