Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in php
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in php
ID: MDKSA-2007:102
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2007.0, Mandriva 2007.1
Datum: Fr, 11. Mai 2007, 04:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511
Applikationen: PHP

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1178850640-8862-6164


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:102
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : May 10, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A heap buffer overflow flaw was found in the xmlrpc extension for PHP.
 A script that implements an XML-RPC server using this extension could
 allow a remote attacker to execute arbitrary code as the apache user.
 This flaw does not, however, affect PHP applications using the pure-PHP
 XML_RPC class provided via PEAR (CVE-2007-1864).
 
 A flaw was found in the ftp extension for PHP.  A script using
 this extension to provide access to a private FTP server and which
 passed untrusted script input directly to any function provided by
 this extension could allow a remote attacker to send arbitrary FTP
 commands to the server (CVE-2007-2509).
 
 A buffer overflow flaw was found in the soap extension for PHP
 in the handling of an HTTP redirect response when using the SOAP
 client provided by the extension with an untrusted SOAP server
 (CVE-2007-2510).
 
 A buffer overflow in the user_filter_factory_create() function has
 unknown impact and local attack vectors (CVE-2007-2511).
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 9e0a7c06446b813079775e0b21113c35 
 2007.0/i586/libphp5_common5-5.1.6-1.8mdv2007.0.i586.rpm
 a9fbb8f3a69749c14794f25ed9c4fb4a 
 2007.0/i586/php-cgi-5.1.6-1.8mdv2007.0.i586.rpm
 343800759b3f2c748e902b578c983b31 
 2007.0/i586/php-cli-5.1.6-1.8mdv2007.0.i586.rpm
 f144fe50b14fe959782ee648bc5ac9c3 
 2007.0/i586/php-devel-5.1.6-1.8mdv2007.0.i586.rpm
 1ab27ba607339b5da160f4222e4785f2 
 2007.0/i586/php-fcgi-5.1.6-1.8mdv2007.0.i586.rpm
 fe0bb39c1ab53cf83b39c58714247b3f 
 2007.0/i586/php-ftp-5.1.6-1.1mdv2007.0.i586.rpm
 930f34d92678a52b2ce6e83cb28a693f 
 2007.0/i586/php-soap-5.1.6-1.1mdv2007.0.i586.rpm
 4469d5f7cdec688feba83a30698a7e9a 
 2007.0/i586/php-xmlrpc-5.1.6-1.1mdv2007.0.i586.rpm 
 d7102292c93885b089d35caaff6005b7  2007.0/SRPMS/php-5.1.6-1.8mdv2007.0.src.rpm
 239e5928d8a53c749c128e8ddc75746f 
 2007.0/SRPMS/php-ftp-5.1.6-1.1mdv2007.0.src.rpm
 ef26d693f275ba3755dcebd89f2f0d54 
 2007.0/SRPMS/php-soap-5.1.6-1.1mdv2007.0.src.rpm
 51fdcfb1821296eb9b69cefd136faf5e 
 2007.0/SRPMS/php-xmlrpc-5.1.6-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 4d514769b03d199a1f96982e6d2887e2 
 2007.0/x86_64/lib64php5_common5-5.1.6-1.8mdv2007.0.x86_64.rpm
 dcb785c5dc18be7817c3c6e5c22c4156 
 2007.0/x86_64/php-cgi-5.1.6-1.8mdv2007.0.x86_64.rpm
 c9d3851f0b201e1ac248fc448b507a70 
 2007.0/x86_64/php-cli-5.1.6-1.8mdv2007.0.x86_64.rpm
 c56837be9c8e4850bc15082c2ea6b7f6 
 2007.0/x86_64/php-devel-5.1.6-1.8mdv2007.0.x86_64.rpm
 50c8b6228670b93318e4db01f464f327 
 2007.0/x86_64/php-fcgi-5.1.6-1.8mdv2007.0.x86_64.rpm
 e8878dab282186a60846fa79c6a7ff12 
 2007.0/x86_64/php-ftp-5.1.6-1.1mdv2007.0.x86_64.rpm
 0c700664f8b9eabb6889247f63b8a2ff 
 2007.0/x86_64/php-soap-5.1.6-1.1mdv2007.0.x86_64.rpm
 d8159dcb23ebd35ec65e9988c51e8077 
 2007.0/x86_64/php-xmlrpc-5.1.6-1.1mdv2007.0.x86_64.rpm 
 d7102292c93885b089d35caaff6005b7  2007.0/SRPMS/php-5.1.6-1.8mdv2007.0.src.rpm
 239e5928d8a53c749c128e8ddc75746f 
 2007.0/SRPMS/php-ftp-5.1.6-1.1mdv2007.0.src.rpm
 ef26d693f275ba3755dcebd89f2f0d54 
 2007.0/SRPMS/php-soap-5.1.6-1.1mdv2007.0.src.rpm
 51fdcfb1821296eb9b69cefd136faf5e 
 2007.0/SRPMS/php-xmlrpc-5.1.6-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 888da0d6a1c570e006b70d3d61b74118 
 2007.1/i586/libphp5_common5-5.2.1-4.2mdv2007.1.i586.rpm
 c398e10cccc582eece4b5620c4f63ce0 
 2007.1/i586/php-cgi-5.2.1-4.2mdv2007.1.i586.rpm
 83ed8f228e65da902f2e2fe701af9775 
 2007.1/i586/php-cli-5.2.1-4.2mdv2007.1.i586.rpm
 b492372b2e170b529cf9594b2471098b 
 2007.1/i586/php-devel-5.2.1-4.2mdv2007.1.i586.rpm
 a075fce9b55f9eee29f40dddd7adcd85 
 2007.1/i586/php-fcgi-5.2.1-4.2mdv2007.1.i586.rpm
 e2c50d2aec5905cf36199b51a3fc9996 
 2007.1/i586/php-ftp-5.2.1-1.1mdv2007.1.i586.rpm
 283e088a1a51b05203c819da3628a215 
 2007.1/i586/php-openssl-5.2.1-4.2mdv2007.1.i586.rpm
 b573393fee439ad07f7a171d7f19fcc9 
 2007.1/i586/php-soap-5.2.1-1.1mdv2007.1.i586.rpm
 879268bc4d99891f35cc51dc48509693 
 2007.1/i586/php-xmlrpc-5.2.1-1.1mdv2007.1.i586.rpm
 0801e43d083f307ca9647ee7f956c418 
 2007.1/i586/php-zlib-5.2.1-4.2mdv2007.1.i586.rpm 
 c871caed81c2756605036c551860511d  2007.1/SRPMS/php-5.2.1-4.2mdv2007.1.src.rpm
 0a5c8faf80552ac48c612be0bc694f20 
 2007.1/SRPMS/php-ftp-5.2.1-1.1mdv2007.1.src.rpm
 cbeda10353be0ce9d5412fc0dbada997 
 2007.1/SRPMS/php-soap-5.2.1-1.1mdv2007.1.src.rpm
 1da80b11eb48516f303f214195fb7f48 
 2007.1/SRPMS/php-xmlrpc-5.2.1-1.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 04c572d2ade5326c1466ce86cac25a4a 
 2007.1/x86_64/lib64php5_common5-5.2.1-4.2mdv2007.1.x86_64.rpm
 72b14c819dcbbe579f02877446d4665b 
 2007.1/x86_64/php-cgi-5.2.1-4.2mdv2007.1.x86_64.rpm
 8e44a5bc06d1690b5aed76863ecb4ab9 
 2007.1/x86_64/php-cli-5.2.1-4.2mdv2007.1.x86_64.rpm
 a31b209aecd4b65898f444a2e54429ae 
 2007.1/x86_64/php-devel-5.2.1-4.2mdv2007.1.x86_64.rpm
 712e7b8c58366589daf34c189fb780d3 
 2007.1/x86_64/php-fcgi-5.2.1-4.2mdv2007.1.x86_64.rpm
 bfd4bdcb2d0a5b6ce40bbf1bdbf92c34 
 2007.1/x86_64/php-ftp-5.2.1-1.1mdv2007.1.x86_64.rpm
 71373d76b719c3f88a87c81b277403e5 
 2007.1/x86_64/php-openssl-5.2.1-4.2mdv2007.1.x86_64.rpm
 019b04338019939b68e7dd2b7133bfcb 
 2007.1/x86_64/php-soap-5.2.1-1.1mdv2007.1.x86_64.rpm
 295c266bc58f787ced40c5b19bf8ac51 
 2007.1/x86_64/php-xmlrpc-5.2.1-1.1mdv2007.1.x86_64.rpm
 7d0b9653eac35a5fbe99d4850c0c2976 
 2007.1/x86_64/php-zlib-5.2.1-4.2mdv2007.1.x86_64.rpm 
 c871caed81c2756605036c551860511d  2007.1/SRPMS/php-5.2.1-4.2mdv2007.1.src.rpm
 0a5c8faf80552ac48c612be0bc694f20 
 2007.1/SRPMS/php-ftp-5.2.1-1.1mdv2007.1.src.rpm
 cbeda10353be0ce9d5412fc0dbada997 
 2007.1/SRPMS/php-soap-5.2.1-1.1mdv2007.1.src.rpm
 1da80b11eb48516f303f214195fb7f48 
 2007.1/SRPMS/php-xmlrpc-5.2.1-1.1mdv2007.1.src.rpm

 Corporate 4.0:
 541ec0d4bd065819fd5de0345271725a 
 corporate/4.0/i586/libphp5_common5-5.1.6-1.7.20060mlcs4.i586.rpm
 1b961a0d43019c0b1702e89049a84874 
 corporate/4.0/i586/php-cgi-5.1.6-1.7.20060mlcs4.i586.rpm
 1bc38555880faa6b5db431c07d3742af 
 corporate/4.0/i586/php-cli-5.1.6-1.7.20060mlcs4.i586.rpm
 64491744bae5210b6d4e42a17f90c469 
 corporate/4.0/i586/php-devel-5.1.6-1.7.20060mlcs4.i586.rpm
 d0163400726e451bc70eebfa2b8ff8cf 
 corporate/4.0/i586/php-fcgi-5.1.6-1.7.20060mlcs4.i586.rpm
 025a55227972e61802383a635c2ed079 
 corporate/4.0/i586/php-ftp-5.1.6-1.1.20060mlcs4.i586.rpm
 f403a917dc5ec71e22838df9ef4b0056 
 corporate/4.0/i586/php-soap-5.1.6-1.1.20060mlcs4.i586.rpm
 5f65dc5ebe901a313cfc9234eda9fc23 
 corporate/4.0/i586/php-xmlrpc-5.1.6-1.1.20060mlcs4.i586.rpm 
 ee7ba870487ce356fe245fbc656356e5 
 corporate/4.0/SRPMS/php-5.1.6-1.7.20060mlcs4.src.rpm
 0215d16b276dfb23853757c5faf5f421 
 corporate/4.0/SRPMS/php-ftp-5.1.6-1.1.20060mlcs4.src.rpm
 941ec9715e80441950e47ca0517805e9 
 corporate/4.0/SRPMS/php-soap-5.1.6-1.1.20060mlcs4.src.rpm
 46ee561cff952e60367ef056d6541c6f 
 corporate/4.0/SRPMS/php-xmlrpc-5.1.6-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f507eea19a26bb21379905bfdfd0f824 
 corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.7.20060mlcs4.x86_64.rpm
 c2b6cb9eff1254f6ce7518fd26cc532e 
 corporate/4.0/x86_64/php-cgi-5.1.6-1.7.20060mlcs4.x86_64.rpm
 980bb3942284c10a56834ef30ed3cb7d 
 corporate/4.0/x86_64/php-cli-5.1.6-1.7.20060mlcs4.x86_64.rpm
 dcb189bb7be8665cb546ef7ab02a0af2 
 corporate/4.0/x86_64/php-devel-5.1.6-1.7.20060mlcs4.x86_64.rpm
 e90deb547bfafe90f5719f4397ea0134 
 corporate/4.0/x86_64/php-fcgi-5.1.6-1.7.20060mlcs4.x86_64.rpm
 04a09ca766e17788d34de8dae17c9ead 
 corporate/4.0/x86_64/php-ftp-5.1.6-1.1.20060mlcs4.x86_64.rpm
 728ca6786465d9d7e10abcaf196f6249 
 corporate/4.0/x86_64/php-soap-5.1.6-1.1.20060mlcs4.x86_64.rpm
 8f1904a291d30f800d483ffc8288599f 
 corporate/4.0/x86_64/php-xmlrpc-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 ee7ba870487ce356fe245fbc656356e5 
 corporate/4.0/SRPMS/php-5.1.6-1.7.20060mlcs4.src.rpm
 0215d16b276dfb23853757c5faf5f421 
 corporate/4.0/SRPMS/php-ftp-5.1.6-1.1.20060mlcs4.src.rpm
 941ec9715e80441950e47ca0517805e9 
 corporate/4.0/SRPMS/php-soap-5.1.6-1.1.20060mlcs4.src.rpm
 46ee561cff952e60367ef056d6541c6f 
 corporate/4.0/SRPMS/php-xmlrpc-5.1.6-1.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGQ5romqjQ0CJFipgRAmVnAJ9whGuv+94H7CPsGQEn5SIM0lFDpgCaAxxk
kEDlGAD1UT8DmjOCXKWA1yQ=
=64Jo
-----END PGP SIGNATURE-----


------------=_1178850640-8862-6164
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1178850640-8862-6164--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung