Login
Newsletter
Werbung

Sicherheit: Formatstring-Probleme in PHP 3
Aktuelle Meldungen Distributionen
Name: Formatstring-Probleme in PHP 3
ID:
Distribution: Debian
Plattformen: Debian slink
Datum: Sa, 14. Oktober 2000, 13:00
Referenzen: Keine Angabe
Applikationen: PHP

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----


----------------------------------------------------------------------------
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Daniel Jacobowitz
October 14, 2000
----------------------------------------------------------------------------

Package: php3
Vulnerability: possible remote exploit
Debian-specific: no
Vulnerable: yes

[Updated version: corrected URLs]

In versions of the PHP 3 packages before version 3.0.17, several format
string bugs could allow properly crafted requests to execute code as the
user running PHP scripts on the web server, particularly if error logging
was enabled.

This problem is fixed in versions 3.0.17-0potato2 and 3.0.17-0potato3 for
Debian 2.2 (potato) and in version 3.0.17-1 for Debian Unstable (woody).
This is a bug fix release and we recommend all users of php3 upgrade to it.

Debian GNU/Linux 2.1 alias slink
--------------------------------

Slink contains php3 version 3.0.5, which is believed to be affected by
this problem. No security updates for slink are available at this time;
Slink users who have php3 installed are highly recommended to either
upgrade to potato or recompile the potato php3 packages from source
(see the URLs below).

Debian GNU/Linux 2.2 (stable) alias potato
------------------------------------------

Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola
680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r1.

Source archives:
php3_3.0.17-0potato3.diff.gz
MD5 checksum: 34000f57a678a5613c9ad925c75015c9
php3_3.0.17-0potato3.dsc
MD5 checksum: 5ccde22fa1eb7b5a1211bdf0733ee5fc
php3_3.0.17.orig.tar.gz
MD5 checksum: 82cadd5b244f95f95c0d5b00a9d36419

Architecture indendent archives:
php3-doc_3.0.17-0potato3_all.deb
MD5 checksum: 786f3d4889251bcd927475a83cab737d

Alpha architecture:
php3-cgi-gd_3.0.17-0potato3_alpha.deb
MD5 checksum: 0c6d6c84970f7298ba8b3ca267b6d436
php3-cgi-imap_3.0.17-0potato3_alpha.deb
MD5 checksum: 63ed819bcde8919a1b04bd668b536bb1
php3-cgi-ldap_3.0.17-0potato3_alpha.deb
MD5 checksum: 91a7b73e5c53d533cf1b3f9e91477829
php3-cgi-magick_3.0.17-0potato3_alpha.deb
MD5 checksum: 69974d87a8ab40de1d80090b56e9e734
php3-cgi-mhash_3.0.17-0potato3_alpha.deb
MD5 checksum: 7c4fed2056667347d3a8d8fcfde11d18
php3-cgi-mysql_3.0.17-0potato3_alpha.deb
MD5 checksum: 866f79ff9a5e07c2d1dc625f6b039062
php3-cgi-pgsql_3.0.17-0potato3_alpha.deb
MD5 checksum: f205dc1d6c3d66465223ec2cb915d378
php3-cgi-snmp_3.0.17-0potato3_alpha.deb
MD5 checksum: 4fabcea51de8ad87072b3892eac3db44
php3-cgi-xml_3.0.17-0potato3_alpha.deb
MD5 checksum: 98e60f2ce67b5ac45bbefffee55f4320
php3-cgi_3.0.17-0potato3_alpha.deb
MD5 checksum: 6c356cef858b022706d536bdd2a3bda5
php3-dev_3.0.17-0potato3_alpha.deb
MD5 checksum: f00b99a9fbef8eef95b286b0fd07921c
php3-gd_3.0.17-0potato3_alpha.deb
MD5 checksum: c28f15858f631739a04b585d88537c35
php3-imap_3.0.17-0potato3_alpha.deb
MD5 checksum: f683f8c1095be5fd6004218e006d95ae
php3-ldap_3.0.17-0potato3_alpha.deb
MD5 checksum: 2bea51c4216a7509df35ae93852fe12f
php3-magick_3.0.17-0potato3_alpha.deb
MD5 checksum: cc46953ee5cf0919a20b03174146042f
php3-mhash_3.0.17-0potato3_alpha.deb
MD5 checksum: 08902d8dd7c6da8d551df423479774f3
php3-mysql_3.0.17-0potato3_alpha.deb
MD5 checksum: 50c5fddca3b974040d727571155d810b
php3-pgsql_3.0.17-0potato3_alpha.deb
MD5 checksum: 95ac10b17e9d253516b6c6566070ed8b
php3-snmp_3.0.17-0potato3_alpha.deb
MD5 checksum: ac553c47449d417a2151badda621b0b8
php3-xml_3.0.17-0potato3_alpha.deb
MD5 checksum: b0cfeaa821d26b1b5c3e0e02a9c97234
php3_3.0.17-0potato3_alpha.deb
MD5 checksum: cfcff9174113b296a1c527d4d03ff36f

ARM architecture:
php3-cgi-gd_3.0.17-0potato3_arm.deb
MD5 checksum: dedef18cb5af7321602fdd84e6919a82
php3-cgi-imap_3.0.17-0potato3_arm.deb
MD5 checksum: 2e14ffe7d55808964d3b8745ee6f7a68
php3-cgi-ldap_3.0.17-0potato3_arm.deb
MD5 checksum: 6bed9079916e0838549f0cbefac3b364
php3-cgi-magick_3.0.17-0potato3_arm.deb
MD5 checksum: dcd4141709649316490b6c11074b9892
php3-cgi-mhash_3.0.17-0potato3_arm.deb
MD5 checksum: 1f74328177093f92f6b690438314e854
php3-cgi-mysql_3.0.17-0potato3_arm.deb
MD5 checksum: 96ca00029282d292261a83c792f70634
php3-cgi-pgsql_3.0.17-0potato3_arm.deb
MD5 checksum: 4aeab7f32a5d76cb4122c99c11e6fd74
php3-cgi-snmp_3.0.17-0potato3_arm.deb
MD5 checksum: b1de42a0a93bbd56b8d3bf618738ac97
php3-cgi-xml_3.0.17-0potato3_arm.deb
MD5 checksum: 7cef4e5a8df31213e7d4326ca3e4bc78
php3-cgi_3.0.17-0potato3_arm.deb
MD5 checksum: ae70e50b6a97aa87d102887cc90a039d
php3-dev_3.0.17-0potato3_arm.deb
MD5 checksum: 5b8c0c2f755d9573325bbf93ade047a5
php3-gd_3.0.17-0potato3_arm.deb
MD5 checksum: 78c58318841395fb2a4830c3fde2ea35
php3-imap_3.0.17-0potato3_arm.deb
MD5 checksum: ad2d62ae660deb8eb3814725c266f882
php3-ldap_3.0.17-0potato3_arm.deb
MD5 checksum: ab226b1c21bb1bb3e9d2532a307b0a33
php3-magick_3.0.17-0potato3_arm.deb
MD5 checksum: 28dea447bffa0cc2b1d9526a34b04243
php3-mhash_3.0.17-0potato3_arm.deb
MD5 checksum: 6905809e038ed460e007e305e9d6f27d
php3-mysql_3.0.17-0potato3_arm.deb
MD5 checksum: e8931d67b40f57b45d4816efa090869d
php3-pgsql_3.0.17-0potato3_arm.deb
MD5 checksum: c4492365d13b377f8591d1501e4fffbc
php3-snmp_3.0.17-0potato3_arm.deb
MD5 checksum: 794307c984982c144628c165d7fafbdc
php3-xml_3.0.17-0potato3_arm.deb
MD5 checksum: b14b2aef4d507988133e0936b520f827
php3_3.0.17-0potato3_arm.deb
MD5 checksum: f08677b2a016498de9ac2ae035fcee02

