Paketname
php4
Datum
2007-05-10
Advisory ID
MDKSA-2007:103
Betroffene Versionen
CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586

Problembeschreibung

A heap buffer overflow flaw was found in the xmlrpc extension for PHP.
A script that implements an XML-RPC server using this extension could
allow a remote attacker to execute arbitrary code as the apache user.
This flaw does not, however, affect PHP applications using the pure-PHP
XML_RPC class provided via PEAR (CVE-2007-1864).

A flaw was found in the ftp extension for PHP. A script using
this extension to provide access to a private FTP server and which
passed untrusted script input directly to any function provided by
this extension could allow a remote attacker to send arbitrary FTP
commands to the server (CVE-2007-2509).

Updated packages have been patched to prevent this issue.

Aktualisierte Pakete

CS3.0 i586

 166f0495b9bd984fc4b887a8920fe111  corporate/3.0/i586/libphp_common432-4.3.4-4.26.C30mdk.i586.rpm
 eba86c8d3254e046b3d065f4db7c0714  corporate/3.0/i586/php-cgi-4.3.4-4.26.C30mdk.i586.rpm
 44248cbc77edc7772b36c1d95d78f7f4  corporate/3.0/i586/php-cli-4.3.4-4.26.C30mdk.i586.rpm
 6c9425c5cdbd25d6ee6bdab6a102f96d  corporate/3.0/i586/php-xmlrpc-4.3.4-1.1.C30mdk.i586.rpm
 bb4d89124e91f1aa872ad7f960210937  corporate/3.0/i586/php432-devel-4.3.4-4.26.C30mdk.i586.rpm 
 7964e9c606307c9af6c1a51160d41caa  corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
 0e31d73b03b41014917630a78edd4055  corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

CS4.0 x86_64

 5e357a0f8a1c458b708904417ad1a758  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.6.20060mlcs4.x86_64.rpm
 3256c4130a3f0004027ee817cb85902e  corporate/4.0/x86_64/php4-cgi-4.4.4-1.6.20060mlcs4.x86_64.rpm
 a29fe77e87c30df6f910340923d6c21c  corporate/4.0/x86_64/php4-cli-4.4.4-1.6.20060mlcs4.x86_64.rpm
 d14a7f38f36e4331107215a8f45d1b67  corporate/4.0/x86_64/php4-devel-4.4.4-1.6.20060mlcs4.x86_64.rpm
 ad13c17cc2de7783913e77114361e639  corporate/4.0/x86_64/php4-xmlrpc-4.4.4-1.1.20060mlcs4.x86_64.rpm 
 a30f364c6dcf21387dc2ccbe759053ee  corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
 b4e817698d4ea91c75cb1c0709b9ca5e  corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

MNF2.0 i586

 35dd2191d078e31f6c6da7b2025413bb  mnf/2.0/i586/libphp_common432-4.3.4-4.26.M20mdk.i586.rpm
 a7f9e65aa53dfb437255840c0f98122d  mnf/2.0/i586/php-cgi-4.3.4-4.26.M20mdk.i586.rpm
 e9337d663c42d7532ccaaa60905ee00d  mnf/2.0/i586/php-cli-4.3.4-4.26.M20mdk.i586.rpm
 74078881402c3e5066572779b8c49a66  mnf/2.0/i586/php432-devel-4.3.4-4.26.M20mdk.i586.rpm 
 738549167401da8b180447dfa41aa190  mnf/2.0/SRPMS/php-4.3.4-4.26.M20mdk.src.rpm

CS3.0 x86_64

 de5cd7123835dbe8d58d519661621b92  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.26.C30mdk.x86_64.rpm
 bc7a35cb5360cf4a301a2f514ff1002d  corporate/3.0/x86_64/php-cgi-4.3.4-4.26.C30mdk.x86_64.rpm
 6fe331363e03e221bbbe8ddac95b24b7  corporate/3.0/x86_64/php-cli-4.3.4-4.26.C30mdk.x86_64.rpm
 d27234ec751507f56297eb7ad00246b2  corporate/3.0/x86_64/php-xmlrpc-4.3.4-1.1.C30mdk.x86_64.rpm
 b3717d84991db4ad6bc162b5713421a4  corporate/3.0/x86_64/php432-devel-4.3.4-4.26.C30mdk.x86_64.rpm 
 7964e9c606307c9af6c1a51160d41caa  corporate/3.0/SRPMS/php-4.3.4-4.26.C30mdk.src.rpm
 0e31d73b03b41014917630a78edd4055  corporate/3.0/SRPMS/php-xmlrpc-4.3.4-1.1.C30mdk.src.rpm

CS4.0 i586

 21652b2fb396cce7991e6929bf4b7d87  corporate/4.0/i586/libphp4_common4-4.4.4-1.6.20060mlcs4.i586.rpm
 d93cc1f82bb7cea14228feeaf097d5ec  corporate/4.0/i586/php4-cgi-4.4.4-1.6.20060mlcs4.i586.rpm
 130c70025d28c6a5cdb4e198a0b3ae4f  corporate/4.0/i586/php4-cli-4.4.4-1.6.20060mlcs4.i586.rpm
 2892ae379e430c22a48724e46e1e74be  corporate/4.0/i586/php4-devel-4.4.4-1.6.20060mlcs4.i586.rpm
 dcd1d9a26a05d0c2ec2f44f7312966cd  corporate/4.0/i586/php4-xmlrpc-4.4.4-1.1.20060mlcs4.i586.rpm 
 a30f364c6dcf21387dc2ccbe759053ee  corporate/4.0/SRPMS/php4-4.4.4-1.6.20060mlcs4.src.rpm
 b4e817698d4ea91c75cb1c0709b9ca5e  corporate/4.0/SRPMS/php4-xmlrpc-4.4.4-1.1.20060mlcs4.src.rpm

Referenzen