drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php4
Name: |
Mehrere Probleme in php4 |
|
ID: |
MDVSA-2009:024 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva Corporate 3.0, Mandriva Multi Network Firewall 2.0, Mandriva Corporate 4.0 |
|
Datum: |
Do, 22. Januar 2009, 02:15 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 |
|
Applikationen: |
PHP |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1232586912-14940-7756
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:024 http://www.mandriva.com/security/ _______________________________________________________________________
Package : php4 Date : January 21, 2009 Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________
Problem Description:
A buffer overflow in the imageloadfont() function in PHP allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via a crafted font file (CVE-2008-3658). A buffer overflow in the memnstr() function allowed context-dependent attackers to cause a denial of service (crash) and potentially execute arbitrary code via the delimiter argument to the explode() function (CVE-2008-3659). PHP, when used as a FastCGI module, allowed remote attackers to cause a denial of service (crash) via a request with multiple dots preceding the extension (CVE-2008-3660). The updated packages have been patched to correct these issues. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660 _______________________________________________________________________
Updated Packages:
Corporate 3.0: acf26c8efc90342d906e59c0444bd46a corporate/3.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm f7cf98731681e6af45aca3dd2246c0f7 corporate/3.0/i586/php432-devel-4.3.4-4.29.C30mdk.i586.rpm 8f8d00fa42b95a28e77d600d081c95d9 corporate/3.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm d6b96c7cf8d6416ec3d8bb111c4440da corporate/3.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm 57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
Corporate 3.0/X86_64: 8164e4bfb1a7ffb5fd1bca2afcaef9ef corporate/3.0/x86_64/lib64php_common432-4.3.4-4.29.C30mdk.x86_64.rpm 625a98ec0ec42052ffbb9da5f8b9caca corporate/3.0/x86_64/php432-devel-4.3.4-4.29.C30mdk.x86_64.rpm 5b3143860009e7cf82f323e45f575324 corporate/3.0/x86_64/php-cgi-4.3.4-4.29.C30mdk.x86_64.rpm 48bff6270d231dffc8a5fbfbe0d1630e corporate/3.0/x86_64/php-cli-4.3.4-4.29.C30mdk.x86_64.rpm 57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
Corporate 4.0: 828884555043ebbf5af7d91d8a6401ad corporate/4.0/i586/libphp4_common4-4.4.4-1.9.20060mlcs4.i586.rpm ac0b8ea0e61fdda9e8716fde02f25100 corporate/4.0/i586/php4-cgi-4.4.4-1.9.20060mlcs4.i586.rpm 19eddb6987778bee19f9978cc59cb54b corporate/4.0/i586/php4-cli-4.4.4-1.9.20060mlcs4.i586.rpm 4ea6bb54f1ea066cd6ee29d894d9a0fd corporate/4.0/i586/php4-devel-4.4.4-1.9.20060mlcs4.i586.rpm dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 60d3900495dd46161a6ba20fdbdfdd7d corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.9.20060mlcs4.x86_64.rpm 60e039c9d60030616e4f05c81ea29455 corporate/4.0/x86_64/php4-cgi-4.4.4-1.9.20060mlcs4.x86_64.rpm f8e9e9faf82d8edbe2d9bf88572f2311 corporate/4.0/x86_64/php4-cli-4.4.4-1.9.20060mlcs4.x86_64.rpm 5561a9c77979daf567d1acffc73d4918 corporate/4.0/x86_64/php4-devel-4.4.4-1.9.20060mlcs4.x86_64.rpm dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 0183137a3353b21a77e147b745d21ec4 mnf/2.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm 1173011f1e24f85619f78966b1533e11 mnf/2.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm b726b9c13b620a12c5e8603c197d76c9 mnf/2.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm 87805cd270bffde644fee3ec29ecfd54 mnf/2.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJd55+mqjQ0CJFipgRAmtGAJ45ZVHxX/mQROiWu/W+EmPyT+UwFgCfRdDR jaoTCVqDPgqPjX/k4OYu1Vk= =fHY4 -----END PGP SIGNATURE-----
------------=_1232586912-14940-7756 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1232586912-14940-7756--
|
|
|
|