Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in php4
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php4
ID: MDVSA-2008:129
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0
Datum: Fr, 4. Juli 2008, 05:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
Applikationen: PHP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1215141633-11275-7004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:129
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php4
Date : July 3, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
60cb1523549183eae75f173db44ce2d7
corporate/3.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm
4ba8abbdc22274e036ea6f7ae4909316
corporate/3.0/i586/php432-devel-4.3.4-4.28.C30mdk.i586.rpm
1f3277efa994d0e978704b0e1ef81cee
corporate/3.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm
ed7c11b9e615d50c2626cc8651b2aecb
corporate/3.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm
8969b7bbe0a389d9c17073a4734afe67
corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm

Corporate 3.0/X86_64:
fae5232b68c4347ea4ab1f424001ca36
corporate/3.0/x86_64/lib64php_common432-4.3.4-4.28.C30mdk.x86_64.rpm
e2d37f7e766faf61b01570d3b2763900
corporate/3.0/x86_64/php432-devel-4.3.4-4.28.C30mdk.x86_64.rpm
c6f7fbbca3e521fd092239da0e542f99
corporate/3.0/x86_64/php-cgi-4.3.4-4.28.C30mdk.x86_64.rpm
af7d5aca6faf6a432f19d445e5910c14
corporate/3.0/x86_64/php-cli-4.3.4-4.28.C30mdk.x86_64.rpm
8969b7bbe0a389d9c17073a4734afe67
corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm

Multi Network Firewall 2.0:
0aed85766f3a2938d9c1e33bb5a199ff
mnf/2.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm
c14ad69a438163322e9c4802be2a9162
mnf/2.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm
ed7c11b9e615d50c2626cc8651b2aecb
mnf/2.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm
523bafb85ede32063f4738e6426ab23d mnf/2.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIbWsumqjQ0CJFipgRAsxRAKCe0zLMaz8Akj/J/HCyhYExLp1GXgCeMKrt
qBH74ZN3vFcg99ivslfGoKE=
=rQ++
-----END PGP SIGNATURE-----


------------=_1215141633-11275-7004
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1215141633-11275-7004--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung