LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: php Multple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Mandrake This patch resolves an improper memory_limit trigger as well as a possible XSS issue.

Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           php
 Advisory ID:            MDKSA-2004:068
 Date:                   July 14th, 2004

 Affected versions:	 10.0, 9.1, 9.2, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 Stefan Esser discovered a remotely exploitable vulnerability in PHP
 where a remote attacker could trigger a memory_limit request
 termination in places where an interruption is unsafe.  This could be
 used to execute arbitrary code.
 
 As well, Stefan Esser also found a vulnerability in the handling of
 allowed tags within PHP's strip_tags() function.  This could lead to
 a number of XSS issues on sites that rely on strip_tags(); however,
 this only seems to affect the Internet Explorer and Safari browsers.
 
 The updated packages have been patched to correct the problem and
 all users are encouraged to upgrade immediately.
 _______________________________________________________________________

 References:

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595
   http://security.e-matters.de/advisories/112004.html
   http://security.e-matters.de/advisories/122004.html
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 62cdddfba4a6efda574d9a7fbade926a  10.0/RPMS/libphp_common432-4.3.4-4.1.100mdk.i586.rpm
 c71dc50bc4db1eef210dcdb17bfefb84  10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.i586.rpm
 41ec866b7f9017e5e9697f758d96b7dd  10.0/RPMS/php-cli-4.3.4-4.1.100mdk.i586.rpm
 6cf53b4acfaf964f2ad27c26c7522850  10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.i586.rpm
 805c5ba7b90fd4e53fc09b46d2e4c00c  10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8f7909d54dca79d0778754a78447c378  amd64/10.0/RPMS/lib64php_common432-4.3.4-4.1.100mdk.amd64.rpm
 378466839541330d72df496acc9cd9da  amd64/10.0/RPMS/php-cgi-4.3.4-4.1.100mdk.amd64.rpm
 3e6b698ba65fd6acb035d97f7c872c79  amd64/10.0/RPMS/php-cli-4.3.4-4.1.100mdk.amd64.rpm
 62693eda687695449ff61aee7af8b844  amd64/10.0/RPMS/php432-devel-4.3.4-4.1.100mdk.amd64.rpm
 805c5ba7b90fd4e53fc09b46d2e4c00c  amd64/10.0/SRPMS/php-4.3.4-4.1.100mdk.src.rpm

 Corporate Server 2.1:
 e1326fedc5957661efd6eec69c4e66cf  corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.i586.rpm
 31337953ddfec7c379c8bcad70e97f7f  corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.i586.rpm
 346f004bb741c5d3a279d495eadc61c5  corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.i586.rpm
 91ef39ceeb256c72f449ebd2f73fdc3a  corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.i586.rpm
 06a1c08156a866f9b78e1949df881425  corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 da53a0003ad75379dd473ca297c9b4f0  x86_64/corporate/2.1/RPMS/php-4.2.3-4.2.C21mdk.x86_64.rpm
 190da4dbf19fd83c3e8b2db3ebe7e186  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.2.C21mdk.x86_64.rpm
 7c32a33ced47f7feaf47f801718b6d8d  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.2.C21mdk.x86_64.rpm
 0a747e5e17d82642f77cdfee44afe201  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.2.C21mdk.x86_64.rpm
 06a1c08156a866f9b78e1949df881425  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.2.C21mdk.src.rpm

 Mandrakelinux 9.1:
 53e9be87d1e87c11384c78e656fb045b  9.1/RPMS/libphp_common430-430-11.2.91mdk.i586.rpm
 d726c6e61503ace236d41e96dd2aacc4  9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.i586.rpm
 c0f0638a6977b0747b9cef6421f0baa2  9.1/RPMS/php-cli-4.3.1-11.2.91mdk.i586.rpm
 846433aa57319fcf5ab760bb784c7f60  9.1/RPMS/php430-devel-430-11.2.91mdk.i586.rpm
 68d0872d095bdb4976541debcdaa11d7  9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

 Mandrakelinux 9.1/PPC:
 929514cf49ddeb4ac321b20ffa6fdb49  ppc/9.1/RPMS/libphp_common430-430-11.2.91mdk.ppc.rpm
 429cafb67ce1e36012eabad5c46d0a26  ppc/9.1/RPMS/php-cgi-4.3.1-11.2.91mdk.ppc.rpm
 0bab7923e30ccaf668a04b41925adc0b  ppc/9.1/RPMS/php-cli-4.3.1-11.2.91mdk.ppc.rpm
 af5f2be485dad26cb88103f3373a8188  ppc/9.1/RPMS/php430-devel-430-11.2.91mdk.ppc.rpm
 68d0872d095bdb4976541debcdaa11d7  ppc/9.1/SRPMS/php-4.3.1-11.2.91mdk.src.rpm

 Mandrakelinux 9.2:
 f731f578cdb9d458c4880a48f20c0027  9.2/RPMS/libphp_common432-4.3.3-2.1.92mdk.i586.rpm
 732ba08087b14490c057a9454c6b706d  9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.i586.rpm
 d7aeca9053611e06ddeeb374ebc38fd5  9.2/RPMS/php-cli-4.3.3-2.1.92mdk.i586.rpm
 dfdbda0df15baea7861646b4c42eb1d2  9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.i586.rpm
 8495c4332df4f8262d3f0b9b2b781739  9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 7440678e5a938931b88953232c5c2a46  amd64/9.2/RPMS/lib64php_common432-4.3.3-2.1.92mdk.amd64.rpm
 4375a9c46be6b1ef103959253b469035  amd64/9.2/RPMS/php-cgi-4.3.3-2.1.92mdk.amd64.rpm
 3cd4c385732e3b31b9f20fa93b6a7ee5  amd64/9.2/RPMS/php-cli-4.3.3-2.1.92mdk.amd64.rpm
 dbf7471c02799c02a32e46a727ee87f3  amd64/9.2/RPMS/php432-devel-4.3.3-2.1.92mdk.amd64.rpm
 8495c4332df4f8262d3f0b9b2b781739  amd64/9.2/SRPMS/php-4.3.3-2.1.92mdk.src.rpm

 Multi Network Firewall 8.2:
 f91aac5bc43fa5c79317b8dd2d6fbfb2  mnf8.2/RPMS/php-common-4.1.2-1.3.M82mdk.i586.rpm
 9805edbc685f9418c54e9ea20f968b15  mnf8.2/SRPMS/php-4.1.2-1.3.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

   http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.