Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in php
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in php
ID: MDKSA-2006:144
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva 2006.0
Datum: Di, 22. August 2006, 01:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
Applikationen: PHP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1156203513-9299-1465


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:144
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : August 21, 2006
Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the sscanf function that could allow
attackers in certain circumstances to execute arbitrary code via
argument swapping which incremented an index past the end of an array
and triggered a buffer over-read.

Updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
c4156de63b5b04c72129e275184c8589
2006.0/RPMS/libphp5_common5-5.0.4-9.13.20060mdk.i586.rpm
d8a272fb6115fcb185bf273307cfa945
2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.i586.rpm
1cdca894d3ec7810c031329bf9b022b5
2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.i586.rpm
5729200eecf5a7e8e7113f4b43116723
2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.i586.rpm
8fa33cfb6ccdd669f27ba1686db24fcd
2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.i586.rpm
60462a513b931f23a15d7b4e6af9af90 2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
a05922ab7f687dbe9cd74b5546e2ec4f
x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.13.20060mdk.x86_64.rpm
00599ac74cb16ef47988addae1a01e94
x86_64/2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.x86_64.rpm
0b4ff38a92b2ddf41a25abe1155b6bb8
x86_64/2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.x86_64.rpm
39eda4d79d65a2ce4f0f9b8d2f66414d
x86_64/2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.x86_64.rpm
be71b05ae1fdb0a38bd5a5831cdb7b2f
x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.x86_64.rpm
60462a513b931f23a15d7b4e6af9af90
x86_64/2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

Corporate 3.0:
e78d38e4f23349aef5fd8fb0ce21f9ed
corporate/3.0/RPMS/libphp_common432-4.3.4-4.19.C30mdk.i586.rpm
e02ce53ce1a53d1d2868c7751bfdb4e5
corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.i586.rpm
f911c1968c8c4600e304da4cbf6cd91b
corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.i586.rpm
1555db6b00d118207bb07ef987dea7d0
corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.i586.rpm
cac345df4a30ed6668aae005b88c5469
corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

Corporate 3.0/X86_64:
1af2ab4b349ba0e751716a915b2da80c
x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.19.C30mdk.x86_64.rpm
ba056de7a5bc14e1d013b64bd83cd765
x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.x86_64.rpm
d15a90260a0b2d0a5b9c3d5a24e18b93
x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.x86_64.rpm
ab47db1054598cd47994044be0d58f2a
x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.x86_64.rpm
cac345df4a30ed6668aae005b88c5469
x86_64/corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

Multi Network Firewall 2.0:
c148d89f0bf1c0f6079fe83ef6718402
mnf/2.0/RPMS/libphp_common432-4.3.4-4.19.M20mdk.i586.rpm
1697ade79fd11a329c68b3ed525facf5
mnf/2.0/RPMS/php432-devel-4.3.4-4.19.M20mdk.i586.rpm
f1085937ffe9b8f77cb9ce0d5f6f6e51
mnf/2.0/RPMS/php-cgi-4.3.4-4.19.M20mdk.i586.rpm
85065b170be58a5d6b7248cef13e2404
mnf/2.0/RPMS/php-cli-4.3.4-4.19.M20mdk.i586.rpm
80d16af425dc23129b0bf396344f83d5 mnf/2.0/SRPMS/php-4.3.4-4.19.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE6f+7mqjQ0CJFipgRAgO4AKCmZjvytxb9tyay3hAE/j1rL94SbgCgrwcv
tfGZbize4boWnozuGCE0KRc=
=umgx
-----END PGP SIGNATURE-----


------------=_1156203513-9299-1465
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1156203513-9299-1465--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung