Login
Newsletter
Werbung

Sicherheit: Ausführen beliebigen Codes in php-pear
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in php-pear
ID: MDKSA-2005:109
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2
Datum: Sa, 2. Juli 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1921
http://www.hardened-php.net/advisory-022005.php
Applikationen: PEAR

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: php-pear
Advisory ID: MDKSA-2005:109
Date: June 30th, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A vulnerability was discovered by GulfTech Security in the PHP XML RPC
project. This vulnerability is considered critical and can lead to
remote code execution. The vulnerability also exists in the PEAR
XMLRPC implementation.

Mandriva ships with the PEAR XMLRPC implementation and it has been
patched to correct this problem. It is advised that users examine the
PHP applications they have installed on their servers for any
applications that may come bundled with their own copies of the PEAR
system and either patch RPC.php or use the system PEAR (found in
/usr/share/pear).

Updates have been released for some popular PHP applications such
as WordPress and Serendipity and users are urged to take all
precautions to protect their systems from attack and/or defacement by
upgrading their applications from the authors of the respective
applications.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
http://www.hardened-php.net/advisory-022005.php
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
38955856a2689f10db9f9f5ca734392c
10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm
18695b853e1aba539da2c68a6d574a4b 10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
9de5b21dc478563f5277f9157b98c49f
amd64/10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm
18695b853e1aba539da2c68a6d574a4b
amd64/10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm

Mandrakelinux 10.1:
d48b2e73f6f1ec0366498014a484f328
10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm
20c91279fa70d68d9e51587980cd262d 10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
dba6b07d89653e4596220cf93a3fed73
x86_64/10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm
20c91279fa70d68d9e51587980cd262d
x86_64/10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm

Mandrakelinux 10.2:
4734a42ea347a8f3ad42f2ebbde56f22
10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm
b564c4dce014d6c3968ef0544effe318
10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
c3349adf16855ee536cbd01077f087e5
x86_64/10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm
b564c4dce014d6c3968ef0544effe318
x86_64/10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm

Corporate 3.0:
ac0ffe7efc09f7718461fa81a9ac5864
corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm
1cf934b41b88c63614f4e4d623da479b
corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
3b4eea612865d6aeb242299c390f2fe9
x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm
1cf934b41b88c63614f4e4d623da479b
x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCxHT6mqjQ0CJFipgRAjMWAJ9R5EepEYCn6OkjFULzvN4WTNRBIQCfTYsk
/TAtWwT1PeHQGuH/upbw51g=
=y8Ju
-----END PGP SIGNATURE-----


To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung