Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in PHP
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in PHP
ID: USN-66-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10
Datum: Fr, 21. Januar 2005, 12:00
Referenzen: http://www.securityfocus.com/archive/1/384920
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
Applikationen: PHP

Originalnachricht

 
===========================================================
Ubuntu Security Notice USN-66-1		   January 20, 2005
php4 vulnerabilities
http://www.securitytracker.com/alerts/2004/Oct/1011984.html
http://www.securityfocus.com/archive/1/384920
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libapache2-mod-php4
php4-cgi
php4-curl

The problem can be corrected by upgrading the affected package to
version 4:4.3.8-3ubuntu7.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

FraMe from kernelpanik.org reported that the cURL module does not
respect open_basedir restrictions. As a result, scripts which used
cURL to open files with an user-specified path could read arbitrary
local files outside of the open_basedir directory.

Stefano Di Paola discovered a vulnerability in PHP's shmop_write()
function. Its "offset" parameter was not checked for negative values,
which allowed an attacker to write arbitrary data to arbitrary memory
locations. A script which passed unchecked parameters to
shmop_write() could possibly be exploited to execute arbitrary code
with the privileges of the web server and to bypass safe mode
restrictions.

  Source archives:

    php4_4.3.8-3ubuntu7.3.diff.gz
      Size/MD5:   610960 fe787f903688a67343f674ee02bd00b1
    php4_4.3.8-3ubuntu7.3.dsc
      Size/MD5:     1624 2ca8c4097c0f65a302340ebd3679e6c8
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz
      Size/MD5:  4832570 dd69f8c89281f088eadf4ade3dbd39ee

  Architecture independent packages:

    php4-dev_4.3.8-3ubuntu7.3_all.deb
      Size/MD5:   331490 e003d55ed3e4b213b179ec30facfe0f3
    php4-pear_4.3.8-3ubuntu7.3_all.deb
      Size/MD5:   332580 19eea2d0d5618bfd85a39efef1b812e6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    libapache2-mod-php4_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:  1687328 f5e26310e00095ebcc54b0b20b8716c2
    php4-cgi_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:  3195630 456d6f35fa09b258e7d0da34d6bf9b28
    php4-curl_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    17080 c52586ddbb105f17ce5ebf6cf87bd592
    php4-domxml_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    40422 fe6fe77c231075a2a667e613cbcd5c99
    php4-gd_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    33492 07ecfe487a4b1f1ea768483252fbda37
    php4-ldap_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    21226 484861d9f894b57d1f8e2a37e7449041
    php4-mcal_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    18406 7de19aade4ffa2f9ba2b424736b6d168
    php4-mhash_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:     7988 42b5eee875348b468b8ca21baa4c5164
    php4-mysql_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    23106 fe4f90839fed4a12e2b398b3f563a3d9
    php4-odbc_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    28318 7ec809b18ce7e231def1f6e499259f76
    php4-recode_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:     7608 95ec04d122f22eebce82a817ee89e669
    php4-snmp_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    12966 a55b05cffdaf5cd67cb060c9a2a1df06
    php4-sybase_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    21494 c4b5a4561645ca55f5ef506ce2dea114
    php4-xslt_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:    17242 f2c0f1ab1734c38fdb749d72182bcc06
    php4_4.3.8-3ubuntu7.3_amd64.deb
      Size/MD5:  1703362 897ffad665ac90da2b51f481c13bc9d5

  i386 architecture (x86 compatible Intel/AMD)

    libapache2-mod-php4_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:  1629742 372b8436c25bce61a1921390a48c7e00
    php4-cgi_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:  3042580 8dcd4d214491386e7831ad50c22b53b9
    php4-curl_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    16642 2bfe89f3e1f39e34c6755108f522dd23
    php4-domxml_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    35560 8a4738c2c6e3f38ee09a8344d33803bf
    php4-gd_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    31072 89b90051a0dccd3df1d40173f7e1c2e2
    php4-ldap_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    19470 089aca8ac64f2f60916b8ac732859a90
    php4-mcal_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    17050 f34eff3de956e0f7bd9493125428fedc
    php4-mhash_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:     7740 f9ee71c58949fe011afc3bd1189be744
    php4-mysql_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    20904 7e6eb75d915e88c8cafa63c905571f02
    php4-odbc_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    26064 0579e7944930fe37aea736ea64539fa9
    php4-recode_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:     7372 061ecb634528d74f51bc552dd293704c
    php4-snmp_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    12320 24cfade7758174be7982d5e7b91f1228
    php4-sybase_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    20012 449ab9d816a60fcf0e88e2e53cda7012
    php4-xslt_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:    15876 71b352df04640ced953b82991ad5e5cb
    php4_4.3.8-3ubuntu7.3_i386.deb
      Size/MD5:  1644196 4c1d7fc89fcc3631fb1595316bbbf671

  powerpc architecture (Apple Macintosh G3/G4/G5)

    libapache2-mod-php4_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:  1689540 c88fded38c3c929636bbf7fc00e59e3a
    php4-cgi_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:  3202338 5074ee6d65bac1f1ffca4b8beabd0342
    php4-curl_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    18924 ef2f905749274b9313dbbafd76cc59be
    php4-domxml_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    38276 7de47a9bbba3e6b1a9f67b488414fbe8
    php4-gd_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    34006 c16dd35aa2361d785f7d51c39dc7f392
    php4-ldap_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    21468 b7d2ed10648d505eded2aa15a2614acb
    php4-mcal_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    19308 45846194a0f7c1b73049837004fda130
    php4-mhash_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:     9304 9006a8318f3aefc71edad02361e1d147
    php4-mysql_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    22678 a3b089b21831be6cf71387cc379bb0ef
    php4-odbc_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    28402 61fa92e166879961b767a947fd4deadc
    php4-recode_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:     9000 f6ac1c2f65a68c6353b894a8e6b33288
    php4-snmp_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    14322 adb29a3234450616f09d36bc070d7fbb
    php4-sybase_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    22190 a63a95e1e486a649d9c398eb048615a7
    php4-xslt_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:    18058 dac4907075ca5cd0450ce58483c32994
    php4_4.3.8-3ubuntu7.3_powerpc.deb
      Size/MD5:  1707200 53f7d5974d1480a238fc03bb086b0945





-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung