Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New php5 packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1283-1                                   Moritz Muehlenhoff
April 29th, 2007              
- --------------------------------------------------------------------------

Package        : php5
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711 CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889 CVE-2007-1900

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

    Stefan Esser discovered an overflow in the object reference handling
    code of the unserialize() function, which allows the execution of
    arbitrary code if malformed input is passed from an application.

    Stefan Esser discovered that an integer overflow in the substr_compare()
    function allows information disclosure of heap memory.

    Stefan Esser discovered that insufficient validation of shared memory
    functions allows the disclosure of heap memory.

    Stefan Esser discovered that the session handler performs
    insufficient validation of variable name length values, which allows
    information disclosure through a heap information leak.

    Stefan Esser discovered that the filtering framework performs insufficient
    input validation, which allows the execution of arbitrary code through a
    buffer underflow.

    Stefan Esser discovered that the filtering framework can be bypassed 
    with a special whitespace character.

    Stefan Esser discovered a double free vulnerability in the
    session_regenerate_id() function, which allows the execution of
    arbitrary code. 

    Stefan Esser discovered that a programming error in the mb_parse_str()
    function allows the activation of "register_globals".

    Stefan Esser discovered that the session extension incorrectly maintains
    the reference count of session variables, which allows the execution of
    arbitrary code.

    Stefan Esser discovered a double free vulnerability in the session
    management code, which allows the execution of arbitrary code. 

    Stefan Esser discovered that the mail() function performs
    insufficient validation of folded mail headers, which allows mail
    header injection.

    Stefan Esser discovered that the extension to handle ZIP archives
    performs insufficient length checks, which allows the execution of
    arbitrary code.

    Stefan Esser discovered an off-by-one in the filtering framework, which
    allows the execution of arbitrary code.

    Stefan Esser discovered that a buffer overflow in the sqlite extension
    allows the execution of arbitrary code.

    Stefan Esser discovered that the PHP memory manager performs an
    incorrect type cast, which allows the execution of arbitrary code
    through buffer overflows. 

    Stefan Esser discovered that incorrect validation in the email filter
    extension allowed the injection of mail headers.

The oldstable distribution (sarge) doesn't include php5.

For the stable distribution (etch) these problems have been fixed
in version 5.2.0-8+etch3.

For the unstable distribution (sid) these problems have been fixed in
version 5.2.0-11.

We recommend that you upgrade your PHP packages. Packages for the arm,
hppa and mipsen architectures are not yet available. They will be
provided later.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

  Source archives:
      Size/MD5 checksum:     1976 59310a29eda84d4fe9c67b5c49416d3d
      Size/MD5 checksum:   113858 00f9a5309bb1706d9cdb7b8808034539
      Size/MD5 checksum:  8583491 52d7e8b3d8d7573e75c97340f131f988

  Architecture independent components:
      Size/MD5 checksum:   306940 b19f47a82ef5c2e68a5f4018a19321e5
      Size/MD5 checksum:     1042 2dd49121488c5cff5889cac2b14345ea

  Alpha architecture:
      Size/MD5 checksum:  2559862 27ed5cd0567a0fc555540202698a6af9
      Size/MD5 checksum:  2560464 864b4bdb10f75c4b0a7958da5f1214b9
      Size/MD5 checksum:  4931464 e0b3b96b2a0a4efb918a10d31bf8f79e
      Size/MD5 checksum:  2481330 80ef844a379f8535ea88fa5cf4019e04
      Size/MD5 checksum:   218650 eced56344be9f99d746aeaf933a62a1b
      Size/MD5 checksum:    24948 e0f0c3cb6c0e3071bbfc2b183f3d289e
      Size/MD5 checksum:   345974 5ced814e86b34458ae20ebb9862fac5e
      Size/MD5 checksum:    36538 f378731e23fac95c47736f82af7f4e35
      Size/MD5 checksum:    36536 654411256b1bf048e9a7c38584f5260e
      Size/MD5 checksum:    18608 c0d76b322c3e128ed4aa19292066b16f
      Size/MD5 checksum:    13472 81e7c32b97cc68497c940c4c1a02ee6a
      Size/MD5 checksum:     5312 6c72784e641daf009d2b9e2c8c557f0c
      Size/MD5 checksum:    70894 e74c5fa5f4387054f3650a9a4399c5b5
      Size/MD5 checksum:    36434 77f2c977c2c250cd849c31323553f07c
      Size/MD5 checksum:    55638 ef39a4ff78f6f109dc23ed63f58a12e1
      Size/MD5 checksum:     9050 dc3fa926af67e6d987dc57b1a94ea007
      Size/MD5 checksum:     4940 3885fd26d001a5fbdf328a7477da94f2
      Size/MD5 checksum:    11836 90c42014365908dcd75dee85c903fe7d
      Size/MD5 checksum:    38852 b1a11c234f9ae89b4af7a756d6ab7dfe
      Size/MD5 checksum:    19598 4e726e0c124f4ba9ddb5db75f456c5d7
      Size/MD5 checksum:    17542 7d78cdd61d61af3df120d2d07abcb512
      Size/MD5 checksum:    40288 58550932c9c8727636561f4aebfce0bf
      Size/MD5 checksum:    13380 727fd24baf76b403ee49a175955eca71

  AMD64 architecture:
      Size/MD5 checksum:  2507834 7c628e9a8fc5b10421926ef3b229742f
      Size/MD5 checksum:  2508692 ac658663aaa7efd83aa0efa8dcfded94
      Size/MD5 checksum:  4858878 b4d1e29e54afeffa69bc0f958a99492c
      Size/MD5 checksum:  2450206 fb2df970f28d9cc7eba65b25003df50e
      Size/MD5 checksum:   217102 a02611e457e9abc5f0df380ddcf2018c
      Size/MD5 checksum:    24966 b6b5aa8beb2d773e22c0c5d1b3bf0421
      Size/MD5 checksum:   342046 ee9cfd28f4be6b1df354ae3efb40b0d1
      Size/MD5 checksum:    37036 404e7e2edf4a0b71ec48b006ede94885
      Size/MD5 checksum:    36684 ce935e7da9e17ad17ba26304e00ef7e2
      Size/MD5 checksum:    46742 9ca5a7bf665938cad895ff7963a38ee2
      Size/MD5 checksum:    18656 37a106996ba9878265d3b6474782e3cf
      Size/MD5 checksum:    13484 3b3a520f727a01177b6fca9d99d85fb9
      Size/MD5 checksum:     5256 18ecec3176c42f1745d72de30098528f
      Size/MD5 checksum:    71744 167602429d17685686bff5c952a80ebf
      Size/MD5 checksum:    36402 60f38000242d348e21fa3eff61bced4c
      Size/MD5 checksum:    54152 67f157a994720b2d7d2a1001a212e405
      Size/MD5 checksum:     9404 d9c9db27aedf93d4bb2f955cd4130806
      Size/MD5 checksum:     4902 b8c6052a76095e54a8dcf0a4350a9c1f
      Size/MD5 checksum:    12052 710015a8acf09b20f6f58742e105639a
      Size/MD5 checksum:    38430 69cc6f332fbaecb212a5d7b9fd31f998
      Size/MD5 checksum:    19428 459763f9a0c9e4f1269be5b3c10b1930
      Size/MD5 checksum:    17558 ed6cf5f61c6135597075c9b703ad9d4f
      Size/MD5 checksum:    39152 bc3f12e6bfc0e470f0d4b1b6c9f11799
      Size/MD5 checksum:    13020 505b75b38b063f4db1c780cb16424b7a

  Intel IA-32 architecture:
      Size/MD5 checksum:  2411998 88d0e17600b981d18dd1a369c32d3cee
      Size/MD5 checksum:  2412490 5e652ebd7560bf887eb598c1c864d5ef
      Size/MD5 checksum:  4754432 3149c68dd76e6a29069f8e8353cf498d
      Size/MD5 checksum:  2396502 b50b0d2afe2e1a76d6967c35c4215398
      Size/MD5 checksum:   213890 061401582ec1f55f3da553873d2cadd3
      Size/MD5 checksum:    24470 efb0d5c14e6cd21114152578ed6621fb
      Size/MD5 checksum:   342088 27d36d65482b379bc95802a824f25b06
      Size/MD5 checksum:    33408 43c723fe51e86e247c70d6618b033b60
      Size/MD5 checksum:    34494 a295151c7c14f915e7c46a0c16c52f00
      Size/MD5 checksum:    44140 7e7f255f27b75e05b64f5cd40a61be91
      Size/MD5 checksum:    17244 11cedf81f680dc610985ca2a0995de09
      Size/MD5 checksum:    12834 ebe341eb39463dadf92787a1c230125d
      Size/MD5 checksum:     5052 e443beec10f363208eac83eafe65c5d8
      Size/MD5 checksum:    64908 e00897589b88c8a65d2b1e7db048ab35
      Size/MD5 checksum:    34050 e5e35d32cdfa00a44e91473f6da94d57
      Size/MD5 checksum:    50618 60dc59d9647fc8708e3472d3d4ffcc54
      Size/MD5 checksum:     8628 47aa04a7cb429fb6a8aed372a7f0e9e4
      Size/MD5 checksum:     4760 f1023cbf011af72d43e7cb26893978dc
      Size/MD5 checksum:    11308 7c7bd9997bd905d7d115ea663e383975
      Size/MD5 checksum:    34472 4d297f08a5b8ec01229e134db496ce2d
      Size/MD5 checksum:    18396 67038c1ea0c926878ca73562b75880da
      Size/MD5 checksum:    16472 8e4f19c09fcf2288b821c3a59ea3b62e
      Size/MD5 checksum:    36448 736b1ada980988e0016637252e6eb05f
      Size/MD5 checksum:    12258 4d561eabc5a83f917dbdce0a8149d1e5

  Intel IA-64 architecture:
      Size/MD5 checksum:  3269464 f953297bdb52d05333333e3516318974
      Size/MD5 checksum:  3269942 67995ad3b7ae3510836eb671711ddd6c
      Size/MD5 checksum:  6395120 9a080a337de31597f81d0b53f843bb34
      Size/MD5 checksum:  3219626 698d4ca67369fc1022c5d049ba4caf73
      Size/MD5 checksum:   234638 8777e6758c8adec972e5c0420ea4a477
      Size/MD5 checksum:    34392 9dde0d246b39e45c4f9afc5870f716f3
      Size/MD5 checksum:   342016 d4d23cb2801194f8ec48afc10b5b140f
      Size/MD5 checksum:    50166 b24e786a70a2c92c0b4237467e67967e
      Size/MD5 checksum:    48314 a325eb1a2d7c192601cb0ba17876d954
      Size/MD5 checksum:    24860 7a0cf02dfd7ec3ccb1c2de063286af33
      Size/MD5 checksum:    17764 4cf33907bf5b6c6e45ee987042e47076
      Size/MD5 checksum:     6492 20bb9a0b213e620def6132d6f7fb7278
      Size/MD5 checksum:    95606 663665e5485d4167eea753abdae1ed71
      Size/MD5 checksum:    50658 fef24230246286cba1ffd4728c74da32
      Size/MD5 checksum:    76592 27bcb480baa048e8016d4665c3d3e7b2
      Size/MD5 checksum:    12006 3dfc41bc1c449c3c3ece9942d09a128d
      Size/MD5 checksum:     6120 8647b24fb81396da4e9ab97f093a168d
      Size/MD5 checksum:    15428 22ea3d42d42265f9b986b782d30b7c93
      Size/MD5 checksum:    54660 c1b5ee65bcb80837cc0787ee9790cc78
      Size/MD5 checksum:    27138 958106b4c45eddb5875508bb16ef7112
      Size/MD5 checksum:    25076 d0b0fb5dee34ce5cfaf1aa4c4ddd5ba0
      Size/MD5 checksum:    54510 8a5f06d8ee6c732668bcd5a604691516
      Size/MD5 checksum:    17546 855c3e3ccae72f5101c540d66014e3f5

  PowerPC architecture:
      Size/MD5 checksum:  2514456 27c5ba0172bf6b690a97504245609aad
      Size/MD5 checksum:  2515122 74d25c8ecf429e27cdf6ee08be7336d0
      Size/MD5 checksum:  4896152 1bef592b568bd79b87110718fa2bb325
      Size/MD5 checksum:  2464396 bb8d3d8fd211a49eec418e5d1ee752fc
      Size/MD5 checksum:   217650 fa7df522311c743ccad0e8c086e129b7
      Size/MD5 checksum:    26750 636e81fa8be42380dc6c62827afe0588
      Size/MD5 checksum:   342152 aea35065156f4f4761de08db5b5b8982
      Size/MD5 checksum:    36314 31c6420b2a977162b0c320685c850227
      Size/MD5 checksum:    35986 7bd57e817783c2da182cf6b008ef9dc9
      Size/MD5 checksum:    19172 97a8b00a31a349812e5f43c06e2887e5
      Size/MD5 checksum:    14732 0d8042a37bfa1735737ba73018eff4cf
      Size/MD5 checksum:     6738 eb50096517c37ce53f6d32c0e1988914
      Size/MD5 checksum:    70352 d5e9bc7ca602869a72b2bcd775ff0076
      Size/MD5 checksum:    37072 cc6131032681e0bd46cc5de60f2d8af4
      Size/MD5 checksum:    54032 1d28e62404a645bcef84681f38cface3
      Size/MD5 checksum:    10104 acf23adee0efcf4e46fb784e70ff296a
      Size/MD5 checksum:     6338 43100a27e7292a3307b421cc2926bda9
      Size/MD5 checksum:    12698 73c76e4500cd356d5065efc0fa340827
      Size/MD5 checksum:    38014 666eea25b6e15fb9620c2b9eb7030628
      Size/MD5 checksum:    20230 f944322fec5d11fd2324e9b52f9d2481
      Size/MD5 checksum:    18456 7cc39a0ee674de9901dea0488801eb80
      Size/MD5 checksum:    37702 9f2eb2f1c5cf48c22b0537a8931dfdef
      Size/MD5 checksum:    13742 bc9fbb4af871187d852b07d7a2a90166

  IBM S/390 architecture:
      Size/MD5 checksum:  2609226 fd5a28f7fed874150dd54622999beaf9
      Size/MD5 checksum:  2609110 1e842c050fbad54d0f28c470ecc49f6e
      Size/MD5 checksum:  5032716 6b822d0f70f1b13c34aabf1270ac6da5
      Size/MD5 checksum:  2536818 8bbc730f000a22cf3d279feeb32a7f0b
      Size/MD5 checksum:   219684 a579ab67a507e3cba924eaeece91c2de
      Size/MD5 checksum:    25016 fee61a50ecb71af238456d36f53baec5
      Size/MD5 checksum:   342046 07c36b80c61441dcca14d0210852e48f
      Size/MD5 checksum:    36080 6173c9bb223a95d6078d3ec8b55e5492
      Size/MD5 checksum:    37170 28906f0687c88d58867bc83a6e2b1e05
      Size/MD5 checksum:    19318 da2e8709ea839dd1ba85d40a653f22c4
      Size/MD5 checksum:    13438 a7240490ae7b68f9c76f27be99f48ce7
      Size/MD5 checksum:     5470 dce7bc32b6241de344e9e905754ead4c
      Size/MD5 checksum:    72568 1a1a27bf1c7b0a4e7ed826021a5b9589
      Size/MD5 checksum:    37242 e386e666f126d1273dcff0885608c91d
      Size/MD5 checksum:    56312 c4b9ab788f563195c0774b2b53b3373e
      Size/MD5 checksum:     9182 101ce48cc96c6658016c6d02384f9ca8
      Size/MD5 checksum:     5112 182d371f959ca12746824a8460fca8f9
      Size/MD5 checksum:    11952 76b40c9bd5ba60645782f6c5fe7ee31b
      Size/MD5 checksum:    39172 e526c413cc438603403bf2085284beb5
      Size/MD5 checksum:    19582 a16c28f790ee726838fe541ba9a05eff
      Size/MD5 checksum:    18174 46dba85e0de9c6d026e1fbb01ebafbe1
      Size/MD5 checksum:    40516 02d1e007044656d581df5cbe86aa4b95
      Size/MD5 checksum:    13388 d980de2598465144efa88c8dcb655a7f

  Sun Sparc architecture:
      Size/MD5 checksum:  2404066 1f440ce3701586ef0a4090ece6c5579a
      Size/MD5 checksum:  2404806 7ec48967ce80f9667ff043ef1a1281dc
      Size/MD5 checksum:  4669736 06867123b5c587cdd257c25267a915ba
      Size/MD5 checksum:  2352816 35b23f59f0b4cf33be659e848dea3f0f
      Size/MD5 checksum:   213830 706f8f950ee9dd21b5d430dc023a0f5d
      Size/MD5 checksum:    24630 78b9b0bf40f6ec2b867869fd8404be1c
      Size/MD5 checksum:   342160 951b225f949f01822cda5fb5480e59ad
      Size/MD5 checksum:    33196 ab3a07545cb64b163b630a0402ed9fa2
      Size/MD5 checksum:    33094 716e3d6eb0efe24834841dc8482fca58
      Size/MD5 checksum:    16580 7770199fcbcd109ff1bb507828c1ee29
      Size/MD5 checksum:    12622 c7f245a098902d3cbbfcf460b9e467bd
      Size/MD5 checksum:     4864 7f48d43dfba182afa8a8ec6cf22446dc
      Size/MD5 checksum:    62194 bfbc9b2fe29828efd5d197a832cf0046
      Size/MD5 checksum:    31508 2f91aa3e2ec2e5b8a158380bff474093
      Size/MD5 checksum:    47906 5bc7d9d871fa84107ef18cb5f173be7d
      Size/MD5 checksum:     8266 1e7cbe58955ebab24af0286ec8aa9991
      Size/MD5 checksum:     4638 34bafe072b3c670fcb47420849167f75
      Size/MD5 checksum:    10762 995f2deaadbf94415ca384115a8079cd
      Size/MD5 checksum:    32568 1d3c37dcb01d8e392c1134261315df36
      Size/MD5 checksum:    17444 4563d23b67363895c73578373a431c6a
      Size/MD5 checksum:    16236 7fd15f31a2c86668923fbff1d412c9ac
      Size/MD5 checksum:    34904 3e3947e23398ea8c6c6d76cb7bc3b8ef
      Size/MD5 checksum:    11674 1116cee789d3494e951f42ec534d38a7

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.