Paketname
php
Datum
2003-08-04
Advisory ID
MDKSA-2003:082
Betroffene Versionen
9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problembeschreibung

A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages.

Aktualisierte Pakete

9.1 i586

 6b619580c7746d6fb7de30e18ccbc8eb  9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm
2257ab6cab4132c3cb3d7194b24f385f  9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm
eefa69b71480d00a111e7ad05f74576a  9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm
a60a59d10f0450b324f2b1b5562da780  9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm
e5e4397440f44a88bec02fc10328c745  9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm

CS2.1 x86_64

 5d16fe6239287e468dd75852cb43e6d3  x86_64/corporate/2.1/RPMS/php-4.2.3-4.1mdk.x86_64.rpm
d712ce373cd416f7e523dba8b0171ccc  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.x86_64.rpm
51bd73c0704e20fac62d98e2380edb3e  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.x86_64.rpm
06ef571267aaa0a2e614873d888dbb63  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.x86_64.rpm
e509b58e93bf56cac67ccc698db40f51  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm

CS2.1 i586

 758b1a556caf000d93413eb8c15753c4  corporate/2.1/RPMS/php-4.2.3-4.1mdk.i586.rpm
e1d95a181a57c88856f48171fd0d9cff  corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.i586.rpm
60e292858ee79c53e429a141253fa388  corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm
5a1f0075209cb38b3fdba3eeaf785e25  corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm
e509b58e93bf56cac67ccc698db40f51  corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm

9.0 i586

 758b1a556caf000d93413eb8c15753c4  9.0/RPMS/php-4.2.3-4.1mdk.i586.rpm
e1d95a181a57c88856f48171fd0d9cff  9.0/RPMS/php-common-4.2.3-4.1mdk.i586.rpm
60e292858ee79c53e429a141253fa388  9.0/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm
5a1f0075209cb38b3fdba3eeaf785e25  9.0/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm
e509b58e93bf56cac67ccc698db40f51  9.0/SRPMS/php-4.2.3-4.1mdk.src.rpm

8.2 i586

 a7ba8429a705ba764be5be5baa5d8f92  8.2/RPMS/php-4.1.2-1.1mdk.i586.rpm
848bd3bb74b2fa3b24d9a1f05ca651c2  8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm
3b94f6e3e8ba24fa5b71fa93e3d2eb25  8.2/RPMS/php-devel-4.1.2-1.1mdk.i586.rpm
465bdb929c9df6bb156b2910a2a21b98  8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

MNF8.2 i586

 848bd3bb74b2fa3b24d9a1f05ca651c2  mnf8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm
465bdb929c9df6bb156b2910a2a21b98  mnf8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

9.1 i586

 6b619580c7746d6fb7de30e18ccbc8eb  ppc/9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm
2257ab6cab4132c3cb3d7194b24f385f  ppc/9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm
eefa69b71480d00a111e7ad05f74576a  ppc/9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm
a60a59d10f0450b324f2b1b5562da780  ppc/9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm
e5e4397440f44a88bec02fc10328c745  ppc/9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm

8.2 i586

 10fd0c4e0d65516654bee858d40b66af  ppc/8.2/RPMS/php-4.1.2-1.1mdk.ppc.rpm
d3f047831dc4b093eb30b8e343256207  ppc/8.2/RPMS/php-common-4.1.2-1.1mdk.ppc.rpm
96c4e2196b61066b6a57c013265ff612  ppc/8.2/RPMS/php-devel-4.1.2-1.1mdk.ppc.rpm
465bdb929c9df6bb156b2910a2a21b98  ppc/8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

Referenzen