full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2009:022 ] php

[Full-disclosure] [ MDVSA-2009:022 ] php

From: <security_at_nospam>
Date: Wed Jan 21 2009 - 23:34:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2009:022  http://www.mandriva.com/security/
Package : php Date : January 21, 2009 Affected: 2008.0
_______________________________________________________________________

 Problem Description:

 A vulnerability in PHP allowed context-dependent attackers to cause  a denial of service (crash) via a certain long string in the glob()  or fnmatch() functions (CVE-2007-4782).  

 A vulnerability in the cURL library in PHP allowed context-dependent  attackers to bypass safe_mode and open_basedir restrictions and read  arbitrary files using a special URL request (CVE-2007-4850).  

 An integer overflow in PHP allowed context-dependent attackers to  cause a denial of serivce via a special printf() format parameter  (CVE-2008-1384).    A stack-based buffer overflow in the FastCGI SAPI in PHP has unknown  impact and attack vectors (CVE-2008-2050).  

 A buffer overflow in the imageloadfont() function in PHP allowed  context-dependent attackers to cause a denial of service (crash)  and potentially execute arbitrary code via a crafted font file  (CVE-2008-3658).    A buffer overflow in the memnstr() function allowed context-dependent  attackers to cause a denial of service (crash) and potentially execute  arbitrary code via the delimiter argument to the explode() function  (CVE-2008-3659).    PHP, when used as a FastCGI module, allowed remote attackers to cause  a denial of service (crash) via a request with multiple dots preceding  the extension (CVE-2008-3660).  

 An array index error in the imageRotate() function in PHP allowed  context-dependent attackers to read the contents of arbitrary memory  locations via a crafted value of the third argument to the function  for an indexed image (CVE-2008-5498).  

 The updated packages have been patched to correct these issues.


 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
_______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0: 7a652c5161099a807eb67096c1904738 2008.0/i586/libphp5_common5-5.2.4-3.3mdv2008.0.i586.rpm e48275669ba1c1936e6adf0cfdfe9c37 2008.0/i586/php-bcmath-5.2.4-3.3mdv2008.0.i586.rpm 77bbce6d44ef33977caf61c8bf7acdd3 2008.0/i586/php-bz2-5.2.4-3.3mdv2008.0.i586.rpm 995177d832c1ebc80fb9272701471c57 2008.0/i586/php-calendar-5.2.4-3.3mdv2008.0.i586.rpm 7b088350c660056ef612fbd2a54682e8 2008.0/i586/php-cgi-5.2.4-3.3mdv2008.0.i586.rpm eb9bbe3de40891cf1f80790d607b2d0b 2008.0/i586/php-cli-5.2.4-3.3mdv2008.0.i586.rpm 631d10abbce8287e8a5b668b1b29de5f 2008.0/i586/php-ctype-5.2.4-3.3mdv2008.0.i586.rpm 9af5654306d2cf8c9904d5d796a7e473 2008.0/i586/php-curl-5.2.4-3.3mdv2008.0.i586.rpm 947b9d9e7096bebeff2cb6ebc73aac43 2008.0/i586/php-dba-5.2.4-3.3mdv2008.0.i586.rpm 31e7cb59ee851d12e1d5b978aa2091cf 2008.0/i586/php-dbase-5.2.4-3.3mdv2008.0.i586.rpm d6d198044d437ad5d30902676f13939e 2008.0/i586/php-devel-5.2.4-3.3mdv2008.0.i586.rpm bda8dd71c91f5940e8b22c93959e7720 2008.0/i586/php-dom-5.2.4-3.3mdv2008.0.i586.rpm 17de69302a54194ee76fa561ca8d0fe7 2008.0/i586/php-exif-5.2.4-3.3mdv2008.0.i586.rpm f4735d6bd86b617815e080ad729b7433 2008.0/i586/php-fcgi-5.2.4-3.3mdv2008.0.i586.rpm 9e2a645b0b121a4a4f9853b8863e10e4 2008.0/i586/php-filter-5.2.4-3.3mdv2008.0.i586.rpm 53670f7055d3cde333d9742030e3fd5b 2008.0/i586/php-ftp-5.2.4-3.3mdv2008.0.i586.rpm 46a7eb8f4a4d00c332e96e3bb0d31189 2008.0/i586/php-gd-5.2.4-3.3mdv2008.0.i586.rpm 7241fdefb6d2a5ea4eec96a18bf31ed2 2008.0/i586/php-gettext-5.2.4-3.3mdv2008.0.i586.rpm 62c52647488c0a7080001aaf462640f0 2008.0/i586/php-gmp-5.2.4-3.3mdv2008.0.i586.rpm 5941034e1f012edffbe1e5523adb17c8 2008.0/i586/php-hash-5.2.4-3.3mdv2008.0.i586.rpm 07372e866901555fab3152b7702afdc2 2008.0/i586/php-iconv-5.2.4-3.3mdv2008.0.i586.rpm da94c20e59e785a439ab728c2194f897 2008.0/i586/php-imap-5.2.4-3.3mdv2008.0.i586.rpm ad640383a672f2bda97a7c2f6f8d623c 2008.0/i586/php-json-5.2.4-3.3mdv2008.0.i586.rpm 793b27eaa0d344b83dd5de1628c5d3b0 2008.0/i586/php-ldap-5.2.4-3.3mdv2008.0.i586.rpm 5a1aeae14535d5493a9cbd1d5db34b50 2008.0/i586/php-mbstring-5.2.4-3.3mdv2008.0.i586.rpm 461333bd3c9a9107b542da36e88e951e 2008.0/i586/php-mcrypt-5.2.4-3.3mdv2008.0.i586.rpm 367150bc9718c4b7a022ab5bb076bd35 2008.0/i586/php-mhash-5.2.4-3.3mdv2008.0.i586.rpm 4c2ca88ed728a7d98e9c09b0fa2efd96 2008.0/i586/php-mime_magic-5.2.4-3.3mdv2008.0.i586.rpm aa755604d1444c522713f6d6c366b5bd 2008.0/i586/php-ming-5.2.4-3.3mdv2008.0.i586.rpm a676178533ac458dac1410eae8ea67da 2008.0/i586/php-mssql-5.2.4-3.3mdv2008.0.i586.rpm 593b42628393ee668b75b6f8622fa7b0 2008.0/i586/php-mysql-5.2.4-3.3mdv2008.0.i586.rpm aebff890814488282f7ea6a29c01d7a1 2008.0/i586/php-mysqli-5.2.4-3.3mdv2008.0.i586.rpm 6e315b85744911432ef40e914e2f41f5 2008.0/i586/php-ncurses-5.2.4-3.3mdv2008.0.i586.rpm a0cec0628667e13d26e89d6fc6541497 2008.0/i586/php-odbc-5.2.4-3.3mdv2008.0.i586.rpm 90b55faea598db1f6a5b9709e06fa71b 2008.0/i586/php-openssl-5.2.4-3.3mdv2008.0.i586.rpm 1ca2e330d6e20381a63c5bba97591ac9 2008.0/i586/php-pcntl-5.2.4-3.3mdv2008.0.i586.rpm 08f4d6146d3e26ef97a5015f1bf8b132 2008.0/i586/php-pdo-5.2.4-3.3mdv2008.0.i586.rpm 8e7f471066f4580cb373789ec27906c0 2008.0/i586/php-pdo_dblib-5.2.4-3.3mdv2008.0.i586.rpm e6f2baee019de6759ad3913b31439d3c 2008.0/i586/php-pdo_mysql-5.2.4-3.3mdv2008.0.i586.rpm 97ac80b266b67a4a9578a9dfc921c940 2008.0/i586/php-pdo_odbc-5.2.4-3.3mdv2008.0.i586.rpm 04cdad00191a250ce4b29a1c01fe3eef 2008.0/i586/php-pdo_pgsql-5.2.4-3.3mdv2008.0.i586.rpm 8944ef0d51c1db6d781151269cd1a3a4 2008.0/i586/php-pdo_sqlite-5.2.4-3.3mdv2008.0.i586.rpm 2b4f964b98d82e01ebcd1389b7b5cfd9 2008.0/i586/php-pgsql-5.2.4-3.3mdv2008.0.i586.rpm f378eede095e848f47dd2752d6d1d1ee 2008.0/i586/php-posix-5.2.4-3.3mdv2008.0.i586.rpm 8aa798c5a0b491f659c703f88299c7bb 2008.0/i586/php-pspell-5.2.4-3.3mdv2008.0.i586.rpm e651db4d7886759a2274354cb0afe020 2008.0/i586/php-readline-5.2.4-3.3mdv2008.0.i586.rpm cfe33d6e4bb79c7d0f8c9006207b894f 2008.0/i586/php-recode-5.2.4-3.3mdv2008.0.i586.rpm cffccd3024397701c9c2a449bae1471d 2008.0/i586/php-session-5.2.4-3.3mdv2008.0.i586.rpm deefc043ef2733636a537f22a851016e 2008.0/i586/php-shmop-5.2.4-3.3mdv2008.0.i586.rpm d2e3fd9852c298b807f4ac2831e7c0eb 2008.0/i586/php-simplexml-5.2.4-3.3mdv2008.0.i586.rpm ab317dd79631f92b22c56e89077798a1 2008.0/i586/php-snmp-5.2.4-3.3mdv2008.0.i586.rpm 7eb6e93e6da916103e72727493204a32 2008.0/i586/php-soap-5.2.4-3.3mdv2008.0.i586.rpm a14e42046640f7562eead57135d134c9 2008.0/i586/php-sockets-5.2.4-3.3mdv2008.0.i586.rpm 507f4f1d51c13ba5e65783d324760bb1 2008.0/i586/php-sqlite-5.2.4-3.3mdv2008.0.i586.rpm 528d87f5221deb269f2e7eba7c62b561 2008.0/i586/php-sysvmsg-5.2.4-3.3mdv2008.0.i586.rpm 2ae1cf711351a79e54d075a56baa803f 2008.0/i586/php-sysvsem-5.2.4-3.3mdv2008.0.i586.rpm 1f43453db03dfaa9a4ad6d75c8032fbf 2008.0/i586/php-sysvshm-5.2.4-3.3mdv2008.0.i586.rpm 99c765052a26be7b3c68cb3999d03301 2008.0/i586/php-tidy-5.2.4-3.3mdv2008.0.i586.rpm 568385e201d2e9c494132608374c67cb 2008.0/i586/php-tokenizer-5.2.4-3.3mdv2008.0.i586.rpm aa3d73e0f32f510134808c48e5730c28 2008.0/i586/php-wddx-5.2.4-3.3mdv2008.0.i586.rpm a8a7238a7bbb2c0458cee41764bf4167 2008.0/i586/php-xml-5.2.4-3.3mdv2008.0.i586.rpm 89dabad2ce9ff9e1330998e8171a7f76 2008.0/i586/php-xmlreader-5.2.4-3.3mdv2008.0.i586.rpm 2b973524ec6301282d9a6ebf943898bf 2008.0/i586/php-xmlrpc-5.2.4-3.3mdv2008.0.i586.rpm c019b015e1c7738b7c268bed9738a274 2008.0/i586/php-xmlwriter-5.2.4-3.3mdv2008.0.i586.rpm 444e7b7b981f842b0851159c2b60e3f2 2008.0/i586/php-xsl-5.2.4-3.3mdv2008.0.i586.rpm ac9ce0fd528f5b3f4ab671c48a35c588 2008.0/i586/php-zlib-5.2.4-3.3mdv2008.0.i586.rpm ecf0b17dd6998db1a0a7ece0f992db56 2008.0/SRPMS/php-5.2.4-3.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 89ba8b65286114fa3ce605c877f434ff 2008.0/x86_64/lib64php5_common5-5.2.4-3.3mdv2008.0.x86_64.rpm 0ff29b438923c6cdd74d373e7d2e4850 2008.0/x86_64/php-bcmath-5.2.4-3.3mdv2008.0.x86_64.rpm fb4fd6c767ab0efcf8fd8893dc218e00 2008.0/x86_64/php-bz2-5.2.4-3.3mdv2008.0.x86_64.rpm 8d100cf17c2d2b33c9d985294c2522a9 2008.0/x86_64/php-calendar-5.2.4-3.3mdv2008.0.x86_64.rpm 51735968841ed984937d8bbb129ec515 2008.0/x86_64/php-cgi-5.2.4-3.3mdv2008.0.x86_64.rpm 271b559fa4a5dff7654f908069a3aba8 2008.0/x86_64/php-cli-5.2.4-3.3mdv2008.0.x86_64.rpm 2558176bb0d83e12615764374359ed33 2008.0/x86_64/php-ctype-5.2.4-3.3mdv2008.0.x86_64.rpm e813815fb84332d469adc6d2a2cf52d9 2008.0/x86_64/php-curl-5.2.4-3.3mdv2008.0.x86_64.rpm 03be7783fbd67080a3ac7ac203e12d89 2008.0/x86_64/php-dba-5.2.4-3.3mdv2008.0.x86_64.rpm 48ea284238fa82d159fb665b950162fb 2008.0/x86_64/php-dbase-5.2.4-3.3mdv2008.0.x86_64.rpm 1b680313ae918dbd6d0605ceb1c37b83 2008.0/x86_64/php-devel-5.2.4-3.3mdv2008.0.x86_64.rpm fb9657c80f96d90af8cedb65d5fbc8af 2008.0/x86_64/php-dom-5.2.4-3.3mdv2008.0.x86_64.rpm badbfa62b773421cbbec3da18d368eaf 2008.0/x86_64/php-exif-5.2.4-3.3mdv2008.0.x86_64.rpm dd405943aa2f7073c00a3e1c0a305c4f 2008.0/x86_64/php-fcgi-5.2.4-3.3mdv2008.0.x86_64.rpm 1f240a39bbffab1b89df0af047c04ef9 2008.0/x86_64/php-filter-5.2.4-3.3mdv2008.0.x86_64.rpm 09f930a49b343b5686b9e1b906221f29 2008.0/x86_64/php-ftp-5.2.4-3.3mdv2008.0.x86_64.rpm cee4006868185c9d1cccf0ae2764737a 2008.0/x86_64/php-gd-5.2.4-3.3mdv2008.0.x86_64.rpm 1f90f96d383ac9ff444648fac9706bdd 2008.0/x86_64/php-gettext-5.2.4-3.3mdv2008.0.x86_64.rpm 3b831a3789ec11c038f4fb0d08badd92 2008.0/x86_64/php-gmp-5.2.4-3.3mdv2008.0.x86_64.rpm 6c79f8f172d84c278719fd78edb9e8bf 2008.0/x86_64/php-hash-5.2.4-3.3mdv2008.0.x86_64.rpm c78688c8a299337f48708e49fb642f35 2008.0/x86_64/php-iconv-5.2.4-3.3mdv2008.0.x86_64.rpm cdca33614db11df4d28c195b9e0c2d1b 2008.0/x86_64/php-imap-5.2.4-3.3mdv2008.0.x86_64.rpm 42827e2ff517d47d340d134b482956cc 2008.0/x86_64/php-json-5.2.4-3.3mdv2008.0.x86_64.rpm 47b84f7a9c064edec70862dcd62407c2 2008.0/x86_64/php-ldap-5.2.4-3.3mdv2008.0.x86_64.rpm 7eb75ae9d26308c1f047da264195e0bc 2008.0/x86_64/php-mbstring-5.2.4-3.3mdv2008.0.x86_64.rpm ca8404c82e14b76f34505441d7993756 2008.0/x86_64/php-mcrypt-5.2.4-3.3mdv2008.0.x86_64.rpm 137d94b0bc22b2e3269b69afb2521bc8 2008.0/x86_64/php-mhash-5.2.4-3.3mdv2008.0.x86_64.rpm 244873acdf03db7e75960dfe7410406a 2008.0/x86_64/php-mime_magic-5.2.4-3.3mdv2008.0.x86_64.rpm 3cb0ed9c97f740b776365e7ee71c2af2 2008.0/x86_64/php-ming-5.2.4-3.3mdv2008.0.x86_64.rpm 1cb62b1372b16ad4ebe32f31f9e6b7f9 2008.0/x86_64/php-mssql-5.2.4-3.3mdv2008.0.x86_64.rpm 9de3e8c8158818bd10e6131c5cb07dd5 2008.0/x86_64/php-mysql-5.2.4-3.3mdv2008.0.x86_64.rpm 9cc32cd7dd1be8ec371f9d1bb71b686e 2008.0/x86_64/php-mysqli-5.2.4-3.3mdv2008.0.x86_64.rpm 944bfc97936ff94f6f844e0cbd0dd95a 2008.0/x86_64/php-ncurses-5.2.4-3.3mdv2008.0.x86_64.rpm 4760b4ab342f44ac87c7f2da54410c0e 2008.0/x86_64/php-odbc-5.2.4-3.3mdv2008.0.x86_64.rpm 3829b2387029cb3a19b2a2636623f2fa 2008.0/x86_64/php-openssl-5.2.4-3.3mdv2008.0.x86_64.rpm 62e1e8f8b40e2a8221ea794d9c2b6b5d 2008.0/x86_64/php-pcntl-5.2.4-3.3mdv2008.0.x86_64.rpm 025965d8df8de7590c8f0d8d4108be78 2008.0/x86_64/php-pdo-5.2.4-3.3mdv2008.0.x86_64.rpm 2868838706493b2a44f599482fb1d651 2008.0/x86_64/php-pdo_dblib-5.2.4-3.3mdv2008.0.x86_64.rpm bd8fe64ddc3ff3600126514157b9e511 2008.0/x86_64/php-pdo_mysql-5.2.4-3.3mdv2008.0.x86_64.rpm 876f1ad50e59fe4a27860b1dcf6afced 2008.0/x86_64/php-pdo_odbc-5.2.4-3.3mdv2008.0.x86_64.rpm e0e86de461e6da0c154cd8408ba7ff2b 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm 9a90b3d24a4f6acb8142563869c92d69 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm 1139217457e537a2ea3e28ef7b7b8f39 2008.0/x86_64/php-pgsql-5.2.4-3.3mdv2008.0.x86_64.rpm 31377cffd512f021df688f168fa70565 2008.0/x86_64/php-posix-5.2.4-3.3mdv2008.0.x86_64.rpm 12a6e43f9413d93f582582ba5c8cc0d2 2008.0/x86_64/php-pspell-5.2.4-3.3mdv2008.0.x86_64.rpm e257dec42f74358db7ca58d5cc1d524b 2008.0/x86_64/php-readline-5.2.4-3.3mdv2008.0.x86_64.rpm 6cacff3a4b0a61e60e4ad11ebdafc7bf 2008.0/x86_64/php-recode-5.2.4-3.3mdv2008.0.x86_64.rpm 025d4d90a09d6de4836dc45228cff6e7 2008.0/x86_64/php-session-5.2.4-3.3mdv2008.0.x86_64.rpm 908e4379581b86d83d9139879084eb33 2008.0/x86_64/php-shmop-5.2.4-3.3mdv2008.0.x86_64.rpm c18c8de8b1629ec5cd2f51bf4e17e817 2008.0/x86_64/php-simplexml-5.2.4-3.3mdv2008.0.x86_64.rpm dd8b061f27acae1a7371d8aed868ba23 2008.0/x86_64/php-snmp-5.2.4-3.3mdv2008.0.x86_64.rpm 3bb622cd884b6712cd7974f88e88a90b 2008.0/x86_64/php-soap-5.2.4-3.3mdv2008.0.x86_64.rpm 79373a824e2a4a7a0bc900532a1e2801 2008.0/x86_64/php-sockets-5.2.4-3.3mdv2008.0.x86_64.rpm 5d73d8283b43e69d77396f8f01be8bf3 2008.0/x86_64/php-sqlite-5.2.4-3.3mdv2008.0.x86_64.rpm 0b2e447aca5263291991c2da1cadd536 2008.0/x86_64/php-sysvmsg-5.2.4-3.3mdv2008.0.x86_64.rpm 509468b4dbd2935e05e800d9bae37874 2008.0/x86_64/php-sysvsem-5.2.4-3.3mdv2008.0.x86_64.rpm 1324a045c8e5d05ceb954bc8005fce9e 2008.0/x86_64/php-sysvshm-5.2.4-3.3mdv2008.0.x86_64.rpm 832fc2acd82c4cb5806f5c5b6ec31086 2008.0/x86_64/php-tidy-5.2.4-3.3mdv2008.0.x86_64.rpm a026d9e7a62e9a8064ccb34f7bc73e38 2008.0/x86_64/php-tokenizer-5.2.4-3.3mdv2008.0.x86_64.rpm 73b8df410ab637a3349adb520e7ddd2b 2008.0/x86_64/php-wddx-5.2.4-3.3mdv2008.0.x86_64.rpm 35f6c8e61e68c94c7582084b55673c65 2008.0/x86_64/php-xml-5.2.4-3.3mdv2008.0.x86_64.rpm 117931585f5d3457fad1b924286a34b4 2008.0/x86_64/php-xmlreader-5.2.4-3.3mdv2008.0.x86_64.rpm 86d4fc9df8514fede7924268cc87cf69 2008.0/x86_64/php-xmlrpc-5.2.4-3.3mdv2008.0.x86_64.rpm 062ee98ab5ce0675e98adee65131f3f4 2008.0/x86_64/php-xmlwriter-5.2.4-3.3mdv2008.0.x86_64.rpm 9cad5ac838e1f0f67c55702d4df50c30 2008.0/x86_64/php-xsl-5.2.4-3.3mdv2008.0.x86_64.rpm 525169a83f9850cbcd3903af389def55 2008.0/x86_64/php-zlib-5.2.4-3.3mdv2008.0.x86_64.rpm ecf0b17dd6998db1a0a7ece0f992db56 2008.0/SRPMS/php-5.2.4-3.3mdv2008.0.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJd4VZmqjQ0CJFipgRAqRGAJ9QJxYLp5zE2eOo9WQZ3OkzB4CeWACg9aLi A2E6w1lLiqFmL7RnEdjkypY=
=5YNA
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/