Intel ia32 architecture:
php3-cgi-gd_3.0.17-0potato2_i386.deb
MD5 checksum: abb5c61dcb930484d448809f37ceee89
php3-cgi-imap_3.0.17-0potato2_i386.deb
MD5 checksum: eaf1a7ce1191479fab1991a0f7628f35
php3-cgi-ldap_3.0.17-0potato2_i386.deb
MD5 checksum: 78a497ee35f72a0a5335dffbb278b51b
php3-cgi-magick_3.0.17-0potato2_i386.deb
MD5 checksum: 74ff9c4fdfd1ddff35d229b40389526f
php3-cgi-mhash_3.0.17-0potato2_i386.deb
MD5 checksum: ce136a323408024afeefd44d71bfa07f
php3-cgi-mysql_3.0.17-0potato2_i386.deb
MD5 checksum: 18ce8da1e51051009548bcf15e9f22c1
php3-cgi-pgsql_3.0.17-0potato2_i386.deb
MD5 checksum: 06eaf7f5e580db16bfe6e49ba3f7178e
php3-cgi-snmp_3.0.17-0potato2_i386.deb
MD5 checksum: d783e965c9975a1418cbf24f2c018cf6
php3-cgi-xml_3.0.17-0potato2_i386.deb
MD5 checksum: b872b9749ee4a7f5e41d2561968185ec
php3-cgi_3.0.17-0potato2_i386.deb
MD5 checksum: 9519673f1a4f3cd9e6072aed47571706
php3-dev_3.0.17-0potato2_i386.deb
MD5 checksum: f697b67a799e4f8a0a52dafad453952e
php3-gd_3.0.17-0potato2_i386.deb
MD5 checksum: 623b94d44c924f2caeaf38dc4c241c47
php3-imap_3.0.17-0potato2_i386.deb
MD5 checksum: 6427a5b1cec363442b85378dca2068c2
php3-ldap_3.0.17-0potato2_i386.deb
MD5 checksum: 27409fdf4877b7fe148d699fc0e0c513
php3-magick_3.0.17-0potato2_i386.deb
MD5 checksum: 25da562776c6723d9e6ce9e1d596da55
php3-mhash_3.0.17-0potato2_i386.deb
MD5 checksum: 3f6608677722ecde60038738a5230f15
php3-mysql_3.0.17-0potato2_i386.deb
MD5 checksum: 57b7591a9e024f8bf8deac95ee266ca7
php3-pgsql_3.0.17-0potato2_i386.deb
MD5 checksum: a9f0c424781738f0486d0b83f96b9501
php3-snmp_3.0.17-0potato2_i386.deb
MD5 checksum: 388459a9353a97e46eb791dfcf5db4c3
php3-xml_3.0.17-0potato2_i386.deb
MD5 checksum: 1528dffc6b361dd3636f74cb674a352f
php3_3.0.17-0potato2_i386.deb
MD5 checksum: 26ead1ce5f3d9cb28411b1f91853fca5

Motorola 680x0 architecture:
php3-cgi-gd_3.0.17-0potato3_m68k.deb
MD5 checksum: f738bf60fabff9ff79f08c9e26c78f29
php3-cgi-imap_3.0.17-0potato3_m68k.deb
MD5 checksum: 2ada0cf7129796cc9225c8853a1d073d
php3-cgi-ldap_3.0.17-0potato3_m68k.deb
MD5 checksum: b61f66b80f10cd4d6761e76d837457ba
php3-cgi-magick_3.0.17-0potato3_m68k.deb
MD5 checksum: 265120fac62de3c4702c1ff13407128a
php3-cgi-mhash_3.0.17-0potato3_m68k.deb
MD5 checksum: 015a0b89dccac3bcfbb8250e560e5499
php3-cgi-mysql_3.0.17-0potato3_m68k.deb
MD5 checksum: a84a25672d154b84ced76d1bb329927b
php3-cgi-pgsql_3.0.17-0potato3_m68k.deb
MD5 checksum: 977268a5705ea6e20f74c111d16af478
php3-cgi-snmp_3.0.17-0potato3_m68k.deb
MD5 checksum: 65021da88ed93caf16f0b45ac8bea916
php3-cgi-xml_3.0.17-0potato3_m68k.deb
MD5 checksum: 6ff5aaed2f6a503e61c07a3116beaacd
php3-cgi_3.0.17-0potato3_m68k.deb
MD5 checksum: d3a2a47c6299ca0d324e9674ec97bb10
php3-dev_3.0.17-0potato3_m68k.deb
MD5 checksum: 578c0d9324b64954f35fd4bd37e29d8a
php3-gd_3.0.17-0potato3_m68k.deb
MD5 checksum: df41c6d37b070970338bedbca5fc85df
php3-imap_3.0.17-0potato3_m68k.deb
MD5 checksum: 7f2b537a990d333a306ded9da5b4d5c6
php3-ldap_3.0.17-0potato3_m68k.deb
MD5 checksum: fd8adf192deb2991f742ad3aa4680b1c
php3-magick_3.0.17-0potato3_m68k.deb
MD5 checksum: 409477b06261ff072fdd2dbc0ff897db
php3-mhash_3.0.17-0potato3_m68k.deb
MD5 checksum: 4244ee22e56cbacfaf98cb0d0be7bdf4
php3-mysql_3.0.17-0potato3_m68k.deb
MD5 checksum: 47aefa07233b90a252c91890e45c7d8c
php3-pgsql_3.0.17-0potato3_m68k.deb
MD5 checksum: 0d42a6c597dfd29c2f2e23574333fce4
php3-snmp_3.0.17-0potato3_m68k.deb
MD5 checksum: de4e186fcc2ce5506b448ca2114b7f3b
php3-xml_3.0.17-0potato3_m68k.deb
MD5 checksum: 47f3196abd592474d92234317743cf15
php3_3.0.17-0potato3_m68k.deb
MD5 checksum: 904fdf57b6f69521f01114506c2bbb72

PowerPC architecture:
php3-cgi-gd_3.0.17-0potato3_powerpc.deb
MD5 checksum: 82f82afc3dc07386e6de6e48d36e2602
php3-cgi-imap_3.0.17-0potato3_powerpc.deb
MD5 checksum: e3b3ba148a4c7bd216d6d53b6359597c
php3-cgi-ldap_3.0.17-0potato3_powerpc.deb
MD5 checksum: ba49214a443a0d1f7aba7355a36cd61e
php3-cgi-magick_3.0.17-0potato3_powerpc.deb
MD5 checksum: 9cab2a6fc9b39ddc7620054643934138
php3-cgi-mhash_3.0.17-0potato3_powerpc.deb
MD5 checksum: d89ca687aa43d812f1034eac57237018
php3-cgi-mysql_3.0.17-0potato3_powerpc.deb
MD5 checksum: c457fb8f71419d0bc6e8320984440ef7
php3-cgi-pgsql_3.0.17-0potato3_powerpc.deb
MD5 checksum: 0e5f92ae3cffbc36a8fb36bccbf665f0
php3-cgi-snmp_3.0.17-0potato3_powerpc.deb
MD5 checksum: 096ed7d71dd9a47a18ecbf797e9f76df
php3-cgi-xml_3.0.17-0potato3_powerpc.deb
MD5 checksum: 6d8b207895e140f93b1c21d811a2b914
php3-cgi_3.0.17-0potato3_powerpc.deb
MD5 checksum: ad45ca5aa800eefb413f3cfeaa4ff539
php3-dev_3.0.17-0potato3_powerpc.deb
MD5 checksum: 5ad19d86615ea06ed366bbbd594f4420
php3-gd_3.0.17-0potato3_powerpc.deb
MD5 checksum: d8ee51d95b9349b108e27576f3ccde2f
php3-imap_3.0.17-0potato3_powerpc.deb
MD5 checksum: 9106297857457937832582877c08878b
php3-ldap_3.0.17-0potato3_powerpc.deb
MD5 checksum: 30cea605882bde7ab106d8c341703151
php3-magick_3.0.17-0potato3_powerpc.deb
MD5 checksum: f85e9b168874e56917a57ab7b2b44e2e
php3-mhash_3.0.17-0potato3_powerpc.deb
MD5 checksum: 498d82447752aaf0eb3953a995514a7c
php3-mysql_3.0.17-0potato3_powerpc.deb
MD5 checksum: 82a4f1df0a762bdca352643c9253d229
php3-pgsql_3.0.17-0potato3_powerpc.deb
MD5 checksum: 6049f7a8d74a6e3c8d3c2c25e7254ebd
php3-snmp_3.0.17-0potato3_powerpc.deb
MD5 checksum: 1dc286aaa3b9f439d24527be4813ad1c
php3-xml_3.0.17-0potato3_powerpc.deb
MD5 checksum: a13081289f79a4516c76c8bc4a4badc2
php3_3.0.17-0potato3_powerpc.deb
MD5 checksum: b5582aadc3b2469201dd4c51543ee811

Sun Sparc architecture:
php3-cgi-gd_3.0.17-0potato3_sparc.deb
MD5 checksum: b4ef31bb148e4d8ce6e1fec71e8f432a
php3-cgi-imap_3.0.17-0potato3_sparc.deb
MD5 checksum: 0e1e649e00838f6f79a45340a2eed64d
php3-cgi-ldap_3.0.17-0potato3_sparc.deb
MD5 checksum: f867fdf0d1f0af24c0b3037d53a11984
php3-cgi-magick_3.0.17-0potato3_sparc.deb
MD5 checksum: 1f15607b7791274be01797aa752d59e3
php3-cgi-mhash_3.0.17-0potato3_sparc.deb
MD5 checksum: e14379467b151693ff20101ab985e030
php3-cgi-mysql_3.0.17-0potato3_sparc.deb
MD5 checksum: eecfdb9d5d52ff4e7f23d3f7ea2f8db4
php3-cgi-pgsql_3.0.17-0potato3_sparc.deb
MD5 checksum: 3497a5f7a1689da6a77c8568c1d357df
php3-cgi-snmp_3.0.17-0potato3_sparc.deb
MD5 checksum: 6669bee0a5a5729080de9f5b5ba27fe2
php3-cgi-xml_3.0.17-0potato3_sparc.deb
MD5 checksum: 3e5a0eed3823ebc6031ff060bc460d94
php3-cgi_3.0.17-0potato3_sparc.deb
MD5 checksum: e58049ebc9751b3236a4cb0d4d84ccb8
php3-dev_3.0.17-0potato3_sparc.deb
MD5 checksum: 93df51885ea61b78fc989e4e8060895a
php3-gd_3.0.17-0potato3_sparc.deb
MD5 checksum: b5d831eb746ccb75ceadc624a4b569e8
php3-imap_3.0.17-0potato3_sparc.deb
MD5 checksum: 4fe1d6f4a2ed9720663a1aa8f9c99bd3
php3-ldap_3.0.17-0potato3_sparc.deb
MD5 checksum: 503fbbe53e202746e02a7b3c02412478
php3-magick_3.0.17-0potato3_sparc.deb
MD5 checksum: 364beab8ec14487043a7003afb128fb1
php3-mhash_3.0.17-0potato3_sparc.deb
MD5 checksum: 80c525ea0b007ff11b9170d0ad554473
php3-mysql_3.0.17-0potato3_sparc.deb
MD5 checksum: baaa21f47f76ebb42a512d9679192dab
php3-pgsql_3.0.17-0potato3_sparc.deb
MD5 checksum: 455fa856df0719d0c3364ddbdf0a039d
php3-snmp_3.0.17-0potato3_sparc.deb
MD5 checksum: 80880cffaeded7bb5639bbe85f482cb8
php3-xml_3.0.17-0potato3_sparc.deb
MD5 checksum: 4c96a471e9b77e94f27022d555555f71
php3_3.0.17-0potato3_sparc.deb
MD5 checksum: 19fc0fe684dc8eb120475a47d9eabf24

Debian GNU/Linux Unstable alias woody
-------------------------------------

This version of Debian is not yet released.

Fixes are currently available for Alpha and Intel ia32 in the Debian
archives. The stable packages listed above are also installable on
current unstable systems.

----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBOegPND5fjwqn/34JAQF7HwQAnIvjIqhm4TNjwolqvVbfqh14UGlDK0eH
TvypblN+E77qET9+/76QpLU5fmA/h8KcTvWHAjG2j5q2RvEgNQIq1I3ZU/u+kin8
eSTAJC0f6CGZE7XUPV4vtEfP8Sw4KShk8AC5VHbohMhzp4ujQEA2riOScORlqVgp
YX0pazHvS9A=
=kwaE
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung