Login
Newsletter
Werbung

Sicherheit: Ausführen beliebigen Codes in php-pear
Aktuelle Meldungen Distributionen
Name: Ausführen beliebigen Codes in php-pear
ID: MDKSA-2005:146
Distribution: Mandriva
Plattformen: Mandriva 10.0, Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2
Datum: Di, 23. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498
Applikationen: PEAR

Originalnachricht

This is a multi-part message in MIME format...

------------=_1124813797-805-1217

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: php-pear
Advisory ID: MDKSA-2005:146
Date: August 22nd, 2005

Affected versions: 10.0, 10.1, 10.2, Corporate 3.0
______________________________________________________________________

Problem Description:

A problem was discovered in the PEAR XML-RPC Server package included
in the php-pear package. If a PHP script which implements the XML-RPC
Server is used, it would be possible for a remote attacker to construct
an XML-RPC request which would cause PHP to execute arbitrary commands
as the 'apache' user.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
ad5790382b19a06f31d341d7eba05fb6
10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9 10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ad5790382b19a06f31d341d7eba05fb6
amd64/10.0/RPMS/php-pear-4.3.4-3.2.100mdk.noarch.rpm
7d41047a2fb997725773ae9dccd76ff9
amd64/10.0/SRPMS/php-pear-4.3.4-3.2.100mdk.src.rpm

Mandrakelinux 10.1:
3c0b4ed15139d42df9be6ed177a571d6
10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d 10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3c0b4ed15139d42df9be6ed177a571d6
x86_64/10.1/RPMS/php-pear-4.3.8-1.2.101mdk.noarch.rpm
ffd4b96fe8e05b7246eccd881563229d
x86_64/10.1/SRPMS/php-pear-4.3.8-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
484af9862c08f5fdec98007d74fdcf8c
10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617
10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
484af9862c08f5fdec98007d74fdcf8c
x86_64/10.2/RPMS/php-pear-4.3.10-3.2.102mdk.noarch.rpm
28e358ce40a0561251ba34d909a7c617
x86_64/10.2/SRPMS/php-pear-4.3.10-3.2.102mdk.src.rpm

Corporate 3.0:
4f1eede09f0e47209b13e7c8168bcb79
corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5
corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
4f1eede09f0e47209b13e7c8168bcb79
x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.2.C30mdk.noarch.rpm
e5e1fa37415a8761c2b25799ef8fffb5
x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.2.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDCnHYmqjQ0CJFipgRAp+VAKDW9kEg9S9oQ8msSkqy2lDZ0ufSvwCgwO2g
3cyMki9MOeXvAD6wNsY8AN4=
=ZKfT
-----END PGP SIGNATURE-----


------------=_1124813797-805-1217
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________



------------=_1124813797-805-1217--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung