Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.
4ea99f4240ecfa30f2ade91fa5134f537e90a95ae74fc87ce3b6a0bdc94aad8f
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:022
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php
Date : January 21, 2009
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability in PHP allowed context-dependent attackers to cause
a denial of service (crash) via a certain long string in the glob()
or fnmatch() functions (CVE-2007-4782).
A vulnerability in the cURL library in PHP allowed context-dependent
attackers to bypass safe_mode and open_basedir restrictions and read
arbitrary files using a special URL request (CVE-2007-4850).
An integer overflow in PHP allowed context-dependent attackers to
cause a denial of serivce via a special printf() format parameter
(CVE-2008-1384).
A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown
impact and attack vectors (CVE-2008-2050).
A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).
A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
arbitrary code via the delimiter argument to the explode() function
(CVE-2008-3659).
PHP, when used as a FastCGI module, allowed remote attackers to cause
a denial of service (crash) via a request with multiple dots preceding
the extension (CVE-2008-3660).
An array index error in the imageRotate() function in PHP allowed
context-dependent attackers to read the contents of arbitrary memory
locations via a crafted value of the third argument to the function
for an indexed image (CVE-2008-5498).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
7a652c5161099a807eb67096c1904738 2008.0/i586/libphp5_common5-5.2.4-3.3mdv2008.0.i586.rpm
e48275669ba1c1936e6adf0cfdfe9c37 2008.0/i586/php-bcmath-5.2.4-3.3mdv2008.0.i586.rpm
77bbce6d44ef33977caf61c8bf7acdd3 2008.0/i586/php-bz2-5.2.4-3.3mdv2008.0.i586.rpm
995177d832c1ebc80fb9272701471c57 2008.0/i586/php-calendar-5.2.4-3.3mdv2008.0.i586.rpm
7b088350c660056ef612fbd2a54682e8 2008.0/i586/php-cgi-5.2.4-3.3mdv2008.0.i586.rpm
eb9bbe3de40891cf1f80790d607b2d0b 2008.0/i586/php-cli-5.2.4-3.3mdv2008.0.i586.rpm
631d10abbce8287e8a5b668b1b29de5f 2008.0/i586/php-ctype-5.2.4-3.3mdv2008.0.i586.rpm
9af5654306d2cf8c9904d5d796a7e473 2008.0/i586/php-curl-5.2.4-3.3mdv2008.0.i586.rpm
947b9d9e7096bebeff2cb6ebc73aac43 2008.0/i586/php-dba-5.2.4-3.3mdv2008.0.i586.rpm
31e7cb59ee851d12e1d5b978aa2091cf 2008.0/i586/php-dbase-5.2.4-3.3mdv2008.0.i586.rpm
d6d198044d437ad5d30902676f13939e 2008.0/i586/php-devel-5.2.4-3.3mdv2008.0.i586.rpm
bda8dd71c91f5940e8b22c93959e7720 2008.0/i586/php-dom-5.2.4-3.3mdv2008.0.i586.rpm
17de69302a54194ee76fa561ca8d0fe7 2008.0/i586/php-exif-5.2.4-3.3mdv2008.0.i586.rpm
f4735d6bd86b617815e080ad729b7433 2008.0/i586/php-fcgi-5.2.4-3.3mdv2008.0.i586.rpm
9e2a645b0b121a4a4f9853b8863e10e4 2008.0/i586/php-filter-5.2.4-3.3mdv2008.0.i586.rpm
53670f7055d3cde333d9742030e3fd5b 2008.0/i586/php-ftp-5.2.4-3.3mdv2008.0.i586.rpm
46a7eb8f4a4d00c332e96e3bb0d31189 2008.0/i586/php-gd-5.2.4-3.3mdv2008.0.i586.rpm
7241fdefb6d2a5ea4eec96a18bf31ed2 2008.0/i586/php-gettext-5.2.4-3.3mdv2008.0.i586.rpm
62c52647488c0a7080001aaf462640f0 2008.0/i586/php-gmp-5.2.4-3.3mdv2008.0.i586.rpm
5941034e1f012edffbe1e5523adb17c8 2008.0/i586/php-hash-5.2.4-3.3mdv2008.0.i586.rpm
07372e866901555fab3152b7702afdc2 2008.0/i586/php-iconv-5.2.4-3.3mdv2008.0.i586.rpm
da94c20e59e785a439ab728c2194f897 2008.0/i586/php-imap-5.2.4-3.3mdv2008.0.i586.rpm
ad640383a672f2bda97a7c2f6f8d623c 2008.0/i586/php-json-5.2.4-3.3mdv2008.0.i586.rpm
793b27eaa0d344b83dd5de1628c5d3b0 2008.0/i586/php-ldap-5.2.4-3.3mdv2008.0.i586.rpm
5a1aeae14535d5493a9cbd1d5db34b50 2008.0/i586/php-mbstring-5.2.4-3.3mdv2008.0.i586.rpm
461333bd3c9a9107b542da36e88e951e 2008.0/i586/php-mcrypt-5.2.4-3.3mdv2008.0.i586.rpm
367150bc9718c4b7a022ab5bb076bd35 2008.0/i586/php-mhash-5.2.4-3.3mdv2008.0.i586.rpm
4c2ca88ed728a7d98e9c09b0fa2efd96 2008.0/i586/php-mime_magic-5.2.4-3.3mdv2008.0.i586.rpm
aa755604d1444c522713f6d6c366b5bd 2008.0/i586/php-ming-5.2.4-3.3mdv2008.0.i586.rpm
a676178533ac458dac1410eae8ea67da 2008.0/i586/php-mssql-5.2.4-3.3mdv2008.0.i586.rpm
593b42628393ee668b75b6f8622fa7b0 2008.0/i586/php-mysql-5.2.4-3.3mdv2008.0.i586.rpm
aebff890814488282f7ea6a29c01d7a1 2008.0/i586/php-mysqli-5.2.4-3.3mdv2008.0.i586.rpm
6e315b85744911432ef40e914e2f41f5 2008.0/i586/php-ncurses-5.2.4-3.3mdv2008.0.i586.rpm
a0cec0628667e13d26e89d6fc6541497 2008.0/i586/php-odbc-5.2.4-3.3mdv2008.0.i586.rpm
90b55faea598db1f6a5b9709e06fa71b 2008.0/i586/php-openssl-5.2.4-3.3mdv2008.0.i586.rpm
1ca2e330d6e20381a63c5bba97591ac9 2008.0/i586/php-pcntl-5.2.4-3.3mdv2008.0.i586.rpm
08f4d6146d3e26ef97a5015f1bf8b132 2008.0/i586/php-pdo-5.2.4-3.3mdv2008.0.i586.rpm
8e7f471066f4580cb373789ec27906c0 2008.0/i586/php-pdo_dblib-5.2.4-3.3mdv2008.0.i586.rpm
e6f2baee019de6759ad3913b31439d3c 2008.0/i586/php-pdo_mysql-5.2.4-3.3mdv2008.0.i586.rpm
97ac80b266b67a4a9578a9dfc921c940 2008.0/i586/php-pdo_odbc-5.2.4-3.3mdv2008.0.i586.rpm
04cdad00191a250ce4b29a1c01fe3eef 2008.0/i586/php-pdo_pgsql-5.2.4-3.3mdv2008.0.i586.rpm
8944ef0d51c1db6d781151269cd1a3a4 2008.0/i586/php-pdo_sqlite-5.2.4-3.3mdv2008.0.i586.rpm
2b4f964b98d82e01ebcd1389b7b5cfd9 2008.0/i586/php-pgsql-5.2.4-3.3mdv2008.0.i586.rpm
f378eede095e848f47dd2752d6d1d1ee 2008.0/i586/php-posix-5.2.4-3.3mdv2008.0.i586.rpm
8aa798c5a0b491f659c703f88299c7bb 2008.0/i586/php-pspell-5.2.4-3.3mdv2008.0.i586.rpm
e651db4d7886759a2274354cb0afe020 2008.0/i586/php-readline-5.2.4-3.3mdv2008.0.i586.rpm
cfe33d6e4bb79c7d0f8c9006207b894f 2008.0/i586/php-recode-5.2.4-3.3mdv2008.0.i586.rpm
cffccd3024397701c9c2a449bae1471d 2008.0/i586/php-session-5.2.4-3.3mdv2008.0.i586.rpm
deefc043ef2733636a537f22a851016e 2008.0/i586/php-shmop-5.2.4-3.3mdv2008.0.i586.rpm
d2e3fd9852c298b807f4ac2831e7c0eb 2008.0/i586/php-simplexml-5.2.4-3.3mdv2008.0.i586.rpm
ab317dd79631f92b22c56e89077798a1 2008.0/i586/php-snmp-5.2.4-3.3mdv2008.0.i586.rpm
7eb6e93e6da916103e72727493204a32 2008.0/i586/php-soap-5.2.4-3.3mdv2008.0.i586.rpm
a14e42046640f7562eead57135d134c9 2008.0/i586/php-sockets-5.2.4-3.3mdv2008.0.i586.rpm
507f4f1d51c13ba5e65783d324760bb1 2008.0/i586/php-sqlite-5.2.4-3.3mdv2008.0.i586.rpm
528d87f5221deb269f2e7eba7c62b561 2008.0/i586/php-sysvmsg-5.2.4-3.3mdv2008.0.i586.rpm
2ae1cf711351a79e54d075a56baa803f 2008.0/i586/php-sysvsem-5.2.4-3.3mdv2008.0.i586.rpm
1f43453db03dfaa9a4ad6d75c8032fbf 2008.0/i586/php-sysvshm-5.2.4-3.3mdv2008.0.i586.rpm
99c765052a26be7b3c68cb3999d03301 2008.0/i586/php-tidy-5.2.4-3.3mdv2008.0.i586.rpm
568385e201d2e9c494132608374c67cb 2008.0/i586/php-tokenizer-5.2.4-3.3mdv2008.0.i586.rpm
aa3d73e0f32f510134808c48e5730c28 2008.0/i586/php-wddx-5.2.4-3.3mdv2008.0.i586.rpm
a8a7238a7bbb2c0458cee41764bf4167 2008.0/i586/php-xml-5.2.4-3.3mdv2008.0.i586.rpm
89dabad2ce9ff9e1330998e8171a7f76 2008.0/i586/php-xmlreader-5.2.4-3.3mdv2008.0.i586.rpm
2b973524ec6301282d9a6ebf943898bf 2008.0/i586/php-xmlrpc-5.2.4-3.3mdv2008.0.i586.rpm
c019b015e1c7738b7c268bed9738a274 2008.0/i586/php-xmlwriter-5.2.4-3.3mdv2008.0.i586.rpm
444e7b7b981f842b0851159c2b60e3f2 2008.0/i586/php-xsl-5.2.4-3.3mdv2008.0.i586.rpm
ac9ce0fd528f5b3f4ab671c48a35c588 2008.0/i586/php-zlib-5.2.4-3.3mdv2008.0.i586.rpm
ecf0b17dd6998db1a0a7ece0f992db56 2008.0/SRPMS/php-5.2.4-3.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
89ba8b65286114fa3ce605c877f434ff 2008.0/x86_64/lib64php5_common5-5.2.4-3.3mdv2008.0.x86_64.rpm
0ff29b438923c6cdd74d373e7d2e4850 2008.0/x86_64/php-bcmath-5.2.4-3.3mdv2008.0.x86_64.rpm
fb4fd6c767ab0efcf8fd8893dc218e00 2008.0/x86_64/php-bz2-5.2.4-3.3mdv2008.0.x86_64.rpm
8d100cf17c2d2b33c9d985294c2522a9 2008.0/x86_64/php-calendar-5.2.4-3.3mdv2008.0.x86_64.rpm
51735968841ed984937d8bbb129ec515 2008.0/x86_64/php-cgi-5.2.4-3.3mdv2008.0.x86_64.rpm
271b559fa4a5dff7654f908069a3aba8 2008.0/x86_64/php-cli-5.2.4-3.3mdv2008.0.x86_64.rpm
2558176bb0d83e12615764374359ed33 2008.0/x86_64/php-ctype-5.2.4-3.3mdv2008.0.x86_64.rpm
e813815fb84332d469adc6d2a2cf52d9 2008.0/x86_64/php-curl-5.2.4-3.3mdv2008.0.x86_64.rpm
03be7783fbd67080a3ac7ac203e12d89 2008.0/x86_64/php-dba-5.2.4-3.3mdv2008.0.x86_64.rpm
48ea284238fa82d159fb665b950162fb 2008.0/x86_64/php-dbase-5.2.4-3.3mdv2008.0.x86_64.rpm
1b680313ae918dbd6d0605ceb1c37b83 2008.0/x86_64/php-devel-5.2.4-3.3mdv2008.0.x86_64.rpm
fb9657c80f96d90af8cedb65d5fbc8af 2008.0/x86_64/php-dom-5.2.4-3.3mdv2008.0.x86_64.rpm
badbfa62b773421cbbec3da18d368eaf 2008.0/x86_64/php-exif-5.2.4-3.3mdv2008.0.x86_64.rpm
dd405943aa2f7073c00a3e1c0a305c4f 2008.0/x86_64/php-fcgi-5.2.4-3.3mdv2008.0.x86_64.rpm
1f240a39bbffab1b89df0af047c04ef9 2008.0/x86_64/php-filter-5.2.4-3.3mdv2008.0.x86_64.rpm
09f930a49b343b5686b9e1b906221f29 2008.0/x86_64/php-ftp-5.2.4-3.3mdv2008.0.x86_64.rpm
cee4006868185c9d1cccf0ae2764737a 2008.0/x86_64/php-gd-5.2.4-3.3mdv2008.0.x86_64.rpm
1f90f96d383ac9ff444648fac9706bdd 2008.0/x86_64/php-gettext-5.2.4-3.3mdv2008.0.x86_64.rpm
3b831a3789ec11c038f4fb0d08badd92 2008.0/x86_64/php-gmp-5.2.4-3.3mdv2008.0.x86_64.rpm
6c79f8f172d84c278719fd78edb9e8bf 2008.0/x86_64/php-hash-5.2.4-3.3mdv2008.0.x86_64.rpm
c78688c8a299337f48708e49fb642f35 2008.0/x86_64/php-iconv-5.2.4-3.3mdv2008.0.x86_64.rpm
cdca33614db11df4d28c195b9e0c2d1b 2008.0/x86_64/php-imap-5.2.4-3.3mdv2008.0.x86_64.rpm
42827e2ff517d47d340d134b482956cc 2008.0/x86_64/php-json-5.2.4-3.3mdv2008.0.x86_64.rpm
47b84f7a9c064edec70862dcd62407c2 2008.0/x86_64/php-ldap-5.2.4-3.3mdv2008.0.x86_64.rpm
7eb75ae9d26308c1f047da264195e0bc 2008.0/x86_64/php-mbstring-5.2.4-3.3mdv2008.0.x86_64.rpm
ca8404c82e14b76f34505441d7993756 2008.0/x86_64/php-mcrypt-5.2.4-3.3mdv2008.0.x86_64.rpm
137d94b0bc22b2e3269b69afb2521bc8 2008.0/x86_64/php-mhash-5.2.4-3.3mdv2008.0.x86_64.rpm
244873acdf03db7e75960dfe7410406a 2008.0/x86_64/php-mime_magic-5.2.4-3.3mdv2008.0.x86_64.rpm
3cb0ed9c97f740b776365e7ee71c2af2 2008.0/x86_64/php-ming-5.2.4-3.3mdv2008.0.x86_64.rpm
1cb62b1372b16ad4ebe32f31f9e6b7f9 2008.0/x86_64/php-mssql-5.2.4-3.3mdv2008.0.x86_64.rpm
9de3e8c8158818bd10e6131c5cb07dd5 2008.0/x86_64/php-mysql-5.2.4-3.3mdv2008.0.x86_64.rpm
9cc32cd7dd1be8ec371f9d1bb71b686e 2008.0/x86_64/php-mysqli-5.2.4-3.3mdv2008.0.x86_64.rpm
944bfc97936ff94f6f844e0cbd0dd95a 2008.0/x86_64/php-ncurses-5.2.4-3.3mdv2008.0.x86_64.rpm
4760b4ab342f44ac87c7f2da54410c0e 2008.0/x86_64/php-odbc-5.2.4-3.3mdv2008.0.x86_64.rpm
3829b2387029cb3a19b2a2636623f2fa 2008.0/x86_64/php-openssl-5.2.4-3.3mdv2008.0.x86_64.rpm
62e1e8f8b40e2a8221ea794d9c2b6b5d 2008.0/x86_64/php-pcntl-5.2.4-3.3mdv2008.0.x86_64.rpm
025965d8df8de7590c8f0d8d4108be78 2008.0/x86_64/php-pdo-5.2.4-3.3mdv2008.0.x86_64.rpm
2868838706493b2a44f599482fb1d651 2008.0/x86_64/php-pdo_dblib-5.2.4-3.3mdv2008.0.x86_64.rpm
bd8fe64ddc3ff3600126514157b9e511 2008.0/x86_64/php-pdo_mysql-5.2.4-3.3mdv2008.0.x86_64.rpm
