Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: MDVSA-2009:248
Distribution: Mandriva
Plattformen: Mandriva 2009.1
Datum: Fr, 25. September 2009, 21:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
Applikationen: PHP

Originalnachricht

This is a multi-part message in MIME format...

------------=_1253908112-13155-2089


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:248
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : September 25, 2009
Affected: 2009.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities was discovered and corrected in php:

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.

This update provides a solution to these vulnerabilities.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
85e87867b1548801a6c2db93fc18fb9d
2009.1/i586/libphp5_common5-5.2.9-6.2mdv2009.1.i586.rpm
522dceebef8202cddd695f9962db1f18
2009.1/i586/php-bcmath-5.2.9-6.2mdv2009.1.i586.rpm
e4f245c0c1f296a7c3adac8daf7125d8
2009.1/i586/php-bz2-5.2.9-6.2mdv2009.1.i586.rpm
530e87e21a18e61a70d174213e51e3f1
2009.1/i586/php-calendar-5.2.9-6.2mdv2009.1.i586.rpm
d8075e6ce477d0c2c980696870b7d32c
2009.1/i586/php-cgi-5.2.9-6.2mdv2009.1.i586.rpm
17bdfb65700ac9515e89104afe26fc7c
2009.1/i586/php-cli-5.2.9-6.2mdv2009.1.i586.rpm
03719088b010f503a60a9b60d55d268d
2009.1/i586/php-ctype-5.2.9-6.2mdv2009.1.i586.rpm
4d16e8a053e2c619e9b66ca8ad00394c
2009.1/i586/php-curl-5.2.9-6.2mdv2009.1.i586.rpm
a229d229ec0c305532a9d522727ca817
2009.1/i586/php-dba-5.2.9-6.2mdv2009.1.i586.rpm
d3c14dbf23f93d6f3f348f116a26acb1
2009.1/i586/php-dbase-5.2.9-6.2mdv2009.1.i586.rpm
b449e0fbe5dca4baa1bffac5bcc85e07
2009.1/i586/php-devel-5.2.9-6.2mdv2009.1.i586.rpm
1dac1b2cc84dfbf9993f2aa26939ffb4
2009.1/i586/php-dom-5.2.9-6.2mdv2009.1.i586.rpm
1ef14250dc32846e0395a07f4829d52c
2009.1/i586/php-exif-5.2.9-6.2mdv2009.1.i586.rpm
d066223f07fdf6af0722848d82364348
2009.1/i586/php-fcgi-5.2.9-6.2mdv2009.1.i586.rpm
aa3d6954c1e78d2653a52ecf16e471ff
2009.1/i586/php-filter-5.2.9-6.2mdv2009.1.i586.rpm
35d3f28617e885a4e750bcd3a97ecba0
2009.1/i586/php-ftp-5.2.9-6.2mdv2009.1.i586.rpm
9174368e959c14b7a5addd08d4874017
2009.1/i586/php-gd-5.2.9-6.2mdv2009.1.i586.rpm
1af200e3d52ea023318a5495d541b1e4
2009.1/i586/php-gettext-5.2.9-6.2mdv2009.1.i586.rpm
8c491c96a8ece15d5d60aa5aa2ceab0c
2009.1/i586/php-gmp-5.2.9-6.2mdv2009.1.i586.rpm
ae5c5fcc780bdd07d88cfcd349d30e58
2009.1/i586/php-hash-5.2.9-6.2mdv2009.1.i586.rpm
2a517cb53a676165d3a4de358c0f148e
2009.1/i586/php-iconv-5.2.9-6.2mdv2009.1.i586.rpm
1a4c3ab931cd2df5a347170f36c338f7
2009.1/i586/php-imap-5.2.9-6.2mdv2009.1.i586.rpm
37aba4274ae00ded7e087bbb8605f221
2009.1/i586/php-json-5.2.9-6.2mdv2009.1.i586.rpm
c10f22cb6dcb0e5016c0535738132065
2009.1/i586/php-ldap-5.2.9-6.2mdv2009.1.i586.rpm
5ef7cd867bfd5b2c329a3e4723f84247
2009.1/i586/php-mbstring-5.2.9-6.2mdv2009.1.i586.rpm
3de9ad85e6bad9da2f028bb408e33da7
2009.1/i586/php-mcrypt-5.2.9-6.2mdv2009.1.i586.rpm
0fc60371b161403a58c02e4f964d4b83
2009.1/i586/php-mhash-5.2.9-6.2mdv2009.1.i586.rpm
5294173b4191fb03944840c8679967b0
2009.1/i586/php-mime_magic-5.2.9-6.2mdv2009.1.i586.rpm
9df85b613e24cbd38b74978e4e28301c
2009.1/i586/php-ming-5.2.9-6.2mdv2009.1.i586.rpm
f2113d23146f1a295579fe6fc012aa1f
2009.1/i586/php-mssql-5.2.9-6.2mdv2009.1.i586.rpm
3d8b142f6a4b5290623ef5b28395cd36
2009.1/i586/php-mysql-5.2.9-6.2mdv2009.1.i586.rpm
12e09193a2be5a3dfc960e9def73278f
2009.1/i586/php-mysqli-5.2.9-6.2mdv2009.1.i586.rpm
1551a51c721087d3b92260d9f585274b
2009.1/i586/php-ncurses-5.2.9-6.2mdv2009.1.i586.rpm
916f591a0a987ff98c92cde1cc961e5b
2009.1/i586/php-odbc-5.2.9-6.2mdv2009.1.i586.rpm
7cf7be81f66e25ac0695644785808bfc
2009.1/i586/php-openssl-5.2.9-6.2mdv2009.1.i586.rpm
f3ba03b40095cc1d08f1a1c725208e80
2009.1/i586/php-pcntl-5.2.9-6.2mdv2009.1.i586.rpm
9814280eb36dc952fa84195dee51fcb9
2009.1/i586/php-pdo-5.2.9-6.2mdv2009.1.i586.rpm
6eca042187056998cce3218d29b6fe64
2009.1/i586/php-pdo_dblib-5.2.9-6.2mdv2009.1.i586.rpm
1db4d26269a9a625e8dd7fce3fb6fac3
2009.1/i586/php-pdo_mysql-5.2.9-6.2mdv2009.1.i586.rpm
8fb1ec5235174c0f4f2aed4a059820d0
2009.1/i586/php-pdo_odbc-5.2.9-6.2mdv2009.1.i586.rpm
48cbbd29283af0a26ef08f0a8c43764f
2009.1/i586/php-pdo_pgsql-5.2.9-6.2mdv2009.1.i586.rpm
52057a39b6523cbdc8c345d55708a726
2009.1/i586/php-pdo_sqlite-5.2.9-6.2mdv2009.1.i586.rpm
182deb058e30c6231b5e1b6e9c716773
2009.1/i586/php-pgsql-5.2.9-6.2mdv2009.1.i586.rpm
77a01e22aabdcac128d332a49cdf22c2
2009.1/i586/php-posix-5.2.9-6.2mdv2009.1.i586.rpm
43a6792914cedc5784a8d632c85906c2
2009.1/i586/php-pspell-5.2.9-6.2mdv2009.1.i586.rpm
b45752be458fcdc318624aa8ec5b7282
2009.1/i586/php-readline-5.2.9-6.2mdv2009.1.i586.rpm
69765de70de2a84fe5924e68d176c083
2009.1/i586/php-recode-5.2.9-6.2mdv2009.1.i586.rpm
b1e80b8432ac9e51c80cdddbb26cd21a
2009.1/i586/php-session-5.2.9-6.2mdv2009.1.i586.rpm
8562d7ac3ef9ecafbcbedfc5aeb4d4d0
2009.1/i586/php-shmop-5.2.9-6.2mdv2009.1.i586.rpm
e1613016a170a96713fcf6da6682477a
2009.1/i586/php-snmp-5.2.9-6.2mdv2009.1.i586.rpm
2e0a5ce706ab444411fc63bfd3e9c8e6
2009.1/i586/php-soap-5.2.9-6.2mdv2009.1.i586.rpm
d625751f8c8e4abdf1d362142d76c787
2009.1/i586/php-sockets-5.2.9-6.2mdv2009.1.i586.rpm
