LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
SuSE: php4,php5 problems (SUSE-SA:2006:031) Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
SuSE This update fixes the following security issues in the PHP scripting language, both version 4 and 5: Invalid characters in session names were not blocked, CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent, unsetting of some variables, CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter, CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.
______________________________________________________________________________

                        SUSE Security Announcement

        Package:                PHP4,PHP5
        Announcement ID:        SUSE-SA:2006:031
        Date:                   Wed, 14 Jun 2006 18:00:00 +0000
        Affected Products:      SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE LINUX 9.2
                                SUSE LINUX 9.1
                                SuSE Linux Enterprise Server 8
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     remote code execution
        Severity (1-10):        6
        SUSE Default Package:   no
        Cross-References:       CVE-2006-1990, CVE-2006-1991, CVE-2006-2657
                                CVE-2006-2906

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             multiple PHP4/5 security problems
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            See SUSE Security Summary Report.
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   This update fixes the following security issues in the PHP scripting
   language, both version 4 and 5:

   - Invalid characters in session names were not blocked.

   - CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent
     unsetting of some variables

   - CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare()  and
     wordwrap function could crash the php interpreter.

   - CVE-2006-2906: A CPU consumption denial of service attack in php-gd
     was fixed.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   Please close and restart all running instances of Apache/Apache2
   after the update.

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.


   x86 Platform:

   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/apache2-mod_php5-5.1.2-29.4.i586.rpm
          43caed16d11d6d744cc9ffd8395b556f
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-5.1.2-29.4.i586.rpm
          c710b5f21c59e26b3614bd9f678f3cd9
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/php5-gd-5.1.2-29.4.i586.rpm
          bdbdf268f1e7c28380280eb92f401543

   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php4-4.4.0-6.13.i586.rpm
          ee9a036c0c3e7980a0e7d549b7cc002f
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/apache2-mod_php5-5.0.4-9.13.i586.rpm
          f481f326f7f54dfc3206556a9bf67205
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-4.4.0-6.13.i586.rpm
          d75c89b6b52acbef2b390cea964bd9b5
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-exif-4.4.0-6.13.i586.rpm
          a3cd814e0fad2159a8b2792a6fd911f9
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-fastcgi-4.4.0-6.13.i586.rpm
          c3afcc6e4032720fe1eea12a765f61dc
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-gd-4.4.0-6.13.i586.rpm
          6a7a52370500ae40e9326cc381c2675d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-mbstring-4.4.0-6.13.i586.rpm
          c50ba2c19f5fe867795f65bf137aea93
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-servlet-4.4.0-6.13.i586.rpm
          04435104d2b5b5b66d0b5225d285700f
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php4-unixODBC-4.4.0-6.13.i586.rpm
          4fdc57479a471ad661c4eac0e2b69026
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-5.0.4-9.13.i586.rpm
          df6a2c45dbba97b16211fbd2897de09d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-exif-5.0.4-9.13.i586.rpm
          35e432a21e77c68843b51b65ace9b6a0
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-fastcgi-5.0.4-9.13.i586.rpm
          497e4234c830dc8206bbd011dbbb8bfd
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-gd-5.0.4-9.13.i586.rpm
          1afe872c30a7789c608146de00abf369
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mbstring-5.0.4-9.13.i586.rpm
          e8c65c894d7ea28aa09bf7e8f7f3ccd9
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-mysqli-5.0.4-9.13.i586.rpm
          73f0b104e6a9e74fe2ded7e77dfecb7d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-pear-5.0.4-9.13.i586.rpm
          232e84253c063a8942396b8e10338682
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/php5-snmp-5.0.4-9.13.i586.rpm
          8bb28c6c7e48b64ea24740dbffd8892f

   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.23.i586.rpm
          821357c5187d35011ca6719a4800ad7e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.23.i586.rpm
          262d39f817115eb7ee6e7684976fc4d0
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.23.i586.rpm
          34b0fedf7ed621c9733df67b7495331c
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.23.i586.rpm
          7a0ad94e62e8c743094f6ec40a1d9b1d
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.23.i586.rpm
          407c70d3733afd11132cbeab07c631e3
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.23.i586.rpm
          671185e5ea32d549247714b4d677fd14
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.23.i586.rpm
          96ef30c80ab27d9d7cf4adb8c27ede5f
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-gd-4.3.10-14.23.i586.rpm
          7c98b8423f6499926f8dd0d49c7e06a6
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-mbstring-4.3.10-14.23.i586.rpm
          8065b470f710f03ee254618edec63330
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.23.i586.rpm
          36e29339a0f06826813baf1fe3c0183a
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.23.i586.rpm
          1cd935f93eeb3e1e08467a8ec9da1546
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.23.i586.rpm
          068daf588e69e8e032ae9b8788660c8e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.23.i586.rpm
          d21c0b2190b4a9eacb8d01baa2a94cc8
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.23.i586.rpm
          15be3d77516c642011e7a219b2dc9f19
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.23.i586.rpm
          233eb72898dff61aaaf96d4619a5dfe6
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.23.i586.rpm
          000b41b363221d36f461710b78b70306
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-gd-5.0.3-14.23.i586.rpm
          92a47575b0c8de691ef41dd29b7efc6e
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mbstring-5.0.3-14.23.i586.rpm
          e263a60c24b957b1fdebe7b00d769e83
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-mysqli-5.0.3-14.23.i586.rpm
          b4334f824c9f7943417b745426a63b11
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.23.i586.rpm
          b2d16811dfd728c67addb90f79b54d67
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.23.i586.rpm
          0477129977e118178cb9e0431d706990
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.23.i586.rpm
          530bda9a7f5a7ab7568a8e69f99c7868

   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.26.i586.rpm
          f212924910ec209c3f8f0c5db3b18447
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.26.i586.rpm
          21b4f9c977f76764f02961510aa80b49
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.26.i586.rpm
          0d6fac421b1c28b6610cdec8c2525ba6
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.26.i586.rpm
          02dc039703f3f781a5861c9535203624
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.26.i586.rpm
          8175deacb02985b6a9fdbf60140c2563
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.26.i586.rpm
          c26e1826c2f5e32370f6a304dec39bd8
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-gd-4.3.8-8.26.i586.rpm
          0ed67cbb3bceeeb61588c1d9e300fa7b
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-mbstring-4.3.8-8.26.i586.rpm
          6201452c9c6b9181d0fcfb5642aa1897
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.26.i586.rpm
          39956165064be228b7ced1d8fc8b1975
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.26.i586.rpm
          67b3927a7e0bb817f62c883639df0334
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.26.i586.rpm
          36f89680156c19d5d84047ba69d6a719

   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.58.i586.rpm
          6b7dce5b6fc404959f2bb9d2cc837f98
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.58.i586.rpm
          6598a95fa00d7b011a0d56d76cd70f0d
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.58.i586.rpm
          b3a5aa3461fa89cd35d1a20d321bb7f4
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.58.i586.rpm
          ddb3e2ddf9b9b45655ff44f1e7e9317c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.58.i586.rpm
          73302ac6b1ae2d5120e8a7d2a05052db
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.58.i586.rpm
          5ffedeb8515eafc065c639f9470eb7d3
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.58.i586.rpm
          7c194d8b2bc3de4a96928e2c99a80a96
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-gd-4.3.4-43.58.i586.rpm
          0bf2068e87c47cea0f81bf4f55b6dc50
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.58.i586.rpm
          4b9dd632e7d5a7d8aa0dd8a4efc8e37b
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mbstring-4.3.4-43.58.i586.rpm
          bea433cff0221243363ea0105111c86c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.58.i586.rpm
          96dd1d3d5063be3216e7492670d00cc9
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.58.i586.rpm
          a84d8ddd7ce534c7acc7972628f2ae0c
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.58.i586.rpm
          5b646636567e96cca066695f6ce6cfe9
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.58.i586.rpm
          04c41b24b8d8c20a925f1c17d0acb281
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.58.i586.rpm
          982d7b35f8061f74bbc66ba00b25d88b
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.58.i586.rpm
          bf9af241b791dc090925c09ef135afc0
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.58.i586.rpm
          b085e91f153f26b164d5d6a342097bf1

   Power PC Platform:

   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/apache2-mod_php5-5.1.2-29.4.ppc.rpm
          c9d486f1c9b55bfb9e810adb6abc8aab
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-5.1.2-29.4.ppc.rpm
          1e23a318feeaa1f34ed00cc399ad356a
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/ppc/php5-gd-5.1.2-29.4.ppc.rpm
          5108034703d9c2108babee92c0ae17d3

   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php4-4.4.0-6.13.ppc.rpm
          3938e739a478cccb4b71f6b7e43edd2c
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/apache2-mod_php5-5.0.4-9.13.ppc.rpm
          0673e6b7978d86592a2e49571aa6a2a7
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-4.4.0-6.13.ppc.rpm
          be46e319b18df7e2109d356ff4ebc20e
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-exif-4.4.0-6.13.ppc.rpm
          c1996ef13815d7fdcee7f8f5baed4bcf
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-fastcgi-4.4.0-6.13.ppc.rpm
          92e5fabb5f4dad75be2b4a3617e97988
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-gd-4.4.0-6.13.ppc.rpm
          eee4690f118364474826d26c054bdf10
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-mbstring-4.4.0-6.13.ppc.rpm
          f318576b118be51d17a0e60a87e17d9f
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php4-unixODBC-4.4.0-6.13.ppc.rpm
          95e643e8edc72663358494c534b62552
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-5.0.4-9.13.ppc.rpm
          9cf6ee8f88a5060ac8a0f594d9e48fa6
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-exif-5.0.4-9.13.ppc.rpm
          bfa39d4d148b56ad8b7c6e44510a0c11
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-fastcgi-5.0.4-9.13.ppc.rpm
          3adbbbf720410c1ed23dd79bea9e220d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-gd-5.0.4-9.13.ppc.rpm
          948fc3125a641981d3f87975d6e97c54
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mbstring-5.0.4-9.13.ppc.rpm
          cb0923a3313c4fd116318bf471e50778
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-mysqli-5.0.4-9.13.ppc.rpm
          50e68b88d43d25ec73d9aecc69f30e5b
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-pear-5.0.4-9.13.ppc.rpm
          71dfa81dfd012f548d8f025bfdfeedbd
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/php5-snmp-5.0.4-9.13.ppc.rpm
          8653bdc6fd1339ab69c36eac0ba686ac

   x86-64 Platform:

   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/apache2-mod_php5-5.1.2-29.4.x86_64.rpm
          f4dede6f601bfcee52dd3b93859870e3
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-5.1.2-29.4.x86_64.rpm
          ef9cee1726b8bd511855f874823ab825
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/x86_64/php5-gd-5.1.2-29.4.x86_64.rpm
          ad72b93f1472ab9103f092ad899d697a

   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php4-4.4.0-6.13.x86_64.rpm
          b9bf78047d75d193eb45e76f889e48b2
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/apache2-mod_php5-5.0.4-9.13.x86_64.rpm
          677743bbf4162fde6757a055ddf1a1c1
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-32bit-4.4.0-6.13.x86_64.rpm
          c55eed73f54c6f0a145342644fe44078
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-4.4.0-6.13.x86_64.rpm
          f9907902edf1a76b44cf3adb7a1b484d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-exif-4.4.0-6.13.x86_64.rpm
          90fcd0d1423caf1b96f79b7b16f65439
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-fastcgi-4.4.0-6.13.x86_64.rpm
          b05af431c9bb58ecb9d5e6d1871f17eb
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-gd-4.4.0-6.13.x86_64.rpm
          e07adcdd81a962e259ae4b1c0d21f89d
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-mbstring-4.4.0-6.13.x86_64.rpm
          591794e8f5690db6eb0544f75ca5aabb
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-servlet-4.4.0-6.13.x86_64.rpm
          b35a87bba7a2d1301806a7af10473725
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php4-unixODBC-4.4.0-6.13.x86_64.rpm
          b432e0e35ee0cb30672e89b324a23396
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-5.0.4-9.13.x86_64.rpm
          a82f50460802a1767854758d406b82cb
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-exif-5.0.4-9.13.x86_64.rpm
          78f9287306f1d029a9b3d471318fafda
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-fastcgi-5.0.4-9.13.x86_64.rpm
          f6dd1443d043715c103ff0ec77bcb9b7
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-gd-5.0.4-9.13.x86_64.rpm
          aaf4cdd7b69405bc2fc46d721cb208b8
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mbstring-5.0.4-9.13.x86_64.rpm
          8fac63d139a16a587c6a38f7ef622531
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-mysqli-5.0.4-9.13.x86_64.rpm
          1b0a546491b54b4d73eecfee1db04a5a
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-pear-5.0.4-9.13.x86_64.rpm
          b60a17edeb48d6cdc291bdb3204398ec
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/php5-snmp-5.0.4-9.13.x86_64.rpm
          1030f5db7852122bc3d7a0d6432a8dc6

   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3.10-14.23.x86_64.rpm
          3efa464de374a316bcfc48edc0728b80
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0.3-14.23.x86_64.rpm
          0807c3ffba97947d7f58e434d6be424a
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3.10-14.23.x86_64.rpm
          ac4933dcb44e3a28f19ec4535e3d1f69
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.10.x86_64.rpm
          d5d5e1b56a7c99004bf7048bead9506f
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.23.x86_64.rpm
          8cddaa485f432a4e3c644e53fa31b3fd
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14.23.x86_64.rpm
          1f5aeb49f2cb874fd213c97563c11492
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.23.x86_64.rpm
          f9f96ed8c0cce5ab6aef622a79d6e67b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-14.23.x86_64.rpm
          1e3ddeafab63b93e6149df2996afc674
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-gd-4.3.10-14.23.x86_64.rpm
          001446522678324806c21f2777dcce19
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-mbstring-4.3.10-14.23.x86_64.rpm
          566299076beb81ab015e834707646fb8
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.23.x86_64.rpm
          2bdad5f2e29738442e49fee529862842
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-14.23.x86_64.rpm
          6219659daad37fbcbee11748f1d2b34f
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-14.23.x86_64.rpm
          67757dc0a8a9cb00ffd653ae2cf26224
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.23.x86_64.rpm
          bc3737aaf8c7f5b0ec4f76ac333b4f49
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.23.x86_64.rpm
          a1f6a145f2af57e006a2099baeb1398f
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.23.x86_64.rpm
          3caafddfc109b70e80acf683a155219b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-14.23.x86_64.rpm
          eaab55971ca52912c0853d0d29ed98ec
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-gd-5.0.3-14.23.x86_64.rpm
          629dc2798d1dff92a1b1f5ca1f3334a3
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mbstring-5.0.3-14.23.x86_64.rpm
          6947c955edc17fe914feebe48fcfae3b
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-mysqli-5.0.3-14.23.x86_64.rpm
          f8c743c3cb7973ccbece026844cae9fb
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.23.x86_64.rpm
          a11dedb05754fcf1f2d4a4eff98d1070
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-14.23.x86_64.rpm
          6500afb7ff16fa52098805f0a8aee789
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-14.23.x86_64.rpm
          fef838635d36eda73402eabfab666a5c

   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.26.x86_64.rpm
          a984fab6423ee37c7d479180b670d635
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3.8-8.26.x86_64.rpm
          b3f236a5f51d6916ebce5306e9cf8dc9
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200606081300.x86_64.rpm
          8899d8b26da5381a69e928b07f7af3e1
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.26.x86_64.rpm
          b41e5526228b3a47a8d33ccc4bfd8593
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.26.x86_64.rpm
          2e0b5cd33d5a401b85757a9185240f39
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.26.x86_64.rpm
          9b35b4fcb6ba77ffcd05a662d4ce5318
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8.26.x86_64.rpm
          6886ac119c43e6cd535974bdf2f30698
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-gd-4.3.8-8.26.x86_64.rpm
          b5f4c3eeb0f1a167e3dbc030b9c1edd3
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-mbstring-4.3.8-8.26.x86_64.rpm
          c4c258802dbecfac5106064561d24255
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.26.x86_64.rpm
          67b7965d8b9624e8243b6f46de8411d3
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8.26.x86_64.rpm
          11b2e0a23639145772a3c359abb52e59
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8.26.x86_64.rpm
          e2cd105c941877d49e28277705a7039e

   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.58.x86_64.rpm
          6881897376e783520b891056e35ec534
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.58.x86_64.rpm
          30947f905b21c7ef536478d64fee5bfd
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4.3.4-43.58.x86_64.rpm
          bb4d633dcc7dcb10ef1a3bcfcdc84797
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.58.x86_64.rpm
          8e4b3fea82c3cbb106377b87f1fee6c9
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-43.58.x86_64.rpm
          04e5fa26ac5e8fc63314aacad1d6b249
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-exif-4.3.4-43.58.x86_64.rpm
          5f2a74b4adb0c839562e02b42bf4f05c
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4-43.58.x86_64.rpm
          3fdad764d7b36a3b5b7870e18c984e9e
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-gd-4.3.4-43.58.x86_64.rpm
          68d576893b580efc27be7a634bb42568
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43.58.x86_64.rpm
          2838bcfd8f223d81c471e3405da00c33
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mbstring-4.3.4-43.58.x86_64.rpm
          573fad1c28b3e8554f2cb4e0861dc057
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-43.58.x86_64.rpm
          869974b14a9a22e79bbc73f6a7af6a55
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-pear-4.3.4-43.58.x86_64.rpm
          6ba59734b7107a021a68bcd315db1bf2
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-43.58.x86_64.rpm
          77421b8c21f635fbc78f64168961b62c
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4-43.58.x86_64.rpm
          b32cbd1db68a50f843fbdf0cbabefa68
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4-43.58.x86_64.rpm
          00376ad2619727f8d7feef6f5d8d3e26
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4-43.58.x86_64.rpm
          1acf46b9184a55159ac1e38bb26d43ff
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43.58.x86_64.rpm
          e017ba71e1269460e5124ba46cd34bac

   Sources:

   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/src/php5-5.1.2-29.4.src.rpm
          98d8846387e3b252a7af710388460128

   SUSE LINUX 10.0:
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php4-4.4.0-6.13.src.rpm
          507d65d8ee0d358ee43fcf793c0d7955
   ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/php5-5.0.4-9.13.src.rpm
          9adf218a1b0d39b06350a57a0f627a55

   SUSE LINUX 9.3:
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.23.src.rpm
          42587bbd02008e856204797ba2d3e312
   ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.23.src.rpm
          ba707c9762597086350062dcce3d8d99

   SUSE LINUX 9.2:
   ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.26.src.rpm
          f8ee786af575e1bd2dcf4f243a471623

   SUSE LINUX 9.1:
   ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.58.src.rpm
          d1c7f23f762099bcabacb3b9a1425ab6
   ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.58.src.rpm
          bc7a12efeaf4cc118a857914e3a09910

   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:

   SUSE CORE 9 for Itanium Processor Family
     http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/7fc9fde927d1b85e15a73d30fa51731f.html

   SUSE SLES 9
     http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/02d299d80da3813387b12f34a837aa51.html

   UnitedLinux 1.0
     http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/ec8efbd0fe4a2ee6883753197dd53567.html

   SuSE Linux Enterprise Server 8
     http://support.novell.com/cgi-bin/search/searchtid.cgi?psdb/ec8efbd0fe4a2ee6883753197dd53567.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   See SUSE Security Summary Report.
______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig 

       to verify the signature of the package, replacing  with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum 

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    For general information or the frequently asked questions (FAQ),
    send mail to  or
    .

    =====================================================================
    SUSE's security contact is  or .
    The  public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular, the
    clear text signature should show proof of the authenticity of the text.

    SUSE Linux Products GmbH provides no warranties of any kind whatsoever
    with respect to the information contained in this security advisory.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.