Paketname
php4
Datum
2008-07-03
Advisory ID
MDVSA-2008:130
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

An integer overflow in the zip_read_entry() function in PHP prior
to 4.4.5 allowed remote attackers to execute arbitrary code via a
ZIP archive containing a certain type of entry that triggered a heap
overflow (CVE-2007-1777).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

CS4.0 x86_64

 fbc3b649e7429a3dc6e53e367eaf0eb4  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.8.20060mlcs4.x86_64.rpm
 62ec98b2fdf5656e84afa1423f5e757b  corporate/4.0/x86_64/php4-cgi-4.4.4-1.8.20060mlcs4.x86_64.rpm
 6cfc64f13467e939995d00f5b9293701  corporate/4.0/x86_64/php4-cli-4.4.4-1.8.20060mlcs4.x86_64.rpm
 a158811bab4ffcc278660fc6bb0b8eb3  corporate/4.0/x86_64/php4-devel-4.4.4-1.8.20060mlcs4.x86_64.rpm
 e5eec77b3270124b1a68689aa0b3362b  corporate/4.0/x86_64/php4-zip-4.4.4-1.1.20060mlcs4.x86_64.rpm 
 1bd1828056a9485094c3f8dcad359868  corporate/4.0/SRPMS/php4-4.4.4-1.8.20060mlcs4.src.rpm
 1c44162aa2dd129612450a61427e94f4  corporate/4.0/SRPMS/php4-zip-4.4.4-1.1.20060mlcs4.src.rpm

CS4.0 i586

 070c4d4f7403e8a88cebf04ec8332d9c  corporate/4.0/i586/libphp4_common4-4.4.4-1.8.20060mlcs4.i586.rpm
 d4a5b569f487d6d0cd9c32e6c57973e2  corporate/4.0/i586/php4-cgi-4.4.4-1.8.20060mlcs4.i586.rpm
 cc39060ca799894fd2e0e31bdc588d93  corporate/4.0/i586/php4-cli-4.4.4-1.8.20060mlcs4.i586.rpm
 b9445da53d60e15b815d702bb0639b2c  corporate/4.0/i586/php4-devel-4.4.4-1.8.20060mlcs4.i586.rpm
 89578a93f8389f1c18a9ec2bb2976c3d  corporate/4.0/i586/php4-zip-4.4.4-1.1.20060mlcs4.i586.rpm 
 1bd1828056a9485094c3f8dcad359868  corporate/4.0/SRPMS/php4-4.4.4-1.8.20060mlcs4.src.rpm
 1c44162aa2dd129612450a61427e94f4  corporate/4.0/SRPMS/php4-zip-4.4.4-1.1.20060mlcs4.src.rpm

Referenzen