-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:324 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : December 7, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function (CVE-2009-1271). - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files) (CVE-2009-2687). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293) The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information (CVE-2009-3546). The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments (CVE-2009-3557). The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file (CVE-2009-3558). PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive (CVE-2009-4017). The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable (CVE-2009-4018). The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file (CVE-2008-7068). The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates (CVE-2009-3291). Unspecified vulnerability in PHP before 5.2.11 has unknown impact and attack vectors related to missing sanity checks around exif processing. (CVE-2009-3292) Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect sanity check for the color index. (CVE-2009-3293). However in Mandriva we don't use the bundled libgd source in php per default, there is a unsupported package in contrib named php-gd-bundled that eventually will get updated to pickup these fixes. The php-suhosin package has been upgraded to 0.9.22 which has better support for apache vhosts. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 5907047cfe29f998d63770f4aca5ec2a 2008.0/i586/libphp5_common5-5.2.4-3.6mdv2008.0.i586.rpm 1f7bfda385fed3c55c8fb07690551865 2008.0/i586/php-bcmath-5.2.4-3.6mdv2008.0.i586.rpm 6103ec9ff3bc438bc3ce60d4d85fd575 2008.0/i586/php-bz2-5.2.4-3.6mdv2008.0.i586.rpm 8c193c3ef35058785fe1d1a78cab2e7a 2008.0/i586/php-calendar-5.2.4-3.6mdv2008.0.i586.rpm 2f29dbcad9a4e13d535ccc75f7b8c6f7 2008.0/i586/php-cgi-5.2.4-3.6mdv2008.0.i586.rpm e3c2014e10e71cdd48c1331a7b3bd525 2008.0/i586/php-cli-5.2.4-3.6mdv2008.0.i586.rpm 02907446a13ead038b9133458d26d392 2008.0/i586/php-ctype-5.2.4-3.6mdv2008.0.i586.rpm e48894dac1939e4f8f72fb6295f08f21 2008.0/i586/php-curl-5.2.4-3.6mdv2008.0.i586.rpm 73586cf4a3a9f5db8e2aed823ee89efc 2008.0/i586/php-dba-5.2.4-3.6mdv2008.0.i586.rpm d6f6fce7a4e63569f8ec150ffe0f2e08 2008.0/i586/php-dbase-5.2.4-3.6mdv2008.0.i586.rpm 6ff3d846c895b652bd18009741c413d0 2008.0/i586/php-devel-5.2.4-3.6mdv2008.0.i586.rpm a2bf35d2a2d7260b6cb0f9142796e3d0 2008.0/i586/php-dom-5.2.4-3.6mdv2008.0.i586.rpm 97988d1b2858359caf02b88e292a202f 2008.0/i586/php-exif-5.2.4-3.6mdv2008.0.i586.rpm afca816a2aea063110f49de6d4ce0cf0 2008.0/i586/php-fcgi-5.2.4-3.6mdv2008.0.i586.rpm d5ead4f15d565fcef2299c71eca53fa1 2008.0/i586/php-filter-5.2.4-3.6mdv2008.0.i586.rpm 43a0e32199483a3e526b2e0b79bcf381 2008.0/i586/php-ftp-5.2.4-3.6mdv2008.0.i586.rpm b579f9f9b881e5495241e36c72a0e2ca 2008.0/i586/php-gd-5.2.4-3.6mdv2008.0.i586.rpm 26b2a8b479f803d4d6830eef8c9db521 2008.0/i586/php-gettext-5.2.4-3.6mdv2008.0.i586.rpm d32b77fa02930b45f992b024432d99f9 2008.0/i586/php-gmp-5.2.4-3.6mdv2008.0.i586.rpm a9494fe2ece5abfa487c37ee6534ad28 2008.0/i586/php-hash-5.2.4-3.6mdv2008.0.i586.rpm 5bf5451524acc2017a43447d869e846b 2008.0/i586/php-iconv-5.2.4-3.6mdv2008.0.i586.rpm 51272381513f886eaf3215d1d8ad2972 2008.0/i586/php-imap-5.2.4-3.6mdv2008.0.i586.rpm 6386d86dadce9548081eab9ab093b8de 2008.0/i586/php-ini-5.2.4-1.1mdv2008.0.i586.rpm ccf426ac54125e0eb5485fb97f120d09 2008.0/i586/php-json-5.2.4-3.6mdv2008.0.i586.rpm eac3e437b3156924fe3b0b5d3feabfb9 2008.0/i586/php-ldap-5.2.4-3.6mdv2008.0.i586.rpm 034a5885a61d681882ecf042dc9cd2c8 2008.0/i586/php-mbstring-5.2.4-3.6mdv2008.0.i586.rpm 655e6362f4e341e2cf7927df002bdc0a 2008.0/i586/php-mcrypt-5.2.4-3.6mdv2008.0.i586.rpm 1029eef7d454166cdddd2158c74ca88a 2008.0/i586/php-mhash-5.2.4-3.6mdv2008.0.i586.rpm c3bd5844dcb7004b0a23aba2469e4ae6 2008.0/i586/php-mime_magic-5.2.4-3.6mdv2008.0.i586.rpm cf66700d148097ccded9e902d316aeaf 2008.0/i586/php-ming-5.2.4-3.6mdv2008.0.i586.rpm 7616e901d9d908379d8e5f1a739469c3 2008.0/i586/php-mssql-5.2.4-3.6mdv2008.0.i586.rpm 53dcfba286d9e0fe584108097a741759 2008.0/i586/php-mysql-5.2.4-3.6mdv2008.0.i586.rpm d0996f9e2800b22f2b125cb3dcd31240 2008.0/i586/php-mysqli-5.2.4-3.6mdv2008.0.i586.rpm b9b26675416526c4d352704adfd973c5 2008.0/i586/php-ncurses-5.2.4-3.6mdv2008.0.i586.rpm f07aa79ee6bfaecf1dfcf1bf100d329f 2008.0/i586/php-odbc-5.2.4-3.6mdv2008.0.i586.rpm 9907796af8f9b4a78399ec7324fc2015 2008.0/i586/php-openssl-5.2.4-3.6mdv2008.0.i586.rpm edccf367d4abc46d066de50e016f3806 2008.0/i586/php-pcntl-5.2.4-3.6mdv2008.0.i586.rpm 7851c13f51660d71eb6e10109e54e94b 2008.0/i586/php-pdo-5.2.4-3.6mdv2008.0.i586.rpm 7694dc30430f94fedb65d0db1ceebd02 2008.0/i586/php-pdo_dblib-5.2.4-3.6mdv2008.0.i586.rpm b6ba55716833809dd71133b506ba9dd6 2008.0/i586/php-pdo_mysql-5.2.4-3.6mdv2008.0.i586.rpm 7e1d0e394d9b36a05ebd49bd166e6ccb 2008.0/i586/php-pdo_odbc-5.2.4-3.6mdv2008.0.i586.rpm 013b944420b8077c56fabc0f719f08b9 2008.0/i586/php-pdo_pgsql-5.2.4-3.6mdv2008.0.i586.rpm 8766247aabe1de8abdc4c6b1f6ed0bfc 2008.0/i586/php-pdo_sqlite-5.2.4-3.6mdv2008.0.i586.rpm 2f44b6fa3160f950f164a54eee2c56cd 2008.0/i586/php-pgsql-5.2.4-3.6mdv2008.0.i586.rpm ded6268c8851484c83700ce4c32a26b1 2008.0/i586/php-posix-5.2.4-3.6mdv2008.0.i586.rpm 56238906a7cda39208cfecb7ae159d8d 2008.0/i586/php-pspell-5.2.4-3.6mdv2008.0.i586.rpm 0ef80d5c872ad32792afcbbea695e73d 2008.0/i586/php-readline-5.2.4-3.6mdv2008.0.i586.rpm caf2096220d7e0a095fcedc6df754fdf 2008.0/i586/php-recode-5.2.4-3.6mdv2008.0.i586.rpm 533762c6c29b1969a17638d385ba7ec7 2008.0/i586/php-session-5.2.4-3.6mdv2008.0.i586.rpm b2ead63fa58200c74c0597d03b663665 2008.0/i586/php-shmop-5.2.4-3.6mdv2008.0.i586.rpm 085e2bade0e2e0bc01c9d1c52ce43ab7 2008.0/i586/php-simplexml-5.2.4-3.6mdv2008.0.i586.rpm 6eeb0f613b8eca66e84ff24acc5c5009 2008.0/i586/php-snmp-5.2.4-3.6mdv2008.0.i586.rpm 8edb10e58bc7a9a178de437347eefb30 2008.0/i586/php-soap-5.2.4-3.6mdv2008.0.i586.rpm eaac2fd1a9d4dff5a5c514922d207d3e 2008.0/i586/php-sockets-5.2.4-3.6mdv2008.0.i586.rpm 8a35c913491bccb259c7fc114a6381dc 2008.0/i586/php-sqlite-5.2.4-3.6mdv2008.0.i586.rpm f04ceb5e1172d67e732b30ad23d34b8d 2008.0/i586/php-suhosin-0.9.22-1.1mdv2008.0.i586.rpm ab63afb995d9ea97518f7d1c335d76ba 2008.0/i586/php-sysvmsg-5.2.4-3.6mdv2008.0.i586.rpm f13e23535552b19714c2a6718611eae7 2008.0/i586/php-sysvsem-5.2.4-3.6mdv2008.0.i586.rpm 2993bf3e29b7d170130aef976531abe5 2008.0/i586/php-sysvshm-5.2.4-3.6mdv2008.0.i586.rpm f4a49d9aa9562129b5668f14010c277d 2008.0/i586/php-tidy-5.2.4-3.6mdv2008.0.i586.rpm facab5c2609bfcf62e50842d2f60a8ad 2008.0/i586/php-tokenizer-5.2.4-3.6mdv2008.0.i586.rpm dc2b8a1e689632404fce33902bb724ed 2008.0/i586/php-wddx-5.2.4-3.6mdv2008.0.i586.rpm 52be5a07d2ceb10aa8e132b3b43d6977 2008.0/i586/php-xml-5.2.4-3.6mdv2008.0.i586.rpm 6286257e7b4ef0b8cc6edd791e8545c3 2008.0/i586/php-xmlreader-5.2.4-3.6mdv2008.0.i586.rpm 65746be75e6d3f64439fa7b9f2f84c53 2008.0/i586/php-xmlrpc-5.2.4-3.6mdv2008.0.i586.rpm 9ce92dc33ca99b1b9b70a5fdeb5fd33d 2008.0/i586/php-xmlwriter-5.2.4-3.6mdv2008.0.i586.rpm 4924cd25998ae9dfbf9ac6c04d609510 2008.0/i586/php-xsl-5.2.4-3.6mdv2008.0.i586.rpm db3036de2be6962235e5a61e12020a3f 2008.0/i586/php-zlib-5.2.4-3.6mdv2008.0.i586.rpm 65df1f4f129da06e2a1e9823cfead368 2008.0/SRPMS/php-5.2.4-3.6mdv2008.0.src.rpm e56e53a7c7191d9ed2a97e5242efc9f6 2008.0/SRPMS/php-ini-5.2.4-1.1mdv2008.0.src.rpm 6aa8398ac283a2e9191a610c9257b92d 2008.0/SRPMS/php-suhosin-0.9.22-1.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f398a99ea95cb9ef87714f329f6aa50a 2008.0/x86_64/lib64php5_common5-5.2.4-3.6mdv2008.0.x86_64.rpm 942f2dc1196117662b235556f26502bb 2008.0/x86_64/php-bcmath-5.2.4-3.6mdv2008.0.x86_64.rpm b3c12cf540d0740b92fd309812188e1d 2008.0/x86_64/php-bz2-5.2.4-3.6mdv2008.0.x86_64.rpm ad6de23700fea32a1a8da6864c3a25a9 2008.0/x86_64/php-calendar-5.2.4-3.6mdv2008.0.x86_64.rpm daa7d8731219b6a9a550d7969476dab6 2008.0/x86_64/php-cgi-5.2.4-3.6mdv2008.0.x86_64.rpm eb5e0e88648e681389e11b759c5401ba 2008.0/x86_64/php-cli-5.2.4-3.6mdv2008.0.x86_64.rpm 21f65993be1060bb8748c61bcb1dd6dd 2008.0/x86_64/php-ctype-5.2.4-3.6mdv2008.0.x86_64.rpm b2028868517e6e4991d2c1db8c406e2c 2008.0/x86_64/php-curl-5.2.4-3.6mdv2008.0.x86_64.rpm 522d18ab9518c8e8d1fb1bb7fbcf2a49 2008.0/x86_64/php-dba-5.2.4-3.6mdv2008.0.x86_64.rpm 8a070b2511de44d5d07468a0d43077ee 2008.0/x86_64/php-dbase-5.2.4-3.6mdv2008.0.x86_64.rpm a59fe2ff50f0a8f576acb8c4dd1e9225 2008.0/x86_64/php-devel-5.2.4-3.6mdv2008.0.x86_64.rpm c126c13396eed70bf74278f19ff06b9f 2008.0/x86_64/php-dom-5.2.4-3.6mdv2008.0.x86_64.rpm 258da77d47e3e7ca4e589122dc95d7be 2008.0/x86_64/php-exif-5.2.4-3.6mdv2008.0.x86_64.rpm 63622aad8a56b0114e32d94468ee548b 2008.0/x86_64/php-fcgi-5.2.4-3.6mdv2008.0.x86_64.rpm a48b0162727b1c07432076c9ef9edf2a 2008.0/x86_64/php-filter-5.2.4-3.6mdv2008.0.x86_64.rpm 9733150395b7205f14ab77c1f07c7e41 2008.0/x86_64/php-ftp-5.2.4-3.6mdv2008.0.x86_64.rpm d0af7bf2965e815b299573c6a180ae43 2008.0/x86_64/php-gd-5.2.4-3.6mdv2008.0.x86_64.rpm e2c886e10297423b6dab80c9aa2acdba 2008.0/x86_64/php-gettext-5.2.4-3.6mdv2008.0.x86_64.rpm 2ff4cadd8f9735f9681bfda85b92eec4 2008.0/x86_64/php-gmp-5.2.4-3.6mdv2008.0.x86_64.rpm 6826151c9239f8cc561e946155e6e390 2008.0/x86_64/php-hash-5.2.4-3.6mdv2008.0.x86_64.rpm dc22e7263a883c3af5332d799a30870a 2008.0/x86_64/php-iconv-5.2.4-3.6mdv2008.0.x86_64.rpm c4144dbe62aec1bdbd4179b7c83f0453 2008.0/x86_64/php-imap-5.2.4-3.6mdv2008.0.x86_64.rpm 855b5a2768757424caeeeb9173b48e12 2008.0/x86_64/php-ini-5.2.4-1.1mdv2008.0.x86_64.rpm 6a3edd387c56577cb1d785380d514b2e 2008.0/x86_64/php-json-5.2.4-3.6mdv2008.0.x86_64.rpm 2e15c34ae48b9f20e1067777a1878b1c 2008.0/x86_64/php-ldap-5.2.4-3.6mdv2008.0.x86_64.rpm 1c0ea7c6ef9e881eae5a9fb74c630cf4 2008.0/x86_64/php-mbstring-5.2.4-3.6mdv2008.0.x86_64.rpm fe296150445d1da8f8fe5d377def8df2 2008.0/x86_64/php-mcrypt-5.2.4-3.6mdv2008.0.x86_64.rpm 9eb7e2fd8cfa76953483cd657f6913db 2008.0/x86_64/php-mhash-5.2.4-3.6mdv2008.0.x86_64.rpm 893cb626d6b8fd6025b711ef0c4e39a8 2008.0/x86_64/php-mime_magic-5.2.4-3.6mdv2008.0.x86_64.rpm 4240127ce4b5fe432c9ab77aa497f777 2008.0/x86_64/php-ming-5.2.4-3.6mdv2008.0.x86_64.rpm 3f185a12b5e9f6412e70ce111caaba99 2008.0/x86_64/php-mssql-5.2.4-3.6mdv2008.0.x86_64.rpm 6f3672ba3fe414bcb1bb88c4c29a5c15 2008.0/x86_64/php-mysql-5.2.4-3.6mdv2008.0.x86_64.rpm 90e4e29a343c7d5c842d308c4070cb3f 2008.0/x86_64/php-mysqli-5.2.4-3.6mdv2008.0.x86_64.rpm cbe5fdc6cae0e4e6ab968bc853f6327d 2008.0/x86_64/php-ncurses-5.2.4-3.6mdv2008.0.x86_64.rpm ca1314f20bef9ccb3b249297141e463a 2008.0/x86_64/php-odbc-5.2.4-3.6mdv2008.0.x86_64.rpm 4f343234d1b345b2a40c6dadc1eb2a2d 2008.0/x86_64/php-openssl-5.2.4-3.6mdv2008.0.x86_64.rpm ce9431f572447eac15656d98721e74f9 2008.0/x86_64/php-pcntl-5.2.4-3.6mdv2008.0.x86_64.rpm 872211884f49bd797b0c1f40640487f6 2008.0/x86_64/php-pdo-5.2.4-3.6mdv2008.0.x86_64.rpm ce87f62defbd55aefb63d689c1973674 2008.0/x86_64/php-pdo_dblib-5.2.4-3.6mdv2008.0.x86_64.rpm fab20b4720b373d7660aaaa5be111340 2008.0/x86_64/php-pdo_mysql-5.2.4-3.6mdv2008.0.x86_64.rpm e723f4985207d57461e468657ae01f6c 2008.0/x86_64/php-pdo_odbc-5.2.4-3.6mdv2008.0.x86_64.rpm b32cb6ef6d16351a30f8b7508714428a 2008.0/x86_64/php-pdo_pgsql-5.2.4-3.6mdv2008.0.x86_64.rpm b96f4f11dce70109e0725dd323ad12f6 2008.0/x86_64/php-pdo_sqlite-5.2.4-3.6mdv2008.0.x86_64.rpm c99e1b7ada0034ec40a5e728bd5061f6 2008.0/x86_64/php-pgsql-5.2.4-3.6mdv2008.0.x86_64.rpm 9161d9cb7e67d27df6a4e0bc69a8703e 2008.0/x86_64/php-posix-5.2.4-3.6mdv2008.0.x86_64.rpm 37345e0cab4c994a5abc28fbc42c4689 2008.0/x86_64/php-pspell-5.2.4-3.6mdv2008.0.x86_64.rpm 816df2a2817bfdab756cfeb815c9ea7f 2008.0/x86_64/php-readline-5.2.4-3.6mdv2008.0.x86_64.rpm 267ac1be83b93e57dc53319a9821f83a 2008.0/x86_64/php-recode-5.2.4-3.6mdv2008.0.x86_64.rpm d9b625a85aa176b84bed0ac2eefcc8c5 2008.0/x86_64/php-session-5.2.4-3.6mdv2008.0.x86_64.rpm 140129653d08f80fe28296be4678a3b2 2008.0/x86_64/php-shmop-5.2.4-3.6mdv2008.0.x86_64.rpm a89dcea1c88ff695a8b50dd94b0f71cd 2008.0/x86_64/php-simplexml-5.2.4-3.6mdv2008.0.x86_64.rpm 75580d06c01fba33dbdecd89f7320715 2008.0/x86_64/php-snmp-5.2.4-3.6mdv2008.0.x86_64.rpm 2f26e05df372e97ebebe2463a02676d0 2008.0/x86_64/php-soap-5.2.4-3.6mdv2008.0.x86_64.rpm 91b225bed23ee8e8abc6845a82d22b08 2008.0/x86_64/php-sockets-5.2.4-3.6mdv2008.0.x86_64.rpm 17ff231801523cf9c708927457229ff3 2008.0/x86_64/php-sqlite-5.2.4-3.6mdv2008.0.x86_64.rpm e7e08cf3d3d5a50b3289cd490d5b9849 2008.0/x86_64/php-suhosin-0.9.22-1.1mdv2008.0.x86_64.rpm cd30ec9e6ea88a9b93608a41f73b435d 2008.0/x86_64/php-sysvmsg-5.2.4-3.6mdv2008.0.x86_64.rpm 0ed754d7981865b651de949ed39b9e50 2008.0/x86_64/php-sysvsem-5.2.4-3.6mdv2008.0.x86_64.rpm f654cd657f92eeb5a29fce4fd05a7949 2008.0/x86_64/php-sysvshm-5.2.4-3.6mdv2008.0.x86_64.rpm 3337e7433be806cd5607acb30879fac0 2008.0/x86_64/php-tidy-5.2.4-3.6mdv2008.0.x86_64.rpm 7de4c7d4f4c5a3dfcc55a60009720440 2008.0/x86_64/php-tokenizer-5.2.4-3.6mdv2008.0.x86_64.rpm c622f1d0c1b4eb646032e7f6aec13509 2008.0/x86_64/php-wddx-5.2.4-3.6mdv2008.0.x86_64.rpm 3fe98b20e6bbb2be169f48ed3e44f751 2008.0/x86_64/php-xml-5.2.4-3.6mdv2008.0.x86_64.rpm 724ba905526fc57800edffba59b8db50 2008.0/x86_64/php-xmlreader-5.2.4-3.6mdv2008.0.x86_64.rpm e55b20b88f569148520db75d8ce52d8a 2008.0/x86_64/php-xmlrpc-5.2.4-3.6mdv2008.0.x86_64.rpm 945fcc56d1ab56eca38eeb97e805127a 2008.0/x86_64/php-xmlwriter-5.2.4-3.6mdv2008.0.x86_64.rpm 36b5946d0beeef03f4d7039982a129e1 2008.0/x86_64/php-xsl-5.2.4-3.6mdv2008.0.x86_64.rpm 8d57d8f57b6d6d213c8b1cac9e0a2b34 2008.0/x86_64/php-zlib-5.2.4-3.6mdv2008.0.x86_64.rpm 65df1f4f129da06e2a1e9823cfead368 2008.0/SRPMS/php-5.2.4-3.6mdv2008.0.src.rpm e56e53a7c7191d9ed2a97e5242efc9f6 2008.0/SRPMS/php-ini-5.2.4-1.1mdv2008.0.src.rpm 6aa8398ac283a2e9191a610c9257b92d 2008.0/SRPMS/php-suhosin-0.9.22-1.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLHRLamqjQ0CJFipgRAlWjAJ4s3JPVrrms2bL+SXQ+ihK0gudH2wCg6x/T Ae6hm3BQShz8sC3rbvFnp+M= =ZoWi -----END PGP SIGNATURE-----