Paketname
php
Datum
2007-09-21
Advisory ID
MDKSA-2007:187
Betroffene Versionen
CS4.0 x86_64 , MNF2.0 i586 , 2007.0 x86_64 , 2007.1 i586 , 2007.0 i586 , CS3.0 x86_64 , CS4.0 i586 , CS3.0 i586 , 2007.1 x86_64

Problembeschreibung

Numerous vulnerabilities were discovered in the PHP scripting language
that are corrected with this update.

An integer overflow in the substr_compare() function allows
context-dependent attackers to read sensitive memory via a large
value in the length argument. This only affects PHP5 (CVE-2007-1375).

A stack-based buffer overflow in the zip:// URI wrapper in PECL
ZIP 1.8.3 and earlier allowes remote attackers to execute arbitrary
code via a long zip:// URL. This only affects Corporate Server 4.0
(CVE-2007-1399).

A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
could allow an attacker to inject arbitrary email headers via a
special email address. This only affects Mandriva Linux 2007.1
(CVE-2007-1900).

The mcrypt_create_iv() function calls php_rand_r() with an
uninitialized seed variable, thus always generating the same
initialization vector, which may allow an attacker to decrypt
certain data more easily because of the guessable encryption keys
(CVE-2007-2727).

The soap extension calls php_rand_r() with an uninitialized seec
variable, which has unknown impact and attack vectors; an issue
similar to that affecting mcrypt_create_iv(). This only affects PHP5
(CVE-2007-2728).

The substr_count() function allows attackers to obtain sensitive
information via unspecified vectors. This only affects PHP5
(CVE-2007-2748).

An infinite loop was found in the gd extension that could be used to
cause a denial of service if a script were forced to process certain
PNG images from untrusted sources (CVE-2007-2756).

An integer overflow flaw was found in the chunk_split() function that
ould possibly execute arbitrary code as the apache user if a remote
attacker was able to pass arbitrary data to the third argument of
chunk_split() (CVE-2007-2872).

A flaw in the PHP session cookie handling could allow an attacker to
create a cross-site cookie insertion attack if a victim followed an
untrusted carefully-crafted URL (CVE-2007-3799).

Various integer overflow flaws were discovered in the PHP gd extension
that could allow a remote attacker to execute arbitrary code as the
apache user (CVE-2007-3996).

A flaw in the wordwrap() frunction could result in a denial of ervice
if a remote attacker was able to pass arbitrary data to the function
(CVE-2007-3998).

A flaw in the money_format() function could result in an information
leak or denial of service if a remote attacker was able to pass
arbitrary data to this function; this situation would be unlikely
however (CVE-2007-4658).

A bug in the PHP session cookie handling could allow an attacker to
stop a victim from viewing a vulnerable website if the victim first
visited a malicious website under the control of the attacker who
was able to use that page to set a cookie for the vulnerable website
(CVE-2007-4670).

Updated packages have been patched to prevent these issues.
In addition, PECL ZIP version 1.8.10 is being provided for Corporate
Server 4.0.

Aktualisierte Pakete

CS4.0 x86_64

 d04a06f2a1d4c8d36b1ce3de6448577b  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.7.20060mlcs4.x86_64.rpm
 b22d1122c842de135ddf34d331641da8  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.8.20060mlcs4.x86_64.rpm
 9866242fb135cca7cf3e35e97f5178af  corporate/4.0/x86_64/php-cgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
 c68e05947bec3bb82e9d1d5c572f96d5  corporate/4.0/x86_64/php-cli-5.1.6-1.8.20060mlcs4.x86_64.rpm
 cf53b9aaef91d88655f9d74e3ff2aacb  corporate/4.0/x86_64/php-devel-5.1.6-1.8.20060mlcs4.x86_64.rpm
 f8c251520d975a4010def1750fd8346d  corporate/4.0/x86_64/php-fcgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
 5b34f8737e26d00f33c0328d763ab213  corporate/4.0/x86_64/php-gd-5.1.6-1.3.20060mlcs4.x86_64.rpm
 758cf65ca6d0a4abebb902e0cba8a340  corporate/4.0/x86_64/php-mcrypt-5.1.6-1.1.20060mlcs4.x86_64.rpm
 13bee1adbfe5e67c01ca731ea81dbdd9  corporate/4.0/x86_64/php-soap-5.1.6-1.2.20060mlcs4.x86_64.rpm
 4c0b39d8927c6cb19e32befb0539680e  corporate/4.0/x86_64/php-zip-1.8.10-0.1.20060mlcs4.x86_64.rpm
 5ada3b423910e48a26c77a8cf95cc274  corporate/4.0/x86_64/php4-cgi-4.4.4-1.7.20060mlcs4.x86_64.rpm
 84fae5bb1c27d7c4a6dcb7c29966e2ce  corporate/4.0/x86_64/php4-cli-4.4.4-1.7.20060mlcs4.x86_64.rpm
 ccc04f5e1301a856a4d8e24bd36342cb  corporate/4.0/x86_64/php4-devel-4.4.4-1.7.20060mlcs4.x86_64.rpm
 0eafa187fc47d54782cba69a73d500f8  corporate/4.0/x86_64/php4-gd-4.4.4-1.2.20060mlcs4.x86_64.rpm
 17f6a6e9ff9cb623ba5538c46571fce5  corporate/4.0/x86_64/php4-mcrypt-4.4.4-1.1.20060mlcs4.x86_64.rpm 
 b406cd54519867c9611c6c6700827457  corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
 491027bf3182f1f56e93e4d3a053d9e0  corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
 dd89eef4f40af9dff068c28bd56b4d5b  corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
 d7107b5be0e7768abad9c15cc8584ded  corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
 f39e559d753bc59816d4106cd095d0db  corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
 1f1fd034cfd3d3f911315a34326d553e  corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
 00447503df74be2f96f4ec4f93de6694  corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
 c005bcfb3c95e618ba5a4c928d5b75c7  corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

MNF2.0 i586

 4a0e9e73f51d6118c3580b9f556c0a2d  mnf/2.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
 f4698dd4eb9c4c9e12528c70cf458e7f  mnf/2.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
 91e6914a490349580511f216a8220c86  mnf/2.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
 b5655d8d54a14d9f5cdb56246ddad2e3  mnf/2.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
 752e636b31d84df4b9283fc56b60ef5b  mnf/2.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm 
 dba539a2cc542b14898bea508291fb93  mnf/2.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 86dacced331afeb19a375cdcd5ade744  mnf/2.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

2007.0 x86_64

 8ddfb570e663d8b61cbfaf5bc8585d54  2007.0/x86_64/lib64php5_common5-5.1.6-1.9mdv2007.0.x86_64.rpm
 d05d20ad5c5ddd84649aaed661b83c7a  2007.0/x86_64/php-cgi-5.1.6-1.9mdv2007.0.x86_64.rpm
 9ba45cce68ffa043cf1fb23fe765e104  2007.0/x86_64/php-cli-5.1.6-1.9mdv2007.0.x86_64.rpm
 26ead0e8cd3bab9ba64cc39f596d6533  2007.0/x86_64/php-devel-5.1.6-1.9mdv2007.0.x86_64.rpm
 65673d78e3e1af683d64e30ba832be63  2007.0/x86_64/php-fcgi-5.1.6-1.9mdv2007.0.x86_64.rpm
 0d478806da998759a96cdbf8694c0324  2007.0/x86_64/php-gd-5.1.6-1.3mdv2007.0.x86_64.rpm
 99ec9336533a6ff74b93841497a73fe1  2007.0/x86_64/php-mcrypt-5.1.6-1.1mdv2007.0.x86_64.rpm
 1b5bdc02b561134835c729fb404b0931  2007.0/x86_64/php-soap-5.1.6-1.2mdv2007.0.x86_64.rpm 
 06fef845a7f0eb15fbda8e01d2449759  2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
 1c4c5379d367dd0ba8c002d2a60eb8b1  2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
 4b4382448f9be55ea66f8b910a12a97c  2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
 c9e9b415eac3b864ffcece762c6aa6bb  2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

2007.1 i586

 cfb5ebca225920865fd41b8d7379ec04  2007.1/i586/libphp5_common5-5.2.1-4.3mdv2007.1.i586.rpm
 fd99e8fd1eba60464844111ba0bf658f  2007.1/i586/php-cgi-5.2.1-4.3mdv2007.1.i586.rpm
 d2d5ef2a6eb326c85e5e4e66d5488032  2007.1/i586/php-cli-5.2.1-4.3mdv2007.1.i586.rpm
 f8ff08caf4bf9d4b06c84dabf426ad4f  2007.1/i586/php-devel-5.2.1-4.3mdv2007.1.i586.rpm
 0e362fc96f32b9046df73d01938f4a4f  2007.1/i586/php-fcgi-5.2.1-4.3mdv2007.1.i586.rpm
 3796283e1a18abd35c66e9fdb7cecf84  2007.1/i586/php-gd-5.2.1-1.2mdv2007.1.i586.rpm
 8303fdaff4f40f7025e84b9571db7557  2007.1/i586/php-mcrypt-5.2.1-1.1mdv2007.1.i586.rpm
 765b7cff3e34bf6be0d31d5e11c6d21f  2007.1/i586/php-openssl-5.2.1-4.3mdv2007.1.i586.rpm
 8ed091e407210049489fb70ba4f18e3f  2007.1/i586/php-soap-5.2.1-1.2mdv2007.1.i586.rpm
 649f2efadad45640ca14f5ab644de67f  2007.1/i586/php-zlib-5.2.1-4.3mdv2007.1.i586.rpm 
 8779e5a26aecb35eaf93a5c54f35a798  2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
 d16710089832ae31873c0db7e6df87fd  2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
 ec8b2d536f13c35dd2c2f1cca92c5694  2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
 90f9821184ef2fc8cca2a35e54080f44  2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

2007.0 i586

 57a68f47fd8c691db93b9eadbbf19b40  2007.0/i586/libphp5_common5-5.1.6-1.9mdv2007.0.i586.rpm
 f82d39f70da087f4d7f9470f81211276  2007.0/i586/php-cgi-5.1.6-1.9mdv2007.0.i586.rpm
 a22e66bf85ab53ff1782ce331ffa60a6  2007.0/i586/php-cli-5.1.6-1.9mdv2007.0.i586.rpm
 c3cd07dba2182b4f583794a3b240e84e  2007.0/i586/php-devel-5.1.6-1.9mdv2007.0.i586.rpm
 265ef0003e043ad3013022b1e566fd89  2007.0/i586/php-fcgi-5.1.6-1.9mdv2007.0.i586.rpm
 598e110d6abcc345a0b6ee1676214ee2  2007.0/i586/php-gd-5.1.6-1.3mdv2007.0.i586.rpm
 0f9a486f5ccadd55c81aa61705ae5d81  2007.0/i586/php-mcrypt-5.1.6-1.1mdv2007.0.i586.rpm
 6d7d80d3cdeae2e4ca286b67be659cef  2007.0/i586/php-soap-5.1.6-1.2mdv2007.0.i586.rpm 
 06fef845a7f0eb15fbda8e01d2449759  2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
 1c4c5379d367dd0ba8c002d2a60eb8b1  2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
 4b4382448f9be55ea66f8b910a12a97c  2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
 c9e9b415eac3b864ffcece762c6aa6bb  2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

CS3.0 x86_64

 54b38db5000d71f5f4cfe0d55ea8839d  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.27.C30mdk.x86_64.rpm
 e06d422dedbd7ff39eb86c8afdf23f8c  corporate/3.0/x86_64/php-cgi-4.3.4-4.27.C30mdk.x86_64.rpm
 66bea84020ec6231dbc345215b6398d4  corporate/3.0/x86_64/php-cli-4.3.4-4.27.C30mdk.x86_64.rpm
 6e47af7339e7c939133d3bbab0b54c60  corporate/3.0/x86_64/php-gd-4.3.4-1.7.C30mdk.x86_64.rpm
 9aa27728797f8a8b7fe6932237779dc1  corporate/3.0/x86_64/php432-devel-4.3.4-4.27.C30mdk.x86_64.rpm 
 74c8bcac18b502174d270a0e2529d8e8  corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 7db08e02ff0b4d59c58bbef5ff25a89b  corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

CS4.0 i586

 6660cfe8b3e883412a9d138cb4776a17  corporate/4.0/i586/libphp4_common4-4.4.4-1.7.20060mlcs4.i586.rpm
 0a43b956bf221f3dc6b534aed4c2c332  corporate/4.0/i586/libphp5_common5-5.1.6-1.8.20060mlcs4.i586.rpm
 d01223da70e8e3c6c17b0bd065cf4747  corporate/4.0/i586/php-cgi-5.1.6-1.8.20060mlcs4.i586.rpm
 9cdf4d6ba4446811b0118126b31dd80b  corporate/4.0/i586/php-cli-5.1.6-1.8.20060mlcs4.i586.rpm
 6f486a6a19edef73ac2bc6aba2cf342a  corporate/4.0/i586/php-devel-5.1.6-1.8.20060mlcs4.i586.rpm
 a126823de602fb9aecae42f052ab2827  corporate/4.0/i586/php-fcgi-5.1.6-1.8.20060mlcs4.i586.rpm
 9c198b7e8a34c3e4d03f18174b2b1a84  corporate/4.0/i586/php-gd-5.1.6-1.3.20060mlcs4.i586.rpm
 b58d0518a5a44bdb26006df7b3d0b9f4  corporate/4.0/i586/php-mcrypt-5.1.6-1.1.20060mlcs4.i586.rpm
 c306da649d383d2ef0d4e568e8f77bd2  corporate/4.0/i586/php-soap-5.1.6-1.2.20060mlcs4.i586.rpm
 6fbcf94c677317eaa73f2972afbece1c  corporate/4.0/i586/php-zip-1.8.10-0.1.20060mlcs4.i586.rpm
 473813677bb2f261182b53f6175908b8  corporate/4.0/i586/php4-cgi-4.4.4-1.7.20060mlcs4.i586.rpm
 5c53c5fd3860246341522a47712b7d18  corporate/4.0/i586/php4-cli-4.4.4-1.7.20060mlcs4.i586.rpm
 079851b5a916b27cb16aa4bde9bcd86e  corporate/4.0/i586/php4-devel-4.4.4-1.7.20060mlcs4.i586.rpm
 cf0a080ecd0acb5e01f7e2e41ed3c76d  corporate/4.0/i586/php4-gd-4.4.4-1.2.20060mlcs4.i586.rpm
 c2333bbae7d3a20b90a2e174f2caf5da  corporate/4.0/i586/php4-mcrypt-4.4.4-1.1.20060mlcs4.i586.rpm 
 b406cd54519867c9611c6c6700827457  corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
 491027bf3182f1f56e93e4d3a053d9e0  corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
 dd89eef4f40af9dff068c28bd56b4d5b  corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
 d7107b5be0e7768abad9c15cc8584ded  corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
 f39e559d753bc59816d4106cd095d0db  corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
 1f1fd034cfd3d3f911315a34326d553e  corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
 00447503df74be2f96f4ec4f93de6694  corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
 c005bcfb3c95e618ba5a4c928d5b75c7  corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

CS3.0 i586

 247e24717edaad099d4dfac36d06da11  corporate/3.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
 a2fe1080b8981493b83f6bb6c08a6f83  corporate/3.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
 0468aa254c2495b128f4ea776b7100f7  corporate/3.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
 230476bcb71774884ec17ecbef336e5c  corporate/3.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
 3cac8eecfdee304b0889fbe99958a6ca  corporate/3.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm 
 74c8bcac18b502174d270a0e2529d8e8  corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 7db08e02ff0b4d59c58bbef5ff25a89b  corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

2007.1 x86_64

 4af5b6e98feeeb88b8993768c15497ce  2007.1/x86_64/lib64php5_common5-5.2.1-4.3mdv2007.1.x86_64.rpm
 f5e5fbb413e349ff9ae9e8e82a59dd92  2007.1/x86_64/php-cgi-5.2.1-4.3mdv2007.1.x86_64.rpm
 c93c070b38a3c2602dbfea38e648fea1  2007.1/x86_64/php-cli-5.2.1-4.3mdv2007.1.x86_64.rpm
 5d7fa073092e6599eddaaffab5b4df4f  2007.1/x86_64/php-devel-5.2.1-4.3mdv2007.1.x86_64.rpm
 0d593dad6f79e0331d1a9c7544d6fe42  2007.1/x86_64/php-fcgi-5.2.1-4.3mdv2007.1.x86_64.rpm
 8652914b9aa256724004e12621111ce3  2007.1/x86_64/php-gd-5.2.1-1.2mdv2007.1.x86_64.rpm
 cc2993f0faf2d76eb317162162237049  2007.1/x86_64/php-mcrypt-5.2.1-1.1mdv2007.1.x86_64.rpm
 2becb2e136e605d4b6fcbb80b8b96fdc  2007.1/x86_64/php-openssl-5.2.1-4.3mdv2007.1.x86_64.rpm
 241a453a1007cc84f0f789b2a11bf96f  2007.1/x86_64/php-soap-5.2.1-1.2mdv2007.1.x86_64.rpm
 58a30a4284944ed364d488338c6d4605  2007.1/x86_64/php-zlib-5.2.1-4.3mdv2007.1.x86_64.rpm 
 8779e5a26aecb35eaf93a5c54f35a798  2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
 d16710089832ae31873c0db7e6df87fd  2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
 ec8b2d536f13c35dd2c2f1cca92c5694  2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
 90f9821184ef2fc8cca2a35e54080f44  2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

Referenzen