drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php
Name: |
Mehrere Probleme in php |
|
ID: |
RHSA-2006:0682-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Do, 21. September 2006, 12:58 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486 |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: php security update Advisory ID: RHSA-2006:0682-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0682.html Issue date: 2006-09-21 Updated on: 2006-09-21 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-3016 CVE-2006-4020 CVE-2006-4482 CVE-2006-4486 - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)
A buffer overflow was discovered found in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)
An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
206934 - CVE-2006-4482 PHP heap overflow 206935 - metaphone() function causing Apache segfaults 206936 - CVE-2006-4486 PHP integer overflows in Zend 206937 - CVE-2006-4020 PHP buffer overread flaw 206964 - CVE-2006-3016 PHP session ID validation
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.11.src.rpm dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm
i386: 3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm 66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm 34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm 3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm 6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm 9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm
ia64: 62d9ec481bee82602963c545d4ae270d php-4.1.2-2.11.ia64.rpm 6f6c5b533f079fde524c35ac4f909eb0 php-devel-4.1.2-2.11.ia64.rpm 8ac19aed8a568996ec99e5d37dbb222e php-imap-4.1.2-2.11.ia64.rpm 62f12475db39e5cb619713c1cc73e889 php-ldap-4.1.2-2.11.ia64.rpm e947e6f327da3ddca5b2db538bb44643 php-manual-4.1.2-2.11.ia64.rpm d1de9bf1cb6674b4edf391ddea0a1c52 php-mysql-4.1.2-2.11.ia64.rpm 6f2b3fe22330361b6bde789402403484 php-odbc-4.1.2-2.11.ia64.rpm 30ac774ef5e207f9a5ef0cfb10ef5ce7 php-pgsql-4.1.2-2.11.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.11.src.rpm dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm
ia64: 62d9ec481bee82602963c545d4ae270d php-4.1.2-2.11.ia64.rpm 6f6c5b533f079fde524c35ac4f909eb0 php-devel-4.1.2-2.11.ia64.rpm 8ac19aed8a568996ec99e5d37dbb222e php-imap-4.1.2-2.11.ia64.rpm 62f12475db39e5cb619713c1cc73e889 php-ldap-4.1.2-2.11.ia64.rpm e947e6f327da3ddca5b2db538bb44643 php-manual-4.1.2-2.11.ia64.rpm d1de9bf1cb6674b4edf391ddea0a1c52 php-mysql-4.1.2-2.11.ia64.rpm 6f2b3fe22330361b6bde789402403484 php-odbc-4.1.2-2.11.ia64.rpm 30ac774ef5e207f9a5ef0cfb10ef5ce7 php-pgsql-4.1.2-2.11.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.11.src.rpm dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm
i386: 3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm 66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm 34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm 3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm 6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm 9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.11.src.rpm dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm
i386: 3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm 66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm 34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm 3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm 6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm 9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFFEm+vXlSAg2UNWIIRAvp9AJ9HCwZ4oCJi5g/yE+lhcGuY2OH0HgCfUV9H wk5WhfOy5JHpt3jcLrVBZFM= =+r0n -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|