LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 28th, 2014
Linux Advisory Watch: November 21st, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated php packages to address multiple issues Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. (CVE-2006-6383)
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:038
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : February 6, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and
 open_basedir restrictions via a malicious path and a null byte before a
 ";" in a session_save_path argument, followed by an allowed path, which
 causes a parsing inconsistency in which PHP validates the allowed path
 but sets session.save_path to the malicious path. (CVE-2006-6383)

 Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
 Graphics Library 2.0.33 and earlier allows remote attackers to cause a
 denial of service (application crash) and possibly execute arbitrary
 code via a crafted string with a JIS encoded font. PHP uses an embedded
 copy of GD and may be susceptible to the same issue. (CVE-2007-0455)

 Updated packages have been patched to correct these issues. Users must
 restart Apache for the changes to take effect.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 f4975722488c515d7701f3f2475c45c1  2006.0/i586/libphp5_common5-5.0.4-9.18.20060mdk.i586.rpm
 df6d91c7fb6deadd6447c68d41a7a57f  2006.0/i586/php-cgi-5.0.4-9.18.20060mdk.i586.rpm
 861b613a3caa594e9d18de2f66711c1c  2006.0/i586/php-cli-5.0.4-9.18.20060mdk.i586.rpm
 aa74ed178e6523b28d6f0ee1cfb2b9a6  2006.0/i586/php-devel-5.0.4-9.18.20060mdk.i586.rpm
 cdc33f50531e2815c3f39a2f12eca69d  2006.0/i586/php-fcgi-5.0.4-9.18.20060mdk.i586.rpm
 0df45677da595137066ec38171463402  2006.0/i586/php-gd-5.0.4-2.1.20060mdk.i586.rpm 
 09416e0ce824f667f9f247950e3f6b87  2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
 9caab8fb262742b7fdc8e2787db26e49  2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 94d70f0d65bebd9b8b235ec523bef3c4  2006.0/x86_64/lib64php5_common5-5.0.4-9.18.20060mdk.x86_64.rpm
 3e145f94684bd8aaae230b181a3bab18  2006.0/x86_64/php-cgi-5.0.4-9.18.20060mdk.x86_64.rpm
 5a460212062d85cc35c52c6c42e3babc  2006.0/x86_64/php-cli-5.0.4-9.18.20060mdk.x86_64.rpm
 a31b6a63963f4486ee7839e449fb60ef  2006.0/x86_64/php-devel-5.0.4-9.18.20060mdk.x86_64.rpm
 6c0ae39e3a6b8cb07a44271e5b128e2f  2006.0/x86_64/php-fcgi-5.0.4-9.18.20060mdk.x86_64.rpm
 228bb108271c28550034b39b9f6cafee  2006.0/x86_64/php-gd-5.0.4-2.1.20060mdk.x86_64.rpm 
 09416e0ce824f667f9f247950e3f6b87  2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm
 9caab8fb262742b7fdc8e2787db26e49  2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 c8879f538ab9a93f1999c9dc8aa2f6c7  2007.0/i586/libphp5_common5-5.1.6-1.4mdv2007.0.i586.rpm
 e8c050d86574fb1d2a52a5b3ec85a255  2007.0/i586/php-cgi-5.1.6-1.4mdv2007.0.i586.rpm
 92391d48bd18ab9e20e64039a4a9f2ff  2007.0/i586/php-cli-5.1.6-1.4mdv2007.0.i586.rpm
 d7b3ddc58da98113342434d45e04c3a8  2007.0/i586/php-devel-5.1.6-1.4mdv2007.0.i586.rpm
 a5dd9b692fbd9c41be42fa2d59539c1d  2007.0/i586/php-fcgi-5.1.6-1.4mdv2007.0.i586.rpm
 a2d2a3091d51ffc74793760ed31a1faa  2007.0/i586/php-gd-5.1.6-1.1mdv2007.0.i586.rpm 
 719976944ad1da508b9dd10eb1068e41  2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
 af2f0370851c3d3729b89586d9eded8e  2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 5bf3650bbe564873a14ea8b6bf3ade06  2007.0/x86_64/lib64php5_common5-5.1.6-1.4mdv2007.0.x86_64.rpm
 34ed4aa6be49dcb88f7bbc0a5c2e8690  2007.0/x86_64/php-cgi-5.1.6-1.4mdv2007.0.x86_64.rpm
 608fc651103e04774dd99542ac9c24e3  2007.0/x86_64/php-cli-5.1.6-1.4mdv2007.0.x86_64.rpm
 ade70a35519251e33fece3b184a5e42c  2007.0/x86_64/php-devel-5.1.6-1.4mdv2007.0.x86_64.rpm
 32a0cd75a40a80b04d4f62e7a5695cf6  2007.0/x86_64/php-fcgi-5.1.6-1.4mdv2007.0.x86_64.rpm
 b65ee3000cc55d6835bde68de1285708  2007.0/x86_64/php-gd-5.1.6-1.1mdv2007.0.x86_64.rpm 
 719976944ad1da508b9dd10eb1068e41  2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm
 af2f0370851c3d3729b89586d9eded8e  2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm

 Corporate 3.0:
 a4d72dc3de251851206c67e9706432a6  corporate/3.0/i586/libphp_common432-4.3.4-4.23.C30mdk.i586.rpm
 b8e1d56bb999975f9ea0a66d8877847f  corporate/3.0/i586/php-cgi-4.3.4-4.23.C30mdk.i586.rpm
 433ae81fdc6d1238c0931e43f6989a9b  corporate/3.0/i586/php-cli-4.3.4-4.23.C30mdk.i586.rpm
 2a1717d00d78a6a6f34cddb987c0f279  corporate/3.0/i586/php-gd-4.3.4-1.5.C30mdk.i586.rpm
 44c2653add5bf2cc23a2d8f6bfa3b31e  corporate/3.0/i586/php432-devel-4.3.4-4.23.C30mdk.i586.rpm 
 b8efd05ff96d101323b6253aa08b5e93  corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
 d18944ac47e27e3653fe99e134ecba18  corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 cfd5971fec1866bf5fe3c5e23adaba58  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.23.C30mdk.x86_64.rpm
 14be94ecf6ddc1f3b910b802624de67c  corporate/3.0/x86_64/php-cgi-4.3.4-4.23.C30mdk.x86_64.rpm
 b016f2131f015adf8a0d0da27033569f  corporate/3.0/x86_64/php-cli-4.3.4-4.23.C30mdk.x86_64.rpm
 9355a4e63f1e5193f43f5048541885bf  corporate/3.0/x86_64/php-gd-4.3.4-1.5.C30mdk.x86_64.rpm
 77c18b09786f412789f63d6094a4fd23  corporate/3.0/x86_64/php432-devel-4.3.4-4.23.C30mdk.x86_64.rpm 
 b8efd05ff96d101323b6253aa08b5e93  corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm
 d18944ac47e27e3653fe99e134ecba18  corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm

 Corporate 4.0:
 64274f70614e93e30b479a7ba0613e8a  corporate/4.0/i586/libphp4_common4-4.4.4-1.3.20060mlcs4.i586.rpm
 43f22e53482c4451a24f3008a7ba75eb  corporate/4.0/i586/libphp5_common5-5.1.6-1.3.20060mlcs4.i586.rpm
 2c1b8b75b49bf78b6a677d36832e116c  corporate/4.0/i586/php-cgi-5.1.6-1.3.20060mlcs4.i586.rpm
 64261b179e2db73b5838d96020835cae  corporate/4.0/i586/php-cli-5.1.6-1.3.20060mlcs4.i586.rpm
 dfd172a482e20943dabd3b3fbef9ba95  corporate/4.0/i586/php-devel-5.1.6-1.3.20060mlcs4.i586.rpm
 1a57eb8f5b70cd4ea28b98b462493e51  corporate/4.0/i586/php-fcgi-5.1.6-1.3.20060mlcs4.i586.rpm
 bd060ffd97d1ede4a3c9453de8287970  corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm
 e7d645e78c829242e3f81ab16aa8903d  corporate/4.0/i586/php4-cgi-4.4.4-1.3.20060mlcs4.i586.rpm
 1379c35acd8c2a414d482d5d0f5c782a  corporate/4.0/i586/php4-cli-4.4.4-1.3.20060mlcs4.i586.rpm
 10f753850f58ea02962272a4a30b8ed0  corporate/4.0/i586/php4-devel-4.4.4-1.3.20060mlcs4.i586.rpm 
 ab1bc26c56c8d5c0c82544bd189ccb06  corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
 528acaacac81d6ca4c195355fd5935c1  corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
 6fea47535848cb3eeb381d8e9ceaf278  corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a667b24b7182332997da97d003095bf4  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.3.20060mlcs4.x86_64.rpm
 96860c73274abe165290ad70a1f8bbec  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.3.20060mlcs4.x86_64.rpm
 e53ed6e99e23219f351b9dd0faf1fbf8  corporate/4.0/x86_64/php-cgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
 2894870436518afda0788313f6fe9d6e  corporate/4.0/x86_64/php-cli-5.1.6-1.3.20060mlcs4.x86_64.rpm
 3e78d378968a67edda64f8a1db752b21  corporate/4.0/x86_64/php-devel-5.1.6-1.3.20060mlcs4.x86_64.rpm
 16b8070a55f06ede6cce10bbac1f5706  corporate/4.0/x86_64/php-fcgi-5.1.6-1.3.20060mlcs4.x86_64.rpm
 f3fccbe495f311fb13e64b3c2532323b  corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm
 e8825bc14914ae4f896b28ab1b04e7ae  corporate/4.0/x86_64/php4-cgi-4.4.4-1.3.20060mlcs4.x86_64.rpm
 1249dfd5f50a707ac6a31c18dec924e0  corporate/4.0/x86_64/php4-cli-4.4.4-1.3.20060mlcs4.x86_64.rpm
 f38d55e2315ba81db68dcb237a783ef0  corporate/4.0/x86_64/php4-devel-4.4.4-1.3.20060mlcs4.x86_64.rpm 
 ab1bc26c56c8d5c0c82544bd189ccb06  corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm
 528acaacac81d6ca4c195355fd5935c1  corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm
 6fea47535848cb3eeb381d8e9ceaf278  corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 1a5b0a4fa1fe65d9b01ac1fcb87e57f4  mnf/2.0/i586/libphp_common432-4.3.4-4.23.M20mdk.i586.rpm
 1ca60ff9165bc3fc897f5a4fac0a27ab  mnf/2.0/i586/php-cgi-4.3.4-4.23.M20mdk.i586.rpm
 5ecb69d1ba9a1aefb943fdf00922a67e  mnf/2.0/i586/php-cli-4.3.4-4.23.M20mdk.i586.rpm
 43adb03ed86a75a3e90387c075f36bea  mnf/2.0/i586/php-gd-4.3.4-1.5.M20mdk.i586.rpm
 e83875b4d3307b9d16602bf2da0c245a  mnf/2.0/i586/php432-devel-4.3.4-4.23.M20mdk.i586.rpm 
 fb782af12ca499a56594703feb6bed2c  mnf/2.0/SRPMS/php-4.3.4-4.23.M20mdk.src.rpm
 fb344c42cba2a62c03c42b864b2e3151  mnf/2.0/SRPMS/php-gd-4.3.4-1.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.