Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: MDVSA-2009:246
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0
Datum: Fr, 25. September 2009, 20:36
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
Applikationen: PHP

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1253903791-13155-2075


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:246
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : php
 Date    : September 25, 2009
 Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was discovered and corrected in php:
 
 The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
 attackers to cause a denial of service (file truncation) via a key with
 the NULL byte.  NOTE: this might only be a vulnerability in limited
 circumstances in which the attacker can modify or add database entries
 but does not have permissions to truncate the file (CVE-2008-7068).
 
 The php_openssl_apply_verification_policy function in PHP before
 5.2.11 does not properly perform certificate validation, which has
 unknown impact and attack vectors, probably related to an ability to
 spoof certificates (CVE-2009-3291).
 
 Unspecified vulnerability in PHP before 5.2.11 has unknown impact
 and attack vectors related to missing sanity checks around exif
 processing. (CVE-2009-3292)
 
 Unspecified vulnerability in the imagecolortransparent function in
 PHP before 5.2.11 has unknown impact and attack vectors related to
 an incorrect sanity check for the color index. (CVE-2009-3293)
 
 This update provides a solution to these vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 4a02595b5eea0b6875698b3171c6de18 
 corporate/3.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
 1d5d7040ec73f39c49be4cfb6424ccb1 
 corporate/3.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
 223f27eb0ba733c0898589f2bd9f939d 
 corporate/3.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
 f97c40bcbbff8baf4858b2021399f681 
 corporate/3.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
 ce14b49faa8a0e0e1f30446a9fd697dd 
 corporate/3.0/i586/php-dba_bundle-4.3.4-1.1.C30mdk.i586.rpm
 6dba56cf1716e33d1c672806b83a5c56 
 corporate/3.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm 
 6729a16844799b099c84a2ba1396dd47 
 corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 512d01dbfe8ef3037ec2045746342840 
 corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
 2d58a96f81c208cad9b65189156f92e0 
 corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a655f05bb696767a5c696b2b1e19b2af 
 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.30.C30mdk.x86_64.rpm
 3314420b910822f2f44f096d57ae26ad 
 corporate/3.0/x86_64/php432-devel-4.3.4-4.30.C30mdk.x86_64.rpm
 49183f06afa423ba77d25f22cd14e665 
 corporate/3.0/x86_64/php-cgi-4.3.4-4.30.C30mdk.x86_64.rpm
 7dd4d4d1f55102dc65f9a307cc2a567e 
 corporate/3.0/x86_64/php-cli-4.3.4-4.30.C30mdk.x86_64.rpm
 1383e2f9be11322cc66888d426e626cb 
 corporate/3.0/x86_64/php-dba_bundle-4.3.4-1.1.C30mdk.x86_64.rpm
 ee5a8f85e1746fd01fb98f8ae045bbff 
 corporate/3.0/x86_64/php-gd-4.3.4-1.8.C30mdk.x86_64.rpm 
 6729a16844799b099c84a2ba1396dd47 
 corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 512d01dbfe8ef3037ec2045746342840 
 corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
 2d58a96f81c208cad9b65189156f92e0 
 corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

 Corporate 4.0:
 45f2d838136d3294f4e7596a1408dffb 
 corporate/4.0/i586/libphp4_common4-4.4.4-1.12.20060mlcs4.i586.rpm
 c463bf145de6bf1c1db9617a24c5990b 
 corporate/4.0/i586/libphp5_common5-5.1.6-1.14.20060mlcs4.i586.rpm
 914be4bcb8007085dce3aad3199886a8 
 corporate/4.0/i586/php4-cgi-4.4.4-1.12.20060mlcs4.i586.rpm
 a79f33c63c659b8e19e3b53a3082586f 
 corporate/4.0/i586/php4-cli-4.4.4-1.12.20060mlcs4.i586.rpm
 1e0b3de1715819c4edb48335e88ca651 
 corporate/4.0/i586/php4-dba_bundle-4.4.4-1.1.20060mlcs4.i586.rpm
 b6b729eafe1d4baa6112831a64a3b360 
 corporate/4.0/i586/php4-devel-4.4.4-1.12.20060mlcs4.i586.rpm
 6b0b011b252fb1ceb8f441767d27f184 
 corporate/4.0/i586/php4-exif-4.4.4-1.2.20060mlcs4.i586.rpm
 4b46d5f0527c24e44a9dbab9f5513a65 
 corporate/4.0/i586/php-cgi-5.1.6-1.14.20060mlcs4.i586.rpm
 6984850d55cb492e6f0ee2d4f7655286 
 corporate/4.0/i586/php-cli-5.1.6-1.14.20060mlcs4.i586.rpm
 683507d8d6498eb22acd4bf67c08f3e1 
 corporate/4.0/i586/php-dba-5.1.6-1.1.20060mlcs4.i586.rpm
 0b9fe463ab494e9421f96d6124276fa6 
 corporate/4.0/i586/php-devel-5.1.6-1.14.20060mlcs4.i586.rpm
 00ba586a8ac5786de8c2196ab85d8cec 
 corporate/4.0/i586/php-exif-5.1.6-1.2.20060mlcs4.i586.rpm
 5b0686519a27b7faa3ba549fbc6ddce4 
 corporate/4.0/i586/php-fcgi-5.1.6-1.14.20060mlcs4.i586.rpm
 92c4a3461f37546cec2e0d203ee55c5f 
 corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm 
 000d8f8c7c014e06dc26aa0cb579c5d8 
 corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
 26fb6c37afef6a5fcd5208bad2ebc553 
 corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
 1dd0142cab4710111ea4ba356632e4f4 
 corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
 800e3ef31cb6a98c3c7391b53c100d1a 
 corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
 6e0180221caaa5f8fbaf72f269b0c1ff 
 corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
 3f84b5d0bd2e3ae9d8a6cc61ee842eba 
 corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
 fbc401dc2fbf97e849568d42f3a0907d 
 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f4673f56052dc7eba2ef99ec1a087b90 
 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.12.20060mlcs4.x86_64.rpm
 a1d13abd89f308b9acd14d642fcdd4f2 
 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.14.20060mlcs4.x86_64.rpm
 95d1663b8cb815525ae40f3a1ef60cae 
 corporate/4.0/x86_64/php4-cgi-4.4.4-1.12.20060mlcs4.x86_64.rpm
 bd86092a42f161beaf8a29b8e5f7531e 
 corporate/4.0/x86_64/php4-cli-4.4.4-1.12.20060mlcs4.x86_64.rpm
 67bc38c3e38ef6541828706179a13f1e 
 corporate/4.0/x86_64/php4-dba_bundle-4.4.4-1.1.20060mlcs4.x86_64.rpm
 f4d2a49b4abefbc5d517aae7630345f9 
 corporate/4.0/x86_64/php4-devel-4.4.4-1.12.20060mlcs4.x86_64.rpm
 547ed3d3a4cee4dc66da158241316b80 
 corporate/4.0/x86_64/php4-exif-4.4.4-1.2.20060mlcs4.x86_64.rpm
 391646867948bc40505a7346b3214e1b 
 corporate/4.0/x86_64/php-cgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
 a201cd45b38486f398081a1d16ac7d72 
 corporate/4.0/x86_64/php-cli-5.1.6-1.14.20060mlcs4.x86_64.rpm
 a67a0a8ba90e41f18fd36bc1f05e3311 
 corporate/4.0/x86_64/php-dba-5.1.6-1.1.20060mlcs4.x86_64.rpm
 a636fea041109d1d28c7323d4075179e 
 corporate/4.0/x86_64/php-devel-5.1.6-1.14.20060mlcs4.x86_64.rpm
 c02a5dda722f0d6fa7144feb8ba1ce50 
 corporate/4.0/x86_64/php-exif-5.1.6-1.2.20060mlcs4.x86_64.rpm
 e50415f8780f27db1b68a10a6d372a6f 
 corporate/4.0/x86_64/php-fcgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
 91fabbd879295321a4573cff179fec16 
 corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 000d8f8c7c014e06dc26aa0cb579c5d8 
 corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
 26fb6c37afef6a5fcd5208bad2ebc553 
 corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
 1dd0142cab4710111ea4ba356632e4f4 
 corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
 800e3ef31cb6a98c3c7391b53c100d1a 
 corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
 6e0180221caaa5f8fbaf72f269b0c1ff 
 corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
 3f84b5d0bd2e3ae9d8a6cc61ee842eba 
 corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
 fbc401dc2fbf97e849568d42f3a0907d 
 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 b4c61a34209cb2665757431b76c29618 
 mnf/2.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
 6a46ca28a0edfa8d4de397ea468c6b7e 
 mnf/2.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
 aeedd733f5d44af49cf0fbd5260833c4 
 mnf/2.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
 5fba6d630664beaaebf243da3fb4d287 
 mnf/2.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
 d18c9980d35f042f8aaf663fe2e2942d 
 mnf/2.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm 
 0dd3ff93902b0f993a5e767cc50e017b  mnf/2.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 a86659f66c2327f54c921ffccfc589cd 
 mnf/2.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKvOH8mqjQ0CJFipgRApIHAKDVI9Jw2rVhzWDAy60BrWFosZuCowCgpWhL
xPcS4xN6XLqETihUeqBrkFo=
=D0DO
-----END PGP SIGNATURE-----


------------=_1253903791-13155-2075
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1253903791-13155-2075--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung