-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:144 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : August 21, 2006 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered in the sscanf function that could allow attackers in certain circumstances to execute arbitrary code via argument swapping which incremented an index past the end of an array and triggered a buffer over-read. Updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: c4156de63b5b04c72129e275184c8589 2006.0/RPMS/libphp5_common5-5.0.4-9.13.20060mdk.i586.rpm d8a272fb6115fcb185bf273307cfa945 2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.i586.rpm 1cdca894d3ec7810c031329bf9b022b5 2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.i586.rpm 5729200eecf5a7e8e7113f4b43116723 2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.i586.rpm 8fa33cfb6ccdd669f27ba1686db24fcd 2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.i586.rpm 60462a513b931f23a15d7b4e6af9af90 2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: a05922ab7f687dbe9cd74b5546e2ec4f x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.13.20060mdk.x86_64.rpm 00599ac74cb16ef47988addae1a01e94 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.x86_64.rpm 0b4ff38a92b2ddf41a25abe1155b6bb8 x86_64/2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.x86_64.rpm 39eda4d79d65a2ce4f0f9b8d2f66414d x86_64/2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.x86_64.rpm be71b05ae1fdb0a38bd5a5831cdb7b2f x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.x86_64.rpm 60462a513b931f23a15d7b4e6af9af90 x86_64/2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm Corporate 3.0: e78d38e4f23349aef5fd8fb0ce21f9ed corporate/3.0/RPMS/libphp_common432-4.3.4-4.19.C30mdk.i586.rpm e02ce53ce1a53d1d2868c7751bfdb4e5 corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.i586.rpm f911c1968c8c4600e304da4cbf6cd91b corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.i586.rpm 1555db6b00d118207bb07ef987dea7d0 corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.i586.rpm cac345df4a30ed6668aae005b88c5469 corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm Corporate 3.0/X86_64: 1af2ab4b349ba0e751716a915b2da80c x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.19.C30mdk.x86_64.rpm ba056de7a5bc14e1d013b64bd83cd765 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.x86_64.rpm d15a90260a0b2d0a5b9c3d5a24e18b93 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.x86_64.rpm ab47db1054598cd47994044be0d58f2a x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.x86_64.rpm cac345df4a30ed6668aae005b88c5469 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm Multi Network Firewall 2.0: c148d89f0bf1c0f6079fe83ef6718402 mnf/2.0/RPMS/libphp_common432-4.3.4-4.19.M20mdk.i586.rpm 1697ade79fd11a329c68b3ed525facf5 mnf/2.0/RPMS/php432-devel-4.3.4-4.19.M20mdk.i586.rpm f1085937ffe9b8f77cb9ce0d5f6f6e51 mnf/2.0/RPMS/php-cgi-4.3.4-4.19.M20mdk.i586.rpm 85065b170be58a5d6b7248cef13e2404 mnf/2.0/RPMS/php-cli-4.3.4-4.19.M20mdk.i586.rpm 80d16af425dc23129b0bf396344f83d5 mnf/2.0/SRPMS/php-4.3.4-4.19.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE6f+7mqjQ0CJFipgRAgO4AKCmZjvytxb9tyay3hAE/j1rL94SbgCgrwcv tfGZbize4boWnozuGCE0KRc= =umgx -----END PGP SIGNATURE-----