876f1ad50e59fe4a27860b1dcf6afced 2008.0/x86_64/php-pdo_odbc-5.2.4-3.3mdv2008.0.x86_64.rpm
e0e86de461e6da0c154cd8408ba7ff2b 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm
9a90b3d24a4f6acb8142563869c92d69 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm
1139217457e537a2ea3e28ef7b7b8f39 2008.0/x86_64/php-pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm
31377cffd512f021df688f168fa70565 2008.0/x86_64/php-posix-5.2.4-3.3mdv2008.0.x86_64.rpm
12a6e43f9413d93f582582ba5c8cc0d2 2008.0/x86_64/php-pspell-5.2.4-3.3mdv2008.0.x86_64.rpm
e257dec42f74358db7ca58d5cc1d524b 2008.0/x86_64/php-readline-5.2.4-3.3mdv2008.0.x86_64.rpm
6cacff3a4b0a61e60e4ad11ebdafc7bf 2008.0/x86_64/php-recode-5.2.4-3.3mdv2008.0.x86_64.rpm
025d4d90a09d6de4836dc45228cff6e7 2008.0/x86_64/php-session-5.2.4-3.3mdv2008.0.x86_64.rpm
908e4379581b86d83d9139879084eb33 2008.0/x86_64/php-shmop-5.2.4-3.3mdv2008.0.x86_64.rpm
c18c8de8b1629ec5cd2f51bf4e17e817 2008.0/x86_64/php-simplexml-5.2.4-3.3mdv2008.0.x86_64.rpm
dd8b061f27acae1a7371d8aed868ba23 2008.0/x86_64/php-snmp-5.2.4-3.3mdv2008.0.x86_64.rpm
3bb622cd884b6712cd7974f88e88a90b 2008.0/x86_64/php-soap-5.2.4-3.3mdv2008.0.x86_64.rpm
79373a824e2a4a7a0bc900532a1e2801 2008.0/x86_64/php-sockets-5.2.4-3.3mdv2008.0.x86_64.rpm
5d73d8283b43e69d77396f8f01be8bf3 2008.0/x86_64/php-sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm
0b2e447aca5263291991c2da1cadd536 2008.0/x86_64/php-sysvmsg-5.2.4-3.3mdv2008.0.x86_64.rpm
509468b4dbd2935e05e800d9bae37874 2008.0/x86_64/php-sysvsem-5.2.4-3.3mdv2008.0.x86_64.rpm
1324a045c8e5d05ceb954bc8005fce9e 2008.0/x86_64/php-sysvshm-5.2.4-3.3mdv2008.0.x86_64.rpm
832fc2acd82c4cb5806f5c5b6ec31086 2008.0/x86_64/php-tidy-5.2.4-3.3mdv2008.0.x86_64.rpm
a026d9e7a62e9a8064ccb34f7bc73e38 2008.0/x86_64/php-tokenizer-5.2.4-3.3mdv2008.0.x86_64.rpm
73b8df410ab637a3349adb520e7ddd2b 2008.0/x86_64/php-wddx-5.2.4-3.3mdv2008.0.x86_64.rpm
35f6c8e61e68c94c7582084b55673c65 2008.0/x86_64/php-xml-5.2.4-3.3mdv2008.0.x86_64.rpm
117931585f5d3457fad1b924286a34b4 2008.0/x86_64/php-xmlreader-5.2.4-3.3mdv2008.0.x86_64.rpm
86d4fc9df8514fede7924268cc87cf69 2008.0/x86_64/php-xmlrpc-5.2.4-3.3mdv2008.0.x86_64.rpm
062ee98ab5ce0675e98adee65131f3f4 2008.0/x86_64/php-xmlwriter-5.2.4-3.3mdv2008.0.x86_64.rpm
9cad5ac838e1f0f67c55702d4df50c30 2008.0/x86_64/php-xsl-5.2.4-3.3mdv2008.0.x86_64.rpm
525169a83f9850cbcd3903af389def55 2008.0/x86_64/php-zlib-5.2.4-3.3mdv2008.0.x86_64.rpm
ecf0b17dd6998db1a0a7ece0f992db56 2008.0/SRPMS/php-5.2.4-3.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJd4VZmqjQ0CJFipgRAqRGAJ9QJxYLp5zE2eOo9WQZ3OkzB4CeWACg9aLi
A2E6w1lLiqFmL7RnEdjkypY=
=5YNA
-----END PGP SIGNATURE-----