-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:048 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : February 22, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A number of vulnerabilities were discovered in PHP language. Many buffer overflow flaws were discovered in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. An attacker able to use a PHP application using any of these functions could trigger these flaws and possibly execute arbitrary code as the apache user (CVE-2007-0906). A one-byte memory read will always occur prior to the beginning of a buffer, which could be triggered, for example, by any use of the header() function in a script (CVE-2007-0907). The wddx extension, if used to import WDDX data from an untrusted source, may allow a random portion of heap memory to be exposed due to certain WDDX input packets (CVE-2007-0908). The odbc_result_all() function, if used to display data from a database, and if the contents of the database are under the control of an attacker, could lead to the execution of arbitrary code due to a format string vulnerability (CVE-2007-0909). Several flaws in the PHP could allow attackers to clobber certain super-global variables via unspecified vectors (CVE-2007-0910). The zend_hash_init() function can be forced into an infinite loop if unserializing untrusted data on a 64-bit platform, resulting in the consumption of CPU resources until the script timeout alarm aborts the execution of the script (CVE-2007-0988). Updated package have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 14a536e0c07f48b553986725223f54dc 2006.0/i586/libphp5_common5-5.0.4-9.19.20060mdk.i586.rpm 762bc7a2f5500dca2eb7effdb96b6cf0 2006.0/i586/php-cgi-5.0.4-9.19.20060mdk.i586.rpm 3055c27939b2b6451872b39654c7564f 2006.0/i586/php-cli-5.0.4-9.19.20060mdk.i586.rpm 042909d1305a2ceeab45fa11fa4ff434 2006.0/i586/php-devel-5.0.4-9.19.20060mdk.i586.rpm 0bcc6a996a381e6d8ee7c5271bbea166 2006.0/i586/php-fcgi-5.0.4-9.19.20060mdk.i586.rpm 69bc4325439a8ee9ba99ed28af7ed0e2 2006.0/i586/php-imap-5.0.4-2.5.20060mdk.i586.rpm b9a273cc6b7b5e35efea231b27bbc2e5 2006.0/i586/php-odbc-5.0.4-1.1.20060mdk.i586.rpm 7b499c1b38392d556619692780ed41f4 2006.0/i586/php-session-5.0.4-1.1.20060mdk.i586.rpm 452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm 0ccd978c2b32e74087d237e334a46779 2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm d7549d0a1c8dd9a8989bbf2519d923fa 2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm 92abeadef4272b1e1dff61c956923d23 2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9e66a63f9b6a4694e3b6440afc4e0bd5 2006.0/x86_64/lib64php5_common5-5.0.4-9.19.20060mdk.x86_64.rpm a07a6011defb76f88eba66fc429221e3 2006.0/x86_64/php-cgi-5.0.4-9.19.20060mdk.x86_64.rpm 964d1e6c84a4a8b20fc5257435e64d6e 2006.0/x86_64/php-cli-5.0.4-9.19.20060mdk.x86_64.rpm a0b074323affacd0c3b26302bb791d0a 2006.0/x86_64/php-devel-5.0.4-9.19.20060mdk.x86_64.rpm 74f357e2b7db2b3c1d7e179ab9341b10 2006.0/x86_64/php-fcgi-5.0.4-9.19.20060mdk.x86_64.rpm 6bad08844fe2a99bd12defc982e75e5f 2006.0/x86_64/php-imap-5.0.4-2.5.20060mdk.x86_64.rpm 183f14e7c52ad0b14692661afd478e3c 2006.0/x86_64/php-odbc-5.0.4-1.1.20060mdk.x86_64.rpm f156370ad26f48adcc9fbdb17eb04db1 2006.0/x86_64/php-session-5.0.4-1.1.20060mdk.x86_64.rpm 452f887b5fcfb2e568ec904b708f611c 2006.0/SRPMS/php-5.0.4-9.19.20060mdk.src.rpm 0ccd978c2b32e74087d237e334a46779 2006.0/SRPMS/php-imap-5.0.4-2.5.20060mdk.src.rpm d7549d0a1c8dd9a8989bbf2519d923fa 2006.0/SRPMS/php-odbc-5.0.4-1.1.20060mdk.src.rpm 92abeadef4272b1e1dff61c956923d23 2006.0/SRPMS/php-session-5.0.4-1.1.20060mdk.src.rpm Mandriva Linux 2007.0: cf3ef7426074a91964ef0086459cc889 2007.0/i586/libphp5_common5-5.1.6-1.6mdv2007.0.i586.rpm 8567efb3d4d7a41bcfeecd1c0a3c64e5 2007.0/i586/php-cgi-5.1.6-1.6mdv2007.0.i586.rpm 675213bf0e797a294776da1bbcbddc69 2007.0/i586/php-cli-5.1.6-1.6mdv2007.0.i586.rpm 115be2e3b5ca6b285dd359374ab4cf5c 2007.0/i586/php-devel-5.1.6-1.6mdv2007.0.i586.rpm b3ca1cf50e10f01d57d9471baf5f330c 2007.0/i586/php-fcgi-5.1.6-1.6mdv2007.0.i586.rpm 40225dcc5e0e4293be737a5043436010 2007.0/i586/php-imap-5.1.6-1.1mdv2007.0.i586.rpm ba41c7d542423eb42539dc6ab3e2ac9f 2007.0/i586/php-odbc-5.1.6-1.1mdv2007.0.i586.rpm 639ede4d200b60c4164f396d6e215b69 2007.0/i586/php-session-5.1.6-1.1mdv2007.0.i586.rpm 0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm 7d90955ba0926450ae4d3fe854744f36 2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3 2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm 2959ad88632828e143d5ac98fae79a7b 2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 0f3a963e7808ed8be25e7b17544c0c05 2007.0/x86_64/lib64php5_common5-5.1.6-1.6mdv2007.0.x86_64.rpm b7bb612bfc0cb39bb5648dd0b7ea4d37 2007.0/x86_64/php-cgi-5.1.6-1.6mdv2007.0.x86_64.rpm c4b459dc63debe260e8f06d4260e30fd 2007.0/x86_64/php-cli-5.1.6-1.6mdv2007.0.x86_64.rpm 18534448cbe23231900e3da51333dc67 2007.0/x86_64/php-devel-5.1.6-1.6mdv2007.0.x86_64.rpm 6bbd4f1f6c4e060de408183798a2f312 2007.0/x86_64/php-fcgi-5.1.6-1.6mdv2007.0.x86_64.rpm b8c0a446c7fa433e0678e3e58effccab 2007.0/x86_64/php-imap-5.1.6-1.1mdv2007.0.x86_64.rpm f49bb567345c6728baf879e943e15002 2007.0/x86_64/php-odbc-5.1.6-1.1mdv2007.0.x86_64.rpm e60efa04d5b12f98a1c9800c8d3d4a21 2007.0/x86_64/php-session-5.1.6-1.1mdv2007.0.x86_64.rpm 0b6a180bef35c9b1945f8c6bd81d7106 2007.0/SRPMS/php-5.1.6-1.6mdv2007.0.src.rpm 7d90955ba0926450ae4d3fe854744f36 2007.0/SRPMS/php-imap-5.1.6-1.1mdv2007.0.src.rpm ed1c1f68a2ffc6d9fdaef4bf7ad7f9b3 2007.0/SRPMS/php-odbc-5.1.6-1.1mdv2007.0.src.rpm 2959ad88632828e143d5ac98fae79a7b 2007.0/SRPMS/php-session-5.1.6-1.1mdv2007.0.src.rpm Corporate 3.0: b976e6b9cadf8cf26eb00611b5b47274 corporate/3.0/i586/libphp_common432-4.3.4-4.24.C30mdk.i586.rpm 21a6ed462d981442f42aa22f4b2dc09b corporate/3.0/i586/php-cgi-4.3.4-4.24.C30mdk.i586.rpm 13515b3d016198d636d37abf967e5c20 corporate/3.0/i586/php-cli-4.3.4-4.24.C30mdk.i586.rpm ba84264eeab995355deab7c9323aedd1 corporate/3.0/i586/php-imap-4.3.4-1.5.C30mdk.i586.rpm 128dc7b4d3b2e925b7a0b1d850d0895a corporate/3.0/i586/php432-devel-4.3.4-4.24.C30mdk.i586.rpm 56f90fe0b8a96f6a6fe5bf0620cd4408 corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm 2ab806c5a8f696fdce5e4f1037e1404d corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm Corporate 3.0/X86_64: 8ccfdbf8075179e44035bb97f3e75d7d corporate/3.0/x86_64/lib64php_common432-4.3.4-4.24.C30mdk.x86_64.rpm 18b243d3ce9ea60777d66980280c37ba corporate/3.0/x86_64/php-cgi-4.3.4-4.24.C30mdk.x86_64.rpm 404152b4a6a773895b7eff209f1fb1d5 corporate/3.0/x86_64/php-cli-4.3.4-4.24.C30mdk.x86_64.rpm fdeb1accc67c123bace512c287a656c2 corporate/3.0/x86_64/php-imap-4.3.4-1.5.C30mdk.x86_64.rpm 14a01cc331d4ce489a8f9fdee3959c31 corporate/3.0/x86_64/php432-devel-4.3.4-4.24.C30mdk.x86_64.rpm 56f90fe0b8a96f6a6fe5bf0620cd4408 corporate/3.0/SRPMS/php-4.3.4-4.24.C30mdk.src.rpm 2ab806c5a8f696fdce5e4f1037e1404d corporate/3.0/SRPMS/php-imap-4.3.4-1.5.C30mdk.src.rpm Corporate 4.0: c509fc3368d31c1dca47d065b28f2fea corporate/4.0/i586/libphp4_common4-4.4.4-1.4.20060mlcs4.i586.rpm 4901007b7f7d98585f926c76692e3c3e corporate/4.0/i586/libphp5_common5-5.1.6-1.5.20060mlcs4.i586.rpm e3ffeda22f59f1f947acfeba34a9d23f corporate/4.0/i586/php-cgi-5.1.6-1.5.20060mlcs4.i586.rpm aecf1f88ba7c6e964f8f96a90cbf10c2 corporate/4.0/i586/php-cli-5.1.6-1.5.20060mlcs4.i586.rpm 39268f16090d55a4c969734263036be4 corporate/4.0/i586/php-devel-5.1.6-1.5.20060mlcs4.i586.rpm 3db35d86b2943802a54cc3272662e91c corporate/4.0/i586/php-fcgi-5.1.6-1.5.20060mlcs4.i586.rpm a8e96cedb24e719f32c83d5e6bc02e3e corporate/4.0/i586/php-imap-5.1.6-1.1.20060mlcs4.i586.rpm 169fef5a69d5d3c1b385d218ddaf68fd corporate/4.0/i586/php-odbc-5.1.6-1.1.20060mlcs4.i586.rpm d3191c857cee1b6ed1c9978d0eea5a8c corporate/4.0/i586/php-session-5.1.6-1.1.20060mlcs4.i586.rpm 58777631a4cc9b7f064b3eb41b773b60 corporate/4.0/i586/php-wddx-5.1.6-1.1.20060mlcs4.i586.rpm 981f2fe117ddd4a025b095bd98f988b6 corporate/4.0/i586/php4-cgi-4.4.4-1.4.20060mlcs4.i586.rpm d0845bd223c59cc23a487cc11822940c corporate/4.0/i586/php4-cli-4.4.4-1.4.20060mlcs4.i586.rpm ce46c6aa0f58d6b87392e0c7b471dc4b corporate/4.0/i586/php4-devel-4.4.4-1.4.20060mlcs4.i586.rpm cb618d8c7536749f010445b5f7c1ad5a corporate/4.0/i586/php4-imap-4.4.4-0.1.20060mlcs4.i586.rpm df7aa75f1bbdd6051f71d62692417b00 corporate/4.0/i586/php4-odbc-4.4.4-0.1.20060mlcs4.i586.rpm a5743e7b00125f3fbfc9815e5bedacfe corporate/4.0/i586/php4-wddx-4.4.4-0.1.20060mlcs4.i586.rpm b912cf9745221ccf19f08c9e9e6e9724 corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm 12771ab58ff701a26a3dff54e3cb757a corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm 3ac73928485a9d003f9ab410da73f496 corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm b6d3c63e004e44c8bef821d14e9dfb95 corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm c30202c77c1a1a5a8694536733b7efb3 corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm bc686b9f2bd178263c6e211c3781f0fb corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm 4ec41380503d039ba368e1b5a375042f corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm a151cddb0bb46bf5046091e9ee0683c1 corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm afa5569276637c92cfec4fca0b700434 corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm Corporate 4.0/X86_64: e2031a018eabe7291baa8f14e8aea201 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.4.20060mlcs4.x86_64.rpm 67e00f079636589757a192db88789be7 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.5.20060mlcs4.x86_64.rpm 9e8e832216178be8c5c6cf5a7b46011e corporate/4.0/x86_64/php-cgi-5.1.6-1.5.20060mlcs4.x86_64.rpm 0628d22b004b2948ca17dcfadac43e50 corporate/4.0/x86_64/php-cli-5.1.6-1.5.20060mlcs4.x86_64.rpm 6e5eeeef138b0ae9c458bf3756e551c3 corporate/4.0/x86_64/php-devel-5.1.6-1.5.20060mlcs4.x86_64.rpm 9af58850637ffed2b37ccfa0c881fb1f corporate/4.0/x86_64/php-fcgi-5.1.6-1.5.20060mlcs4.x86_64.rpm fbacfda0078e058d0a9c55b0951d7b22 corporate/4.0/x86_64/php-imap-5.1.6-1.1.20060mlcs4.x86_64.rpm 4d4dfb1e89ff5debd4734b09e18282db corporate/4.0/x86_64/php-odbc-5.1.6-1.1.20060mlcs4.x86_64.rpm e6cc37b9941ca1c010a83ecfeb80f5ff corporate/4.0/x86_64/php-session-5.1.6-1.1.20060mlcs4.x86_64.rpm bd9fce2e55b5445324c605eb739a811c corporate/4.0/x86_64/php-wddx-5.1.6-1.1.20060mlcs4.x86_64.rpm 6795c92d078f0a9a67abcc44fde3b6ee corporate/4.0/x86_64/php4-cgi-4.4.4-1.4.20060mlcs4.x86_64.rpm d6112d336c1d5bc101cc5a624177b38e corporate/4.0/x86_64/php4-cli-4.4.4-1.4.20060mlcs4.x86_64.rpm b5c7bd35a04a63839c9a43de0392ee29 corporate/4.0/x86_64/php4-devel-4.4.4-1.4.20060mlcs4.x86_64.rpm 94ae86a2e5b36059eba7f7385df0f79c corporate/4.0/x86_64/php4-imap-4.4.4-0.1.20060mlcs4.x86_64.rpm 17166588d6b6052e85f395e15fa6a942 corporate/4.0/x86_64/php4-odbc-4.4.4-0.1.20060mlcs4.x86_64.rpm de8d50be6e2bd6f6cdba304f003bcc24 corporate/4.0/x86_64/php4-wddx-4.4.4-0.1.20060mlcs4.x86_64.rpm b912cf9745221ccf19f08c9e9e6e9724 corporate/4.0/SRPMS/php-5.1.6-1.5.20060mlcs4.src.rpm 12771ab58ff701a26a3dff54e3cb757a corporate/4.0/SRPMS/php-imap-5.1.6-1.1.20060mlcs4.src.rpm 3ac73928485a9d003f9ab410da73f496 corporate/4.0/SRPMS/php-odbc-5.1.6-1.1.20060mlcs4.src.rpm b6d3c63e004e44c8bef821d14e9dfb95 corporate/4.0/SRPMS/php-session-5.1.6-1.1.20060mlcs4.src.rpm c30202c77c1a1a5a8694536733b7efb3 corporate/4.0/SRPMS/php-wddx-5.1.6-1.1.20060mlcs4.src.rpm bc686b9f2bd178263c6e211c3781f0fb corporate/4.0/SRPMS/php4-4.4.4-1.4.20060mlcs4.src.rpm 4ec41380503d039ba368e1b5a375042f corporate/4.0/SRPMS/php4-imap-4.4.4-0.1.20060mlcs4.src.rpm a151cddb0bb46bf5046091e9ee0683c1 corporate/4.0/SRPMS/php4-odbc-4.4.4-0.1.20060mlcs4.src.rpm afa5569276637c92cfec4fca0b700434 corporate/4.0/SRPMS/php4-wddx-4.4.4-0.1.20060mlcs4.src.rpm Multi Network Firewall 2.0: f67045828bb37de94a16410dd106c839 mnf/2.0/i586/libphp_common432-4.3.4-4.24.M20mdk.i586.rpm 6d6c9770470709db6c849baf1b79ed7c mnf/2.0/i586/php-cgi-4.3.4-4.24.M20mdk.i586.rpm f5f3a45ffa8c90a53f541dd575dcfde0 mnf/2.0/i586/php-cli-4.3.4-4.24.M20mdk.i586.rpm 7d8a49eb836d1f7b09afbb67dae77ef4 mnf/2.0/i586/php432-devel-4.3.4-4.24.M20mdk.i586.rpm 9ef4f5c1fd355320945faf7bb3904975 mnf/2.0/SRPMS/php-4.3.4-4.24.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF3lOTmqjQ0CJFipgRAsbpAKDURk8Q4U7KcvcsVpYlNbe8CwIiWQCgobiE w9pA+mlmA6RVi+gXsxvQWNc= =u9Od -----END PGP SIGNATURE-----
