Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: MDKSA-2006:028
Distribution: Mandriva
Plattformen: Mandriva 10.1, Mandriva Corporate 3.0, Mandriva 10.2, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0, Mandriva Corporate 2.1
Datum: Mi, 1. Februar 2006, 23:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
Applikationen: PHP

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1138833331-28203-706


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:028
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : February 1, 2006
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple response splitting vulnerabilities in PHP allow remote attackers to 
 inject arbitrary HTTP headers via unknown attack vectors, possibly involving a
 
 crafted Set-Cookie header, related to the (1) session extension 
 (aka ext/session) and the (2) header function. (CVE-2006-0207)
 
 Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote 
 attackers to inject arbitrary web script or HTML via unknown attack vectors in
 
 "certain error conditions." (CVE-2006-0208). This issue does not
 affect
 Corporate Server 2.1.
 
 Updated packages are patched to address these issues.  Users must execute
 "service httpd restart" for the new PHP modules to be loaded by
 Apache.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0207
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 df01c3861affe2f3e1c889018bb2bdbf 
 10.1/RPMS/libphp_common432-4.3.8-3.7.101mdk.i586.rpm
 f9df1052bc1f6ce85a3bbb5ec544b077 
 10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.i586.rpm
 3be049c85f40f7051f3cf1e44b165485  10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.i586.rpm
 de903ca3c9126f451f48d71e30042066  10.1/RPMS/php-cli-4.3.8-3.7.101mdk.i586.rpm
 d697297c4330d93379848b2f3ea5b59c  10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 c9123a9203fd795b7445c2d54b2e0e65 
 x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.7.101mdk.x86_64.rpm
 a8ec659d640715f2cbe8ec5b93868de2 
 x86_64/10.1/RPMS/php432-devel-4.3.8-3.7.101mdk.x86_64.rpm
 76ff7da663400e000c148d5562540097 
 x86_64/10.1/RPMS/php-cgi-4.3.8-3.7.101mdk.x86_64.rpm
 d4c84cc9cf9325560e641f20040579ee 
 x86_64/10.1/RPMS/php-cli-4.3.8-3.7.101mdk.x86_64.rpm
 d697297c4330d93379848b2f3ea5b59c 
 x86_64/10.1/SRPMS/php-4.3.8-3.7.101mdk.src.rpm

 Mandriva Linux 10.2:
 fb20504431c87a13d3dccc44a14cc8fb 
 10.2/RPMS/libphp_common432-4.3.10-7.5.102mdk.i586.rpm
 a4a9a3e923ad9fb3364cb40fc65d4dda 
 10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.i586.rpm
 603deaacb7e29fbb89c45bbedc5669dd  10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.i586.rpm
 80c2c8841acd4119ef49be89c0fcc2d0  10.2/RPMS/php-cli-4.3.10-7.5.102mdk.i586.rpm
 7e608b7cc03ac505f9a118f75fd62d25  10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 17a7eb595d3d46d7a5aaface597c8667 
 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.5.102mdk.x86_64.rpm
 b1e1b44ebdefde1f92fd4067f8dbabf5 
 x86_64/10.2/RPMS/php432-devel-4.3.10-7.5.102mdk.x86_64.rpm
 778fa2d2adaf31a8cb7e31dbd808066e 
 x86_64/10.2/RPMS/php-cgi-4.3.10-7.5.102mdk.x86_64.rpm
 d02642564aa38691a881194c2662d98c 
 x86_64/10.2/RPMS/php-cli-4.3.10-7.5.102mdk.x86_64.rpm
 7e608b7cc03ac505f9a118f75fd62d25 
 x86_64/10.2/SRPMS/php-4.3.10-7.5.102mdk.src.rpm

 Mandriva Linux 2006.0:
 f2b7973428979dd09f52accd547568da 
 2006.0/RPMS/libphp5_common5-5.0.4-9.3.20060mdk.i586.rpm
 5f4d832f023ab7a89ef0100bf84f5287 
 2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.i586.rpm
 2670bb765568506f6747a73974939c07 
 2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.i586.rpm
 379cda215916c997a1dc2dbd5fb2620c 
 2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.i586.rpm
 ca8db2763cf64ea2bac4322ee9cca899 
 2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.i586.rpm
 92af673ab17df4b7dfe7fdebee76a48b  2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 f3d43c707c9a8d5cec75bafcb78e6ab1 
 x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.3.20060mdk.x86_64.rpm
 2f94a04a14fe62fae94111b6cb684ece 
 x86_64/2006.0/RPMS/php-cgi-5.0.4-9.3.20060mdk.x86_64.rpm
 4ede0e512810b584bed25e09fca6ba4a 
 x86_64/2006.0/RPMS/php-cli-5.0.4-9.3.20060mdk.x86_64.rpm
 f172b4c76fcf58cd9dc090a25103f6a5 
 x86_64/2006.0/RPMS/php-devel-5.0.4-9.3.20060mdk.x86_64.rpm
 79efe6cf1c641439fe1bbd4e75b8fc4f 
 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.3.20060mdk.x86_64.rpm
 92af673ab17df4b7dfe7fdebee76a48b 
 x86_64/2006.0/SRPMS/php-5.0.4-9.3.20060mdk.src.rpm

 Corporate Server 2.1:
 09f5076909971d5604836d7b9ea9fd45 
 corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.i586.rpm
 8c035441a66315b1eff8b17312c3a930 
 corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.i586.rpm
 c6f1fd24fe3e8f1ab43dcac22606486f 
 corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.i586.rpm
 86819061809b349bd18566a406273570 
 corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.i586.rpm
 7dd951360a264bf5866d065a00d5238f 
 corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 37b27434d1c44f27d8c277ae564b936e 
 x86_64/corporate/2.1/RPMS/php-4.2.3-4.7.C21mdk.x86_64.rpm
 6136563a8257ef44180ca6b4401901f6 
 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.7.C21mdk.x86_64.rpm
 bbdb1dbdda2d70b035ef466443bfc422 
 x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.7.C21mdk.x86_64.rpm
 5d44bf1bfea2cf67b4d8e89199163451 
 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.7.C21mdk.x86_64.rpm
 7dd951360a264bf5866d065a00d5238f 
 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.7.C21mdk.src.rpm

 Corporate 3.0:
 f888ebc54f82378b18d93215be73d644 
 corporate/3.0/RPMS/libphp_common432-4.3.4-4.9.C30mdk.i586.rpm
 1b24d7a3868b0ad3447306d68278ea9a 
 corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.i586.rpm
 5bc5839d0a2747b4752af35136e198e7 
 corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.i586.rpm
 d78925d4af67aa5485e5b46c41989b9c 
 corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.i586.rpm
 27ef8f959b0f289b57762ff27a5ac80b 
 corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 9bed4b632f00c11be8a5ad2f18f55856 
 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.9.C30mdk.x86_64.rpm
 46f077064f5f9c200fda31f35975a16c 
 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.9.C30mdk.x86_64.rpm
 ed1e1bba020c45e77f29193925639e2e 
 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.9.C30mdk.x86_64.rpm
 6bdd852998838bc68e15bd336aedd197 
 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.9.C30mdk.x86_64.rpm
 27ef8f959b0f289b57762ff27a5ac80b 
 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.9.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 5addfadc57bce90e16b99fa09c8223d0 
 mnf/2.0/RPMS/libphp_common432-4.3.4-4.9.M20mdk.i586.rpm
 68ebbc08d9225e65e7760a98a440fc50 
 mnf/2.0/RPMS/php432-devel-4.3.4-4.9.M20mdk.i586.rpm
 c3e1085df6f3e9802d25c31201f91004 
 mnf/2.0/RPMS/php-cgi-4.3.4-4.9.M20mdk.i586.rpm
 ae86a53032acd9d82f9dbfba561a173c 
 mnf/2.0/RPMS/php-cli-4.3.4-4.9.M20mdk.i586.rpm
 01bd5e9d8cb5520e29a9dec0358c1ecd  mnf/2.0/SRPMS/php-4.3.4-4.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD4QVimqjQ0CJFipgRAvw9AKCIQsnG6F29XOIxOyP8+Nbz5UjTcgCfQGp8
C2vb3/bapIAQwAjWIDWy/tM=
=1kiW
-----END PGP SIGNATURE-----


------------=_1138833331-28203-706
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1138833331-28203-706--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung