drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php
Name: |
Mehrere Probleme in php |
|
ID: |
RHSA-2007:0153-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Fr, 20. April 2007, 11:49 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 |
|
Applikationen: |
PHP |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0153-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0153.html Issue date: 2007-04-20 Updated on: 2007-04-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1718 CVE-2007-1583 - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)
A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718)
Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
235016 - CVE-2007-1583 mbstring register_globals activation and mail() header injection (CVE-2007-1718) 235036 - CVE-2007-1001 gd flaws in wbmp, JIS font handling (CVE-2007-0455)
6. RPMs required:
RHEL Desktop Workstation (v. 5 client):
SRPMS: php-5.1.6-11.el5.src.rpm 6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm
i386: d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm 65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm 00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm 0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm 5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm 8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm 101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm 78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm 7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm 2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm 97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm 6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm 773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm 1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm 4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm 590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm
x86_64: eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm 8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm 705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm 1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm 25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm 1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm 7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm 649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm 6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm 6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm 0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm 3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm 4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm 9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS: php-5.1.6-11.el5.src.rpm 6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm
i386: d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm 65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm 00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm 0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm 5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm 8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm 101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm 78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm 7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm 2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm 97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm 6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm 773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm 1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm 4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm 590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm
ia64: 6fbc0e4156c6779e7447d7acfd979787 php-5.1.6-11.el5.ia64.rpm fa926ee03b6d8d8657a9bbc48c666291 php-bcmath-5.1.6-11.el5.ia64.rpm 1e2fb09743054b16862a698bacd6c8f3 php-cli-5.1.6-11.el5.ia64.rpm d992b8f6b824930d58e3651715259745 php-common-5.1.6-11.el5.ia64.rpm 42f9b945b95d04a19c37ac543d64e92a php-dba-5.1.6-11.el5.ia64.rpm cdbb679383d41ad092d7b799c3948b6c php-debuginfo-5.1.6-11.el5.ia64.rpm c9f6555c46d5a43572e29e78b7ec266a php-devel-5.1.6-11.el5.ia64.rpm 6da9aba1aa0b1554895e607b29795f41 php-gd-5.1.6-11.el5.ia64.rpm 779ae74bfd7cd0a1c6778370948d3069 php-imap-5.1.6-11.el5.ia64.rpm bee411a3917d621a21e630a0df278362 php-ldap-5.1.6-11.el5.ia64.rpm cacef16531e6560a69fe20f3becf0f8a php-mbstring-5.1.6-11.el5.ia64.rpm 96ed534d298db11d6189603d4a4a1b46 php-mysql-5.1.6-11.el5.ia64.rpm c41c1b55283a6a52f761246e96e765d9 php-ncurses-5.1.6-11.el5.ia64.rpm 76fabcb8bf8b8395ba97962e5a84e0a4 php-odbc-5.1.6-11.el5.ia64.rpm 395cd8ab832c72d27954f2fcff14f5b2 php-pdo-5.1.6-11.el5.ia64.rpm e7838476e6288e7b96b37a38e94aff7f php-pgsql-5.1.6-11.el5.ia64.rpm 7465e1b6b9e40e264c581ef9eea18b08 php-snmp-5.1.6-11.el5.ia64.rpm 07e19feffca99486f1658fac2f66f484 php-soap-5.1.6-11.el5.ia64.rpm b0d574612016dd8e2fca1d06364f75c2 php-xml-5.1.6-11.el5.ia64.rpm 70f19c815037ee3d98a85e879018b80d php-xmlrpc-5.1.6-11.el5.ia64.rpm
ppc: 2e0a33efafcdf78b5882e0ab03ff065d php-5.1.6-11.el5.ppc.rpm b3bf05016ba8bb376bd2597420b15c59 php-bcmath-5.1.6-11.el5.ppc.rpm bd9a12f42c3859d251636736b5c41615 php-cli-5.1.6-11.el5.ppc.rpm 4c8d3b8d237ccb59de0232e2d9d0d4cf php-common-5.1.6-11.el5.ppc.rpm ec6609133713b50e807dcf96b8900275 php-dba-5.1.6-11.el5.ppc.rpm 24830ad29a08b881da9b30e96d4d547f php-debuginfo-5.1.6-11.el5.ppc.rpm 5035f6ae3d92b9dda48540beb765a5de php-devel-5.1.6-11.el5.ppc.rpm 571bb8cfdf27b1de242b96b08e7782db php-gd-5.1.6-11.el5.ppc.rpm 3d905e8e2e49c4dd7a0dbaa744b4df9e php-imap-5.1.6-11.el5.ppc.rpm f9f3424c9a571b6d7df4f3e9cdbe1806 php-ldap-5.1.6-11.el5.ppc.rpm 6802616d81b7699ec841e7efa134ef1c php-mbstring-5.1.6-11.el5.ppc.rpm aa2eea656e7a13d95884e83611ac666d php-mysql-5.1.6-11.el5.ppc.rpm d44546ce79b9fe8915b972c948e329a7 php-ncurses-5.1.6-11.el5.ppc.rpm 783c28604cc426785187175ccc8bcd2c php-odbc-5.1.6-11.el5.ppc.rpm a53c9d6dcf93f565c507be75b634b7c4 php-pdo-5.1.6-11.el5.ppc.rpm 5939ecafbdf9154673068092ab56b702 php-pgsql-5.1.6-11.el5.ppc.rpm 164d1301fc9cfe67c8a390a3e8b13203 php-snmp-5.1.6-11.el5.ppc.rpm b645a0e76b0fb300581a4e43b8764cfb php-soap-5.1.6-11.el5.ppc.rpm 4c004ecb53a40dd0e76e14d8715e27f6 php-xml-5.1.6-11.el5.ppc.rpm 02bb2911d00505dfd67079cb119cdfab php-xmlrpc-5.1.6-11.el5.ppc.rpm
s390x: d0d56e20f7f30ccbc278848472950fd8 php-5.1.6-11.el5.s390x.rpm 447f7beeadd7fbf5c20bff791aa01993 php-bcmath-5.1.6-11.el5.s390x.rpm a1945ee0fb7292318e5d2e94771f74a3 php-cli-5.1.6-11.el5.s390x.rpm 32dee0fc91006ae761fcfde592cd94ad php-common-5.1.6-11.el5.s390x.rpm 623b96dade743a60ca60aff42d77dfb9 php-dba-5.1.6-11.el5.s390x.rpm 70a523efb5dd8ef8142baca5c1843195 php-debuginfo-5.1.6-11.el5.s390x.rpm 023a3125038045d0ad91a837619c31f4 php-devel-5.1.6-11.el5.s390x.rpm 3918ccb7b01723501741b727e7d37c98 php-gd-5.1.6-11.el5.s390x.rpm d3620373bb72c6f106f49e10d92517c4 php-imap-5.1.6-11.el5.s390x.rpm daff492934155941111ad2cfa3dda25b php-ldap-5.1.6-11.el5.s390x.rpm bd3f9060ad1e210ea418e74574b8d8ec php-mbstring-5.1.6-11.el5.s390x.rpm 5aad9fab17b78542fed284605ae7db8c php-mysql-5.1.6-11.el5.s390x.rpm d90329cda9386195f0ee10803474474a php-ncurses-5.1.6-11.el5.s390x.rpm 2777213261dc62b7b6269bf694bbc532 php-odbc-5.1.6-11.el5.s390x.rpm 579567b50e96e4250c81ada9a6a42318 php-pdo-5.1.6-11.el5.s390x.rpm 8117672429d790b5791a80d51c43ef9b php-pgsql-5.1.6-11.el5.s390x.rpm 240087bce7f67e35c63193e2589a703c php-snmp-5.1.6-11.el5.s390x.rpm 645cbd9c82fa2501bc69b681fa3a644a php-soap-5.1.6-11.el5.s390x.rpm bd3c21a09517b135c8cdf8de61eb9fe2 php-xml-5.1.6-11.el5.s390x.rpm 2419051b6081fa84181b05baaefcaafd php-xmlrpc-5.1.6-11.el5.s390x.rpm
x86_64: eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm 8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm 705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm 1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm 25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm 1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm 7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm 649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm 6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm 6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm 0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm 3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm 4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm 9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583 http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGKIx/XlSAg2UNWIIRAln1AKCXgSf0DNCk3TH1y8Zc6BjxE37vIQCfZP5q uYkGk48K8XyhZcfhqWOwhpM= =ItHC -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|