drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebigen Codes in php-pear
Name: |
Ausführen beliebigen Codes in php-pear
|
|
ID: |
MDKSA-2005:146 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2 |
|
Datum: |
Di, 23. August 2005, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498 |
|
Applikationen: |
PEAR |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1124813797-805-1217
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory _______________________________________________________________________
Package name: php-pear Advisory ID: MDKSA-2005:146 Date: August 22nd, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 ______________________________________________________________________
Problem Description:
A problem was discovered in the PEAR XML-RPC Server package included in the php-pear package. If a PHP script which implements the XML-RPC Server is used, it would be possible for a remote attacker to construct an XML-RPC request which would cause PHP to execute arbitrary commands as the 'apache' user. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498 ______________________________________________________________________
Updated Packages: Mandrakelinux 10.0: ad5790382b19a06f31d341d7eba05fb6 10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm 7d41047a2fb997725773ae9dccd76ff9 10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64: ad5790382b19a06f31d341d7eba05fb6 amd64/10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm 7d41047a2fb997725773ae9dccd76ff9 amd64/10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm
Mandrakelinux 10.1: 3c0b4ed15139d42df9be6ed177a571d6 10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm ffd4b96fe8e05b7246eccd881563229d 10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64: 3c0b4ed15139d42df9be6ed177a571d6 x86_64/10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm ffd4b96fe8e05b7246eccd881563229d x86_64/10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm
Mandrakelinux 10.2: 484af9862c08f5fdec98007d74fdcf8c 10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm 28e358ce40a0561251ba34d909a7c617 10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm
Mandrakelinux 10.2/X86_64: 484af9862c08f5fdec98007d74fdcf8c x86_64/10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm 28e358ce40a0561251ba34d909a7c617 x86_64/10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm
Corporate 3.0: 4f1eede09f0e47209b13e7c8168bcb79 corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm e5e1fa37415a8761c2b25799ef8fffb5 corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm
Corporate 3.0/X86_64: 4f1eede09f0e47209b13e7c8168bcb79 x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm e5e1fa37415a8761c2b25799ef8fffb5 x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDCnHYmqjQ0CJFipgRAp+VAKDW9kEg9S9oQ8msSkqy2lDZ0ufSvwCgwO2g 3cyMki9MOeXvAD6wNsY8AN4= =ZKfT -----END PGP SIGNATURE-----
------------=_1124813797-805-1217 Content-Disposition: inline; filename="message.footer" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1124813797-805-1217--
|
|
|
|