36dbb23dee2862046ce74ad84b8dd0fe
2009.1/i586/php-sqlite-5.2.9-6.2mdv2009.1.i586.rpm
0a50e296bbcb03f1eae5e1842b719fcc
2009.1/i586/php-sybase-5.2.9-6.2mdv2009.1.i586.rpm
de1659a6aff4c99b63dc8c1164d2fe61
2009.1/i586/php-sysvmsg-5.2.9-6.2mdv2009.1.i586.rpm
2189b13becc4418b0c298ee139b4f8f2
2009.1/i586/php-sysvsem-5.2.9-6.2mdv2009.1.i586.rpm
eeeb083fd84b49c50fb6bfb402332dc1
2009.1/i586/php-sysvshm-5.2.9-6.2mdv2009.1.i586.rpm
99a1a6307e2e25ebd77932496a76efe8
2009.1/i586/php-tidy-5.2.9-6.2mdv2009.1.i586.rpm
5eb2422032a81fd035ed0a835e264fa2
2009.1/i586/php-tokenizer-5.2.9-6.2mdv2009.1.i586.rpm
0a372bc1e6df667a9d26c6218ad0a8c6
2009.1/i586/php-wddx-5.2.9-6.2mdv2009.1.i586.rpm
a0b1cd31b14ab59fd5be536a7e5701c9
2009.1/i586/php-xml-5.2.9-6.2mdv2009.1.i586.rpm
5046cfd407bfd096fa615ab44f8415a1
2009.1/i586/php-xmlreader-5.2.9-6.2mdv2009.1.i586.rpm
0b8fd99b5c6de57491d43e9e691b6dcb
2009.1/i586/php-xmlrpc-5.2.9-6.2mdv2009.1.i586.rpm
58bd68197b5d38eca13d24cad5a50e36
2009.1/i586/php-xmlwriter-5.2.9-6.2mdv2009.1.i586.rpm
c062198e507c9b17a27eed035ffe1eb5
2009.1/i586/php-xsl-5.2.9-6.2mdv2009.1.i586.rpm
4d5c7dc89e290ed2366d5bfd33584c56
2009.1/i586/php-zip-5.2.9-6.2mdv2009.1.i586.rpm
c7c66b802cc467f02b1b88bdc18b5aa5
2009.1/i586/php-zlib-5.2.9-6.2mdv2009.1.i586.rpm
14ce077421185006aca3c756375f008b 2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
87161d3c159b4ef92ff2496ccac2df7a
2009.1/x86_64/lib64php5_common5-5.2.9-6.2mdv2009.1.x86_64.rpm
2cdc374b15af8866d1570ac45adc2d19
2009.1/x86_64/php-bcmath-5.2.9-6.2mdv2009.1.x86_64.rpm
aa3e358a57c536a98e08862d310b130d
2009.1/x86_64/php-bz2-5.2.9-6.2mdv2009.1.x86_64.rpm
089b7350d826be1e602c212997ca43aa
2009.1/x86_64/php-calendar-5.2.9-6.2mdv2009.1.x86_64.rpm
e05cfd39d2acaf7b0c747205afdbafd8
2009.1/x86_64/php-cgi-5.2.9-6.2mdv2009.1.x86_64.rpm
e52616165bae90bc50434645ae889ba2
2009.1/x86_64/php-cli-5.2.9-6.2mdv2009.1.x86_64.rpm
02f92d9ccbeed27c68f999a08ae1bb74
2009.1/x86_64/php-ctype-5.2.9-6.2mdv2009.1.x86_64.rpm
4a4f312fa9c8b47c85346fe43ee280fe
2009.1/x86_64/php-curl-5.2.9-6.2mdv2009.1.x86_64.rpm
d50ecf0df916ba2b005ed9aef6b7ee00
2009.1/x86_64/php-dba-5.2.9-6.2mdv2009.1.x86_64.rpm
8bb5fecba66fa1f45818841c2e3119c7
2009.1/x86_64/php-dbase-5.2.9-6.2mdv2009.1.x86_64.rpm
29e26f8dd9992765b9ab115695d53487
2009.1/x86_64/php-devel-5.2.9-6.2mdv2009.1.x86_64.rpm
2fbbef91b647b73ecb28a16e0b20c488
2009.1/x86_64/php-dom-5.2.9-6.2mdv2009.1.x86_64.rpm
963db6b3a197618b2909ff47c03ec93e
2009.1/x86_64/php-exif-5.2.9-6.2mdv2009.1.x86_64.rpm
46c2a26f74d9a0b05f31f435d2e52d12
2009.1/x86_64/php-fcgi-5.2.9-6.2mdv2009.1.x86_64.rpm
b7cd04b9c3cda09a22fce1bac23269b3
2009.1/x86_64/php-filter-5.2.9-6.2mdv2009.1.x86_64.rpm
080bffb0d573549dfedd92580ff9d52d
2009.1/x86_64/php-ftp-5.2.9-6.2mdv2009.1.x86_64.rpm
0911154fa6039a0afe2a9ed97641171c
2009.1/x86_64/php-gd-5.2.9-6.2mdv2009.1.x86_64.rpm
dd674b3c6e2a947efd3b7141950461a5
2009.1/x86_64/php-gettext-5.2.9-6.2mdv2009.1.x86_64.rpm
ed7f7469ea0a25d7ccf3c8cfb1f9e636
2009.1/x86_64/php-gmp-5.2.9-6.2mdv2009.1.x86_64.rpm
286eaef3b1cc89b4731d56d59ab981a7
2009.1/x86_64/php-hash-5.2.9-6.2mdv2009.1.x86_64.rpm
3b872a3a221f411ade41c99cb7d51fb8
2009.1/x86_64/php-iconv-5.2.9-6.2mdv2009.1.x86_64.rpm
0b256ee66d4cbe6c2b4c73c2595edc43
2009.1/x86_64/php-imap-5.2.9-6.2mdv2009.1.x86_64.rpm
32650ba3e635036500b581778352f584
2009.1/x86_64/php-json-5.2.9-6.2mdv2009.1.x86_64.rpm
147f7913e5aafa98babee853a95ac8de
2009.1/x86_64/php-ldap-5.2.9-6.2mdv2009.1.x86_64.rpm
a6ba9f430e1d6d99e082aefed08711da
2009.1/x86_64/php-mbstring-5.2.9-6.2mdv2009.1.x86_64.rpm
8b2b749896ab0468242362ab350a5865
2009.1/x86_64/php-mcrypt-5.2.9-6.2mdv2009.1.x86_64.rpm
01ce4ab0320c725e2081f2d79e5969a1
2009.1/x86_64/php-mhash-5.2.9-6.2mdv2009.1.x86_64.rpm
310b3bc146d06143f0f7d92d7816459d
2009.1/x86_64/php-mime_magic-5.2.9-6.2mdv2009.1.x86_64.rpm
a860f058befbed412bc8e1112c22eefd
2009.1/x86_64/php-ming-5.2.9-6.2mdv2009.1.x86_64.rpm
56e0cae3517d53962295eecbaab3119e
2009.1/x86_64/php-mssql-5.2.9-6.2mdv2009.1.x86_64.rpm
65be7a2aa882dbe0a416319c3fe6b1af
2009.1/x86_64/php-mysql-5.2.9-6.2mdv2009.1.x86_64.rpm
5f50ead57339280cfc8115483d1b9cb7
2009.1/x86_64/php-mysqli-5.2.9-6.2mdv2009.1.x86_64.rpm
2960093a83589892d2fce5dfb3d3498b
2009.1/x86_64/php-ncurses-5.2.9-6.2mdv2009.1.x86_64.rpm
2c933d73b441c02a43739f475cee4ea7
2009.1/x86_64/php-odbc-5.2.9-6.2mdv2009.1.x86_64.rpm
0eac641892d2cfbf871ea8aa1f2fd2e8
2009.1/x86_64/php-openssl-5.2.9-6.2mdv2009.1.x86_64.rpm
701c71a52ff7d776e42f8d1bdea592cd
2009.1/x86_64/php-pcntl-5.2.9-6.2mdv2009.1.x86_64.rpm
632035edb60e13778978ac51bb69c849
2009.1/x86_64/php-pdo-5.2.9-6.2mdv2009.1.x86_64.rpm
be87405c1568f2b3c6c53eea74c422e6
2009.1/x86_64/php-pdo_dblib-5.2.9-6.2mdv2009.1.x86_64.rpm
3daf4fd63832ccfbe876c998ab321d3b
2009.1/x86_64/php-pdo_mysql-5.2.9-6.2mdv2009.1.x86_64.rpm
54b7a7bec908451404f229103a9a5127
2009.1/x86_64/php-pdo_odbc-5.2.9-6.2mdv2009.1.x86_64.rpm
25ccde4246c6204dfaa769d54eff97a7
2009.1/x86_64/php-pdo_pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm
44359c40034cc2f19faff6ae6ae9e121
2009.1/x86_64/php-pdo_sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm
ed77502e3b459fa4ca802a3cdb30f308
2009.1/x86_64/php-pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm
9fc636d9e9586bc7c21998fad4aee576
2009.1/x86_64/php-posix-5.2.9-6.2mdv2009.1.x86_64.rpm
7dbcddb6aed8923bd042e1335716e311
2009.1/x86_64/php-pspell-5.2.9-6.2mdv2009.1.x86_64.rpm
f5fcaac786dfd831d59ea8ad6fc28038
2009.1/x86_64/php-readline-5.2.9-6.2mdv2009.1.x86_64.rpm
77eac443f9815c6d0ef8e8fd568db4ee
2009.1/x86_64/php-recode-5.2.9-6.2mdv2009.1.x86_64.rpm
856bf3e9057af8bde882438ad1eee118
2009.1/x86_64/php-session-5.2.9-6.2mdv2009.1.x86_64.rpm
69cca73c0beddcb52e446d63a73d21e5
2009.1/x86_64/php-shmop-5.2.9-6.2mdv2009.1.x86_64.rpm
5d8581b3f8e53b8f52da2da0a73884cc
2009.1/x86_64/php-snmp-5.2.9-6.2mdv2009.1.x86_64.rpm
29ea7403270f17ec5bd30b9112205411
2009.1/x86_64/php-soap-5.2.9-6.2mdv2009.1.x86_64.rpm
e93c577279cb9cb056bba35e2b186bff
2009.1/x86_64/php-sockets-5.2.9-6.2mdv2009.1.x86_64.rpm
3bc830edc296be56698d4f13a3ff88e8
2009.1/x86_64/php-sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm
e121a968ed9ef0973768b780f76f8d32
2009.1/x86_64/php-sybase-5.2.9-6.2mdv2009.1.x86_64.rpm
fb49c489aee9191893c0938ae9cb8e92
2009.1/x86_64/php-sysvmsg-5.2.9-6.2mdv2009.1.x86_64.rpm
e9aaeeed090a397dc7c003987429de0b
2009.1/x86_64/php-sysvsem-5.2.9-6.2mdv2009.1.x86_64.rpm
01f1e4c93d7e6382144f20bb59b2ef70
2009.1/x86_64/php-sysvshm-5.2.9-6.2mdv2009.1.x86_64.rpm
6267e5a98a49282341ea3dc179924d5e
2009.1/x86_64/php-tidy-5.2.9-6.2mdv2009.1.x86_64.rpm
92acb690eb21aa10409c84ff68eef490
2009.1/x86_64/php-tokenizer-5.2.9-6.2mdv2009.1.x86_64.rpm
4525cab46df252d7599cefa4627ab0c3
2009.1/x86_64/php-wddx-5.2.9-6.2mdv2009.1.x86_64.rpm
3ba5b1bec63ba7291223826530f33e7b
2009.1/x86_64/php-xml-5.2.9-6.2mdv2009.1.x86_64.rpm
22731636ce30cf7913ca761d46730159
2009.1/x86_64/php-xmlreader-5.2.9-6.2mdv2009.1.x86_64.rpm
d247b289eb6f6e88cfe17c2e7013a569
2009.1/x86_64/php-xmlrpc-5.2.9-6.2mdv2009.1.x86_64.rpm
0a00ebcb1987da46f68dc21dc007cad9
2009.1/x86_64/php-xmlwriter-5.2.9-6.2mdv2009.1.x86_64.rpm
fad982207327d8e636c6f691e842755b
2009.1/x86_64/php-xsl-5.2.9-6.2mdv2009.1.x86_64.rpm
bbda8f6739f36ba02e858840c5070a75
2009.1/x86_64/php-zip-5.2.9-6.2mdv2009.1.x86_64.rpm
d40567ee2da7a95b876bff21b748ca3e
2009.1/x86_64/php-zlib-5.2.9-6.2mdv2009.1.x86_64.rpm
14ce077421185006aca3c756375f008b 2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKvPNGmqjQ0CJFipgRAjbJAJ0SV+VlWt41Ne7Zk9zYP2gR9bLkOgCggoJr
FZ9YGT2ZplNudvKNgYo0c0k=
=eYIU
-----END PGP SIGNATURE-----


------------=_1253908112-13155-2089
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1253908112-13155-2089--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung