MDVSA-2009:324

Package name

php

Date

2009-12-07

Advisory ID

MDVSA-2009:324

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in php:

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).

The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x
before 5.2.9 allows remote attackers to cause a denial of service
(segmentation fault) via a malformed string to the json_decode API
function (CVE-2009-1271).

- Fixed upstream bug #48378 (exif_read_data() segfaults on certain
corrupted .jpeg files) (CVE-2009-2687).

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to
an incorrect sanity check for the color index. (CVE-2009-3293)

The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the
GD Graphics Library 2.x, does not properly verify a certain colorsTotal
structure member, which might allow remote attackers to conduct
buffer overflow or buffer over-read attacks via a crafted GD file,
a different vulnerability than CVE-2009-3293. NOTE: some of these
details are obtained from third party information (CVE-2009-3546).

The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass safe_mode restrictions, and create files in group-writable
or world-writable directories, via the dir and prefix arguments
(CVE-2009-3557).

The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass open_basedir restrictions, and create FIFO files, via the
pathname and mode arguments, as demonstrated by creating a .htaccess
file (CVE-2009-3558).

PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of temporary files created when handling a multipart/form-data POST
request, which allows remote attackers to cause a denial of service
(resource exhaustion), and makes it easier for remote attackers to
exploit local file inclusion vulnerabilities, via multiple requests,
related to lack of support for the max_file_uploads directive
(CVE-2009-4017).

The proc_open function in ext/standard/proc_open.c in PHP
before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)
safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars
directives, which allows context-dependent attackers to execute
programs with an arbitrary environment via the env parameter, as
demonstrated by a crafted value of the LD_LIBRARY_PATH environment
variable (CVE-2009-4018).

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.

The php-suhosin package has been upgraded to 0.9.22 which has better
support for apache vhosts.

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides a solution to these vulnerabilities.

Updated packages

2008.0 i586

 5907047cfe29f998d63770f4aca5ec2a  2008.0/i586/libphp5_common5-5.2.4-3.6mdv2008.0.i586.rpm
 1f7bfda385fed3c55c8fb07690551865  2008.0/i586/php-bcmath-5.2.4-3.6mdv2008.0.i586.rpm
 6103ec9ff3bc438bc3ce60d4d85fd575  2008.0/i586/php-bz2-5.2.4-3.6mdv2008.0.i586.rpm
 8c193c3ef35058785fe1d1a78cab2e7a  2008.0/i586/php-calendar-5.2.4-3.6mdv2008.0.i586.rpm
 2f29dbcad9a4e13d535ccc75f7b8c6f7  2008.0/i586/php-cgi-5.2.4-3.6mdv2008.0.i586.rpm
 e3c2014e10e71cdd48c1331a7b3bd525  2008.0/i586/php-cli-5.2.4-3.6mdv2008.0.i586.rpm
 02907446a13ead038b9133458d26d392  2008.0/i586/php-ctype-5.2.4-3.6mdv2008.0.i586.rpm
 e48894dac1939e4f8f72fb6295f08f21  2008.0/i586/php-curl-5.2.4-3.6mdv2008.0.i586.rpm
 73586cf4a3a9f5db8e2aed823ee89efc  2008.0/i586/php-dba-5.2.4-3.6mdv2008.0.i586.rpm
 d6f6fce7a4e63569f8ec150ffe0f2e08  2008.0/i586/php-dbase-5.2.4-3.6mdv2008.0.i586.rpm
 6ff3d846c895b652bd18009741c413d0  2008.0/i586/php-devel-5.2.4-3.6mdv2008.0.i586.rpm
 a2bf35d2a2d7260b6cb0f9142796e3d0  2008.0/i586/php-dom-5.2.4-3.6mdv2008.0.i586.rpm
 97988d1b2858359caf02b88e292a202f  2008.0/i586/php-exif-5.2.4-3.6mdv2008.0.i586.rpm
 afca816a2aea063110f49de6d4ce0cf0  2008.0/i586/php-fcgi-5.2.4-3.6mdv2008.0.i586.rpm
 d5ead4f15d565fcef2299c71eca53fa1  2008.0/i586/php-filter-5.2.4-3.6mdv2008.0.i586.rpm
 43a0e32199483a3e526b2e0b79bcf381  2008.0/i586/php-ftp-5.2.4-3.6mdv2008.0.i586.rpm
 b579f9f9b881e5495241e36c72a0e2ca  2008.0/i586/php-gd-5.2.4-3.6mdv2008.0.i586.rpm
 26b2a8b479f803d4d6830eef8c9db521  2008.0/i586/php-gettext-5.2.4-3.6mdv2008.0.i586.rpm
 d32b77fa02930b45f992b024432d99f9  2008.0/i586/php-gmp-5.2.4-3.6mdv2008.0.i586.rpm
 a9494fe2ece5abfa487c37ee6534ad28  2008.0/i586/php-hash-5.2.4-3.6mdv2008.0.i586.rpm
 5bf5451524acc2017a43447d869e846b  2008.0/i586/php-iconv-5.2.4-3.6mdv2008.0.i586.rpm
 51272381513f886eaf3215d1d8ad2972  2008.0/i586/php-imap-5.2.4-3.6mdv2008.0.i586.rpm
 6386d86dadce9548081eab9ab093b8de  2008.0/i586/php-ini-5.2.4-1.1mdv2008.0.i586.rpm
 ccf426ac54125e0eb5485fb97f120d09  2008.0/i586/php-json-5.2.4-3.6mdv2008.0.i586.rpm
 eac3e437b3156924fe3b0b5d3feabfb9  2008.0/i586/php-ldap-5.2.4-3.6mdv2008.0.i586.rpm
 034a5885a61d681882ecf042dc9cd2c8  2008.0/i586/php-mbstring-5.2.4-3.6mdv2008.0.i586.rpm
 655e6362f4e341e2cf7927df002bdc0a  2008.0/i586/php-mcrypt-5.2.4-3.6mdv2008.0.i586.rpm
 1029eef7d454166cdddd2158c74ca88a  2008.0/i586/php-mhash-5.2.4-3.6mdv2008.0.i586.rpm
 c3bd5844dcb7004b0a23aba2469e4ae6  2008.0/i586/php-mime_magic-5.2.4-3.6mdv2008.0.i586.rpm
 cf66700d148097ccded9e902d316aeaf  2008.0/i586/php-ming-5.2.4-3.6mdv2008.0.i586.rpm
 7616e901d9d908379d8e5f1a739469c3  2008.0/i586/php-mssql-5.2.4-3.6mdv2008.0.i586.rpm
 53dcfba286d9e0fe584108097a741759  2008.0/i586/php-mysql-5.2.4-3.6mdv2008.0.i586.rpm
 d0996f9e2800b22f2b125cb3dcd31240  2008.0/i586/php-mysqli-5.2.4-3.6mdv2008.0.i586.rpm
 b9b26675416526c4d352704adfd973c5  2008.0/i586/php-ncurses-5.2.4-3.6mdv2008.0.i586.rpm
 f07aa79ee6bfaecf1dfcf1bf100d329f  2008.0/i586/php-odbc-5.2.4-3.6mdv2008.0.i586.rpm
 9907796af8f9b4a78399ec7324fc2015  2008.0/i586/php-openssl-5.2.4-3.6mdv2008.0.i586.rpm
 edccf367d4abc46d066de50e016f3806  2008.0/i586/php-pcntl-5.2.4-3.6mdv2008.0.i586.rpm
 7851c13f51660d71eb6e10109e54e94b  2008.0/i586/php-pdo-5.2.4-3.6mdv2008.0.i586.rpm
 7694dc30430f94fedb65d0db1ceebd02  2008.0/i586/php-pdo_dblib-5.2.4-3.6mdv2008.0.i586.rpm
 b6ba55716833809dd71133b506ba9dd6  2008.0/i586/php-pdo_mysql-5.2.4-3.6mdv2008.0.i586.rpm
 7e1d0e394d9b36a05ebd49bd166e6ccb  2008.0/i586/php-pdo_odbc-5.2.4-3.6mdv2008.0.i586.rpm
 013b944420b8077c56fabc0f719f08b9  2008.0/i586/php-pdo_pgsql-5.2.4-3.6mdv2008.0.i586.rpm
 8766247aabe1de8abdc4c6b1f6ed0bfc  2008.0/i586/php-pdo_sqlite-5.2.4-3.6mdv2008.0.i586.rpm
 2f44b6fa3160f950f164a54eee2c56cd  2008.0/i586/php-pgsql-5.2.4-3.6mdv2008.0.i586.rpm
 ded6268c8851484c83700ce4c32a26b1  2008.0/i586/php-posix-5.2.4-3.6mdv2008.0.i586.rpm
 56238906a7cda39208cfecb7ae159d8d  2008.0/i586/php-pspell-5.2.4-3.6mdv2008.0.i586.rpm
 0ef80d5c872ad32792afcbbea695e73d  2008.0/i586/php-readline-5.2.4-3.6mdv2008.0.i586.rpm
 caf2096220d7e0a095fcedc6df754fdf  2008.0/i586/php-recode-5.2.4-3.6mdv2008.0.i586.rpm
 533762c6c29b1969a17638d385ba7ec7  2008.0/i586/php-session-5.2.4-3.6mdv2008.0.i586.rpm
 b2ead63fa58200c74c0597d03b663665  2008.0/i586/php-shmop-5.2.4-3.6mdv2008.0.i586.rpm
 085e2bade0e2e0bc01c9d1c52ce43ab7  2008.0/i586/php-simplexml-5.2.4-3.6mdv2008.0.i586.rpm
 6eeb0f613b8eca66e84ff24acc5c5009  2008.0/i586/php-snmp-5.2.4-3.6mdv2008.0.i586.rpm
 8edb10e58bc7a9a178de437347eefb30  2008.0/i586/php-soap-5.2.4-3.6mdv2008.0.i586.rpm
 eaac2fd1a9d4dff5a5c514922d207d3e  2008.0/i586/php-sockets-5.2.4-3.6mdv2008.0.i586.rpm
 8a35c913491bccb259c7fc114a6381dc  2008.0/i586/php-sqlite-5.2.4-3.6mdv2008.0.i586.rpm
 f04ceb5e1172d67e732b30ad23d34b8d  2008.0/i586/php-suhosin-0.9.22-1.1mdv2008.0.i586.rpm
 ab63afb995d9ea97518f7d1c335d76ba  2008.0/i586/php-sysvmsg-5.2.4-3.6mdv2008.0.i586.rpm
 f13e23535552b19714c2a6718611eae7  2008.0/i586/php-sysvsem-5.2.4-3.6mdv2008.0.i586.rpm
 2993bf3e29b7d170130aef976531abe5  2008.0/i586/php-sysvshm-5.2.4-3.6mdv2008.0.i586.rpm
 f4a49d9aa9562129b5668f14010c277d  2008.0/i586/php-tidy-5.2.4-3.6mdv2008.0.i586.rpm
 facab5c2609bfcf62e50842d2f60a8ad  2008.0/i586/php-tokenizer-5.2.4-3.6mdv2008.0.i586.rpm
 dc2b8a1e689632404fce33902bb724ed  2008.0/i586/php-wddx-5.2.4-3.6mdv2008.0.i586.rpm
 52be5a07d2ceb10aa8e132b3b43d6977  2008.0/i586/php-xml-5.2.4-3.6mdv2008.0.i586.rpm
 6286257e7b4ef0b8cc6edd791e8545c3  2008.0/i586/php-xmlreader-5.2.4-3.6mdv2008.0.i586.rpm
 65746be75e6d3f64439fa7b9f2f84c53  2008.0/i586/php-xmlrpc-5.2.4-3.6mdv2008.0.i586.rpm
 9ce92dc33ca99b1b9b70a5fdeb5fd33d  2008.0/i586/php-xmlwriter-5.2.4-3.6mdv2008.0.i586.rpm
 4924cd25998ae9dfbf9ac6c04d609510  2008.0/i586/php-xsl-5.2.4-3.6mdv2008.0.i586.rpm
 db3036de2be6962235e5a61e12020a3f  2008.0/i586/php-zlib-5.2.4-3.6mdv2008.0.i586.rpm 
 65df1f4f129da06e2a1e9823cfead368  2008.0/SRPMS/php-5.2.4-3.6mdv2008.0.src.rpm
 e56e53a7c7191d9ed2a97e5242efc9f6  2008.0/SRPMS/php-ini-5.2.4-1.1mdv2008.0.src.rpm
 6aa8398ac283a2e9191a610c9257b92d  2008.0/SRPMS/php-suhosin-0.9.22-1.1mdv2008.0.src.rpm

2008.0 x86_64

 f398a99ea95cb9ef87714f329f6aa50a  2008.0/x86_64/lib64php5_common5-5.2.4-3.6mdv2008.0.x86_64.rpm
 942f2dc1196117662b235556f26502bb  2008.0/x86_64/php-bcmath-5.2.4-3.6mdv2008.0.x86_64.rpm
 b3c12cf540d0740b92fd309812188e1d  2008.0/x86_64/php-bz2-5.2.4-3.6mdv2008.0.x86_64.rpm
 ad6de23700fea32a1a8da6864c3a25a9  2008.0/x86_64/php-calendar-5.2.4-3.6mdv2008.0.x86_64.rpm
 daa7d8731219b6a9a550d7969476dab6  2008.0/x86_64/php-cgi-5.2.4-3.6mdv2008.0.x86_64.rpm
 eb5e0e88648e681389e11b759c5401ba  2008.0/x86_64/php-cli-5.2.4-3.6mdv2008.0.x86_64.rpm
 21f65993be1060bb8748c61bcb1dd6dd  2008.0/x86_64/php-ctype-5.2.4-3.6mdv2008.0.x86_64.rpm
 b2028868517e6e4991d2c1db8c406e2c  2008.0/x86_64/php-curl-5.2.4-3.6mdv2008.0.x86_64.rpm
 522d18ab9518c8e8d1fb1bb7fbcf2a49  2008.0/x86_64/php-dba-5.2.4-3.6mdv2008.0.x86_64.rpm
 8a070b2511de44d5d07468a0d43077ee  2008.0/x86_64/php-dbase-5.2.4-3.6mdv2008.0.x86_64.rpm
 a59fe2ff50f0a8f576acb8c4dd1e9225  2008.0/x86_64/php-devel-5.2.4-3.6mdv2008.0.x86_64.rpm
 c126c13396eed70bf74278f19ff06b9f  2008.0/x86_64/php-dom-5.2.4-3.6mdv2008.0.x86_64.rpm
 258da77d47e3e7ca4e589122dc95d7be  2008.0/x86_64/php-exif-5.2.4-3.6mdv2008.0.x86_64.rpm
 63622aad8a56b0114e32d94468ee548b  2008.0/x86_64/php-fcgi-5.2.4-3.6mdv2008.0.x86_64.rpm
 a48b0162727b1c07432076c9ef9edf2a  2008.0/x86_64/php-filter-5.2.4-3.6mdv2008.0.x86_64.rpm
 9733150395b7205f14ab77c1f07c7e41  2008.0/x86_64/php-ftp-5.2.4-3.6mdv2008.0.x86_64.rpm
 d0af7bf2965e815b299573c6a180ae43  2008.0/x86_64/php-gd-5.2.4-3.6mdv2008.0.x86_64.rpm
 e2c886e10297423b6dab80c9aa2acdba  2008.0/x86_64/php-gettext-5.2.4-3.6mdv2008.0.x86_64.rpm
 2ff4cadd8f9735f9681bfda85b92eec4  2008.0/x86_64/php-gmp-5.2.4-3.6mdv2008.0.x86_64.rpm
 6826151c9239f8cc561e946155e6e390  2008.0/x86_64/php-hash-5.2.4-3.6mdv2008.0.x86_64.rpm
 dc22e7263a883c3af5332d799a30870a  2008.0/x86_64/php-iconv-5.2.4-3.6mdv2008.0.x86_64.rpm
 c4144dbe62aec1bdbd4179b7c83f0453  2008.0/x86_64/php-imap-5.2.4-3.6mdv2008.0.x86_64.rpm
 855b5a2768757424caeeeb9173b48e12  2008.0/x86_64/php-ini-5.2.4-1.1mdv2008.0.x86_64.rpm
 6a3edd387c56577cb1d785380d514b2e  2008.0/x86_64/php-json-5.2.4-3.6mdv2008.0.x86_64.rpm
 2e15c34ae48b9f20e1067777a1878b1c  2008.0/x86_64/php-ldap-5.2.4-3.6mdv2008.0.x86_64.rpm
 1c0ea7c6ef9e881eae5a9fb74c630cf4  2008.0/x86_64/php-mbstring-5.2.4-3.6mdv2008.0.x86_64.rpm
 fe296150445d1da8f8fe5d377def8df2  2008.0/x86_64/php-mcrypt-5.2.4-3.6mdv2008.0.x86_64.rpm
 9eb7e2fd8cfa76953483cd657f6913db  2008.0/x86_64/php-mhash-5.2.4-3.6mdv2008.0.x86_64.rpm
 893cb626d6b8fd6025b711ef0c4e39a8  2008.0/x86_64/php-mime_magic-5.2.4-3.6mdv2008.0.x86_64.rpm
 4240127ce4b5fe432c9ab77aa497f777  2008.0/x86_64/php-ming-5.2.4-3.6mdv2008.0.x86_64.rpm
 3f185a12b5e9f6412e70ce111caaba99  2008.0/x86_64/php-mssql-5.2.4-3.6mdv2008.0.x86_64.rpm
 6f3672ba3fe414bcb1bb88c4c29a5c15  2008.0/x86_64/php-mysql-5.2.4-3.6mdv2008.0.x86_64.rpm
 90e4e29a343c7d5c842d308c4070cb3f  2008.0/x86_64/php-mysqli-5.2.4-3.6mdv2008.0.x86_64.rpm
 cbe5fdc6cae0e4e6ab968bc853f6327d  2008.0/x86_64/php-ncurses-5.2.4-3.6mdv2008.0.x86_64.rpm
 ca1314f20bef9ccb3b249297141e463a  2008.0/x86_64/php-odbc-5.2.4-3.6mdv2008.0.x86_64.rpm
 4f343234d1b345b2a40c6dadc1eb2a2d  2008.0/x86_64/php-openssl-5.2.4-3.6mdv2008.0.x86_64.rpm
 ce9431f572447eac15656d98721e74f9  2008.0/x86_64/php-pcntl-5.2.4-3.6mdv2008.0.x86_64.rpm
 872211884f49bd797b0c1f40640487f6  2008.0/x86_64/php-pdo-5.2.4-3.6mdv2008.0.x86_64.rpm
 ce87f62defbd55aefb63d689c1973674  2008.0/x86_64/php-pdo_dblib-5.2.4-3.6mdv2008.0.x86_64.rpm
 fab20b4720b373d7660aaaa5be111340  2008.0/x86_64/php-pdo_mysql-5.2.4-3.6mdv2008.0.x86_64.rpm
 e723f4985207d57461e468657ae01f6c  2008.0/x86_64/php-pdo_odbc-5.2.4-3.6mdv2008.0.x86_64.rpm
 b32cb6ef6d16351a30f8b7508714428a  2008.0/x86_64/php-pdo_pgsql-5.2.4-3.6mdv2008.0.x86_64.rpm
 b96f4f11dce70109e0725dd323ad12f6  2008.0/x86_64/php-pdo_sqlite-5.2.4-3.6mdv2008.0.x86_64.rpm
 c99e1b7ada0034ec40a5e728bd5061f6  2008.0/x86_64/php-pgsql-5.2.4-3.6mdv2008.0.x86_64.rpm
 9161d9cb7e67d27df6a4e0bc69a8703e  2008.0/x86_64/php-posix-5.2.4-3.6mdv2008.0.x86_64.rpm
 37345e0cab4c994a5abc28fbc42c4689  2008.0/x86_64/php-pspell-5.2.4-3.6mdv2008.0.x86_64.rpm
 816df2a2817bfdab756cfeb815c9ea7f  2008.0/x86_64/php-readline-5.2.4-3.6mdv2008.0.x86_64.rpm
 267ac1be83b93e57dc53319a9821f83a  2008.0/x86_64/php-recode-5.2.4-3.6mdv2008.0.x86_64.rpm
 d9b625a85aa176b84bed0ac2eefcc8c5  2008.0/x86_64/php-session-5.2.4-3.6mdv2008.0.x86_64.rpm
 140129653d08f80fe28296be4678a3b2  2008.0/x86_64/php-shmop-5.2.4-3.6mdv2008.0.x86_64.rpm
 a89dcea1c88ff695a8b50dd94b0f71cd  2008.0/x86_64/php-simplexml-5.2.4-3.6mdv2008.0.x86_64.rpm
 75580d06c01fba33dbdecd89f7320715  2008.0/x86_64/php-snmp-5.2.4-3.6mdv2008.0.x86_64.rpm
 2f26e05df372e97ebebe2463a02676d0  2008.0/x86_64/php-soap-5.2.4-3.6mdv2008.0.x86_64.rpm
 91b225bed23ee8e8abc6845a82d22b08  2008.0/x86_64/php-sockets-5.2.4-3.6mdv2008.0.x86_64.rpm
 17ff231801523cf9c708927457229ff3  2008.0/x86_64/php-sqlite-5.2.4-3.6mdv2008.0.x86_64.rpm
 e7e08cf3d3d5a50b3289cd490d5b9849  2008.0/x86_64/php-suhosin-0.9.22-1.1mdv2008.0.x86_64.rpm
 cd30ec9e6ea88a9b93608a41f73b435d  2008.0/x86_64/php-sysvmsg-5.2.4-3.6mdv2008.0.x86_64.rpm
 0ed754d7981865b651de949ed39b9e50  2008.0/x86_64/php-sysvsem-5.2.4-3.6mdv2008.0.x86_64.rpm
 f654cd657f92eeb5a29fce4fd05a7949  2008.0/x86_64/php-sysvshm-5.2.4-3.6mdv2008.0.x86_64.rpm
 3337e7433be806cd5607acb30879fac0  2008.0/x86_64/php-tidy-5.2.4-3.6mdv2008.0.x86_64.rpm
 7de4c7d4f4c5a3dfcc55a60009720440  2008.0/x86_64/php-tokenizer-5.2.4-3.6mdv2008.0.x86_64.rpm
 c622f1d0c1b4eb646032e7f6aec13509  2008.0/x86_64/php-wddx-5.2.4-3.6mdv2008.0.x86_64.rpm
 3fe98b20e6bbb2be169f48ed3e44f751  2008.0/x86_64/php-xml-5.2.4-3.6mdv2008.0.x86_64.rpm
 724ba905526fc57800edffba59b8db50  2008.0/x86_64/php-xmlreader-5.2.4-3.6mdv2008.0.x86_64.rpm
 e55b20b88f569148520db75d8ce52d8a  2008.0/x86_64/php-xmlrpc-5.2.4-3.6mdv2008.0.x86_64.rpm
 945fcc56d1ab56eca38eeb97e805127a  2008.0/x86_64/php-xmlwriter-5.2.4-3.6mdv2008.0.x86_64.rpm
 36b5946d0beeef03f4d7039982a129e1  2008.0/x86_64/php-xsl-5.2.4-3.6mdv2008.0.x86_64.rpm
 8d57d8f57b6d6d213c8b1cac9e0a2b34  2008.0/x86_64/php-zlib-5.2.4-3.6mdv2008.0.x86_64.rpm 
 65df1f4f129da06e2a1e9823cfead368  2008.0/SRPMS/php-5.2.4-3.6mdv2008.0.src.rpm
 e56e53a7c7191d9ed2a97e5242efc9f6  2008.0/SRPMS/php-ini-5.2.4-1.1mdv2008.0.src.rpm
 6aa8398ac283a2e9191a610c9257b92d  2008.0/SRPMS/php-suhosin-0.9.22-1.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4018
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7068