LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: maniadrive-1.2-13.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap library by the PHP "imap" extension. This could cause the PHP interpreter to crash if the "imap" extension was used to read specially-crafted mail messages with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php http://www.php.net/ChangeLog-5.php#5.2.9
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-3768
2009-04-21 23:54:56
--------------------------------------------------------------------------------

Name        : maniadrive
Product     : Fedora 10
Version     : 1.2
Release     : 13.fc10
URL         : http://maniadrive.raydium.org/
Summary     : 3D stunt driving game
Description :
ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
gameplay (tracks almost never exceed one minute). Features: Complex car
physics, Challenging "story mode", LAN and Internet mode, Live scores,
Track editor, Dedicated server with HTTP interface and More than 30 blocks.

--------------------------------------------------------------------------------
Update Information:

Update to PHP 5.2.9    A heap-based buffer overflow flaw was found in PHP's
mbstring extension. A remote attacker able to pass arbitrary input to a PHP
script using mbstring conversion functions could cause the PHP interpreter to
crash or, possibly, execute arbitrary code. (CVE-2008-5557)    A directory
traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used
to extract a malicious ZIP archive, it could allow an attacker to write
arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it could
cause the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-3658)    A memory disclosure flaw was found in the PHP gd extension's
imagerotate function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions of
the PHP interpreter's memory. (CVE-2008-5498)    A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP interpreter
had "display_errors" enabled, a remote attacker able to set a specially-crafted
cookie on a victim's system could possibly inject arbitrary HTML into an error
message generated by PHP. (CVE-2008-5814)    A flaw was found in the handling of
the "mbstring.func_overload" configuration setting. A value set for one virtual
host, or in a user's .htaccess file, was incorrectly applied to other virtual
hosts on the same server, causing the handling of multibyte character strings to
not work correctly. (CVE-2009-0754)    A flaw was found in PHP's json_decode
function. A remote attacker could use this flaw to create a specially-crafted
string which could cause the PHP interpreter to crash while being decoded in a
PHP script. (CVE-2009-1271)    A flaw was found in the use of the uw-imap
library by the PHP "imap" extension. This could cause the PHP interpreter to
crash if the "imap" extension was used to read specially-crafted mail messages
with long headers. (CVE-2008-2829)    http://www.php.net/releases/5_2_7.php
http://www.php.net/releases/5_2_8.php  http://www.php.net/releases/5_2_9.php
http://www.php.net/ChangeLog-5.php#5.2.9
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 16 2009 Remi Collet  - 1.2-13
- Rebuild for php 5.2.9
* Sun Feb 15 2009 Hans de Goede  1.2-12
- Fix maniadrive crashing with php 5.2.8 (and later)
- Fix maniadrive triggering an assert in the latest ode
* Wed Dec 17 2008 Hans de Goede  1.2-11
- Rebuild for new php version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=478425
  [ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode()
        https://bugzilla.redhat.com/show_bug.cgi?id=494530
  [ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
        https://bugzilla.redhat.com/show_bug.cgi?id=459529
  [ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
        https://bugzilla.redhat.com/show_bug.cgi?id=459572
  [ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=452808
  [ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=474824
  [ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
        https://bugzilla.redhat.com/show_bug.cgi?id=478848
  [ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=479272
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update maniadrive' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.