MDVSA-2008:128

Package name

php

Date

2008-07-03

Advisory ID

MDVSA-2008:128

Affected versions

2008.1 x86_64 , 2008.1 i586

Problem description

A number of vulnerabilities have been found and corrected in PHP:

php-cgi in PHP prior to 5.2.6 does not properly calculate the length
of PATH_TRANSLATED, which has unknown impact and attack vectors
(CVE-2008-0599).

The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown
impact and context-dependent attack vectors related to incomplete
multibyte characters (CVE-2008-2051).

Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).

The IMAP module in PHP uses obsolete API calls that allow
context-dependent attackers to cause a denial of service (crash)
via a long IMAP request (CVE-2008-2829).

In addition, the updated packages provide a number of bug fixes.

The updated packages have been patched to correct these issues.

Updated packages

2008.1 x86_64

 37c9c71baaf2a3d871d2fb03adec4cf0  2008.1/x86_64/lib64php5_common5-5.2.5-14.1mdv2008.1.x86_64.rpm
 7d231c361203d4b5d0408125cf1f8649  2008.1/x86_64/php-bcmath-5.2.5-14.1mdv2008.1.x86_64.rpm
 47a0fe202badead8966c79f853f8dc89  2008.1/x86_64/php-bz2-5.2.5-14.1mdv2008.1.x86_64.rpm
 e31174f0b54331b56db910c4fb2c79a5  2008.1/x86_64/php-calendar-5.2.5-14.1mdv2008.1.x86_64.rpm
 3853e043253e63cad86fb2dd947091d8  2008.1/x86_64/php-cgi-5.2.5-14.1mdv2008.1.x86_64.rpm
 1d290d98029652e2d5c2492859581162  2008.1/x86_64/php-cli-5.2.5-14.1mdv2008.1.x86_64.rpm
 6506809c7d37f485d99f8fc21eeed0a8  2008.1/x86_64/php-ctype-5.2.5-14.1mdv2008.1.x86_64.rpm
 7b091eebb11aaacf07d4939ff512c88b  2008.1/x86_64/php-curl-5.2.5-14.1mdv2008.1.x86_64.rpm
 7bb1bcda1b3a2d54477d04f27bd1f333  2008.1/x86_64/php-dba-5.2.5-14.1mdv2008.1.x86_64.rpm
 bc0b1006a1743e88e49256b964997e57  2008.1/x86_64/php-dbase-5.2.5-14.1mdv2008.1.x86_64.rpm
 5912b191d3faff077ac26d7820dcc8c0  2008.1/x86_64/php-devel-5.2.5-14.1mdv2008.1.x86_64.rpm
 31fece421e022bc04abe1357c1d4f7e2  2008.1/x86_64/php-dom-5.2.5-14.1mdv2008.1.x86_64.rpm
 f8a4115d99dc3015861726179cfc866e  2008.1/x86_64/php-exif-5.2.5-14.1mdv2008.1.x86_64.rpm
 fd6d2f5101133ef83fcece1d07b8af64  2008.1/x86_64/php-fcgi-5.2.5-14.1mdv2008.1.x86_64.rpm
 3f74157d45ffa63d859882bbffcbe919  2008.1/x86_64/php-filter-5.2.5-14.1mdv2008.1.x86_64.rpm
 2a732c2d7a96f3a1121dd12a7efd9daf  2008.1/x86_64/php-ftp-5.2.5-14.1mdv2008.1.x86_64.rpm
 b93cf200e2ae6e01d492fdc94ea07482  2008.1/x86_64/php-gd-5.2.5-14.1mdv2008.1.x86_64.rpm
 18cd2997f1f00662691a181dc43a8ec1  2008.1/x86_64/php-gettext-5.2.5-14.1mdv2008.1.x86_64.rpm
 4dafaf30e6d723648f1bd7030dc1a8e6  2008.1/x86_64/php-gmp-5.2.5-14.1mdv2008.1.x86_64.rpm
 edd1290a6aaa8a017c1831ad11130e27  2008.1/x86_64/php-hash-5.2.5-14.1mdv2008.1.x86_64.rpm
 853ea355568c412d690ac7ddde72546d  2008.1/x86_64/php-iconv-5.2.5-14.1mdv2008.1.x86_64.rpm
 ad0cf57cfc042eb64d112ad59a40c421  2008.1/x86_64/php-imap-5.2.5-14.1mdv2008.1.x86_64.rpm
 f4a0b0017d988de9929d89b086b349ef  2008.1/x86_64/php-json-5.2.5-14.1mdv2008.1.x86_64.rpm
 b27cd3253b5c00ebd67745ad13243c84  2008.1/x86_64/php-ldap-5.2.5-14.1mdv2008.1.x86_64.rpm
 676b808a0b587a4257f88d11036e3aa0  2008.1/x86_64/php-mbstring-5.2.5-14.1mdv2008.1.x86_64.rpm
 fe20ac6413273ac7fa4485256e60995a  2008.1/x86_64/php-mcrypt-5.2.5-14.1mdv2008.1.x86_64.rpm
 dcf40cacec48726612f8411ba34ed8f4  2008.1/x86_64/php-mhash-5.2.5-14.1mdv2008.1.x86_64.rpm
 b3fb128a1a3a1561bc862c2796b95298  2008.1/x86_64/php-mime_magic-5.2.5-14.1mdv2008.1.x86_64.rpm
 7f1e71f77fe2106f0242e783d5257b52  2008.1/x86_64/php-ming-5.2.5-14.1mdv2008.1.x86_64.rpm
 e56f6b325bddbfb3c4a8fcbbbf3d95e1  2008.1/x86_64/php-mssql-5.2.5-14.1mdv2008.1.x86_64.rpm
 499affb25800bab89d30e72be7b887d4  2008.1/x86_64/php-mysql-5.2.5-14.1mdv2008.1.x86_64.rpm
 a7b61b06508a6d220380a3de3a3ee545  2008.1/x86_64/php-mysqli-5.2.5-14.1mdv2008.1.x86_64.rpm
 555ac0b707dc050b2557559474e45e92  2008.1/x86_64/php-ncurses-5.2.5-14.1mdv2008.1.x86_64.rpm
 dfd63fe4e7e853d1ca298d3d0f273847  2008.1/x86_64/php-odbc-5.2.5-14.1mdv2008.1.x86_64.rpm
 4682fe6bb3a0b060e88af72754def31b  2008.1/x86_64/php-openssl-5.2.5-14.1mdv2008.1.x86_64.rpm
 87559329a3c48b52ead4d0565c8b245c  2008.1/x86_64/php-pcntl-5.2.5-14.1mdv2008.1.x86_64.rpm
 9d5c6b3e1c7cf51ecdc18f591d2db51d  2008.1/x86_64/php-pdo-5.2.5-14.1mdv2008.1.x86_64.rpm
 d65c65b59daf765bb59102b6c7efaa8f  2008.1/x86_64/php-pdo_dblib-5.2.5-14.1mdv2008.1.x86_64.rpm
 710d8e5738610884f6a05d92216f4f92  2008.1/x86_64/php-pdo_mysql-5.2.5-14.1mdv2008.1.x86_64.rpm
 1041b835da177f8a23c57fc27b1b950d  2008.1/x86_64/php-pdo_odbc-5.2.5-14.1mdv2008.1.x86_64.rpm
 233b492c194e5c2ea8a57e97c5957280  2008.1/x86_64/php-pdo_pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm
 1dc281eff1f624d93202a664ff415a24  2008.1/x86_64/php-pdo_sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm
 496c4cd0662b01c72ef1d88125a32c28  2008.1/x86_64/php-pgsql-5.2.5-14.1mdv2008.1.x86_64.rpm
 547460ae2e62432fb8469ad6d57927f3  2008.1/x86_64/php-posix-5.2.5-14.1mdv2008.1.x86_64.rpm
 0e4270d3c85e1b08cf28989d5ccc99d7  2008.1/x86_64/php-pspell-5.2.5-14.1mdv2008.1.x86_64.rpm
 0f3d47e68701ffcb9a0161efcc9e8423  2008.1/x86_64/php-readline-5.2.5-14.1mdv2008.1.x86_64.rpm
 c8b466772de1a950054aaad758f1512d  2008.1/x86_64/php-recode-5.2.5-14.1mdv2008.1.x86_64.rpm
 5de0ce9556bbba884cb77b472a4fce45  2008.1/x86_64/php-session-5.2.5-14.1mdv2008.1.x86_64.rpm
 98bcdd66540cf1f4c900b99ae75f2d4c  2008.1/x86_64/php-shmop-5.2.5-14.1mdv2008.1.x86_64.rpm
 d281db526e9ae8f8032bf5982a54ba28  2008.1/x86_64/php-snmp-5.2.5-14.1mdv2008.1.x86_64.rpm
 def9b2719027320b6e03789f05d673f0  2008.1/x86_64/php-soap-5.2.5-14.1mdv2008.1.x86_64.rpm
 7590250ef2892572cbe6713554e8f4b8  2008.1/x86_64/php-sockets-5.2.5-14.1mdv2008.1.x86_64.rpm
 490f258c279227ef5fea6ab8abc19197  2008.1/x86_64/php-sqlite-5.2.5-14.1mdv2008.1.x86_64.rpm
 2111518b9739bb23069cf98914b9065d  2008.1/x86_64/php-sysvmsg-5.2.5-14.1mdv2008.1.x86_64.rpm
 0bda452b910ab8c98ba9fd35cc8f2ac5  2008.1/x86_64/php-sysvsem-5.2.5-14.1mdv2008.1.x86_64.rpm
 8d75772a16f8582c55a4cf44ad28d50c  2008.1/x86_64/php-sysvshm-5.2.5-14.1mdv2008.1.x86_64.rpm
 f6237eba6d016b4c37da619be5411817  2008.1/x86_64/php-tidy-5.2.5-14.1mdv2008.1.x86_64.rpm
 2f4ed9b3fe6521c8ba7b18339c651666  2008.1/x86_64/php-tokenizer-5.2.5-14.1mdv2008.1.x86_64.rpm
 da555a1459c356f1d0ac3d02f33d977a  2008.1/x86_64/php-wddx-5.2.5-14.1mdv2008.1.x86_64.rpm
 c9705d61d3c0ce345a5e7454c76eab6c  2008.1/x86_64/php-xml-5.2.5-14.1mdv2008.1.x86_64.rpm
 5e7ab83900d27a1e250e124640ce5821  2008.1/x86_64/php-xmlreader-5.2.5-14.1mdv2008.1.x86_64.rpm
 3582889fd9e5830a7d6bf703510382f4  2008.1/x86_64/php-xmlrpc-5.2.5-14.1mdv2008.1.x86_64.rpm
 85b704914f5ebb3f25c010e82297dc32  2008.1/x86_64/php-xmlwriter-5.2.5-14.1mdv2008.1.x86_64.rpm
 fbfd8f6863d70fee3781d07a72e33152  2008.1/x86_64/php-xsl-5.2.5-14.1mdv2008.1.x86_64.rpm
 bc8f8000a2d6a9815a153ddeda04dd1d  2008.1/x86_64/php-zlib-5.2.5-14.1mdv2008.1.x86_64.rpm 
 c682f37976c4704d2cfeaa7cd431178b  2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm

2008.1 i586

 a37818e23e89ac2862f4fb4a64e7a208  2008.1/i586/libphp5_common5-5.2.5-14.1mdv2008.1.i586.rpm
 c58445867f86bebdd96e22d4acd38060  2008.1/i586/php-bcmath-5.2.5-14.1mdv2008.1.i586.rpm
 1ebbc55b496fa354029f3ed79d2204f3  2008.1/i586/php-bz2-5.2.5-14.1mdv2008.1.i586.rpm
 94bebca56612a4ec0116f7f5c53da3d0  2008.1/i586/php-calendar-5.2.5-14.1mdv2008.1.i586.rpm
 469701782a3d5b629f43605e0a125afa  2008.1/i586/php-cgi-5.2.5-14.1mdv2008.1.i586.rpm
 39079d351109e89c80cfa916d6c239d6  2008.1/i586/php-cli-5.2.5-14.1mdv2008.1.i586.rpm
 3e71e18a497ac32aa3153cbf801869b9  2008.1/i586/php-ctype-5.2.5-14.1mdv2008.1.i586.rpm
 3cf96d78e7c0baaa470df375f756dbe7  2008.1/i586/php-curl-5.2.5-14.1mdv2008.1.i586.rpm
 9d5ace343f0edceb34080f6168d2de54  2008.1/i586/php-dba-5.2.5-14.1mdv2008.1.i586.rpm
 88a61df3d3e1b08351c3d28d5b1beaa5  2008.1/i586/php-dbase-5.2.5-14.1mdv2008.1.i586.rpm
 e4be850b54e6e823c323df86ddfb9b65  2008.1/i586/php-devel-5.2.5-14.1mdv2008.1.i586.rpm
 e08be6d315e4afb0ee8c7abbae1cca30  2008.1/i586/php-dom-5.2.5-14.1mdv2008.1.i586.rpm
 94732727478ab8954f987dbb4a7516f3  2008.1/i586/php-exif-5.2.5-14.1mdv2008.1.i586.rpm
 aac78c46a893ceff0dd2d17f5acd882f  2008.1/i586/php-fcgi-5.2.5-14.1mdv2008.1.i586.rpm
 8a75ef9557cdf74be9e39c45bed337a0  2008.1/i586/php-filter-5.2.5-14.1mdv2008.1.i586.rpm
 ddf3778405e2bca02267d7c4d2678d4a  2008.1/i586/php-ftp-5.2.5-14.1mdv2008.1.i586.rpm
 e0b1005f29b77a4b210d0470fe83721f  2008.1/i586/php-gd-5.2.5-14.1mdv2008.1.i586.rpm
 c9dec9d8c87d3880c093d9eac2a7511f  2008.1/i586/php-gettext-5.2.5-14.1mdv2008.1.i586.rpm
 e990f3a9fbd10fed38e9538fb74dccb1  2008.1/i586/php-gmp-5.2.5-14.1mdv2008.1.i586.rpm
 e1f22f19e8da5e900989b015ca678cd3  2008.1/i586/php-hash-5.2.5-14.1mdv2008.1.i586.rpm
 d8c0143f37376b50f56647efebb43252  2008.1/i586/php-iconv-5.2.5-14.1mdv2008.1.i586.rpm
 42c7dd288ed5e0cb5fca59bf0f28168f  2008.1/i586/php-imap-5.2.5-14.1mdv2008.1.i586.rpm
 e826965982e300e1bdb3dd39fe41a72f  2008.1/i586/php-json-5.2.5-14.1mdv2008.1.i586.rpm
 8f43b850ee69bab574525bf204296864  2008.1/i586/php-ldap-5.2.5-14.1mdv2008.1.i586.rpm
 716cc4fbb174ed8f8df8d1ff2c5227f4  2008.1/i586/php-mbstring-5.2.5-14.1mdv2008.1.i586.rpm
 c73e47e1c3b5b8bae761bc5705037afd  2008.1/i586/php-mcrypt-5.2.5-14.1mdv2008.1.i586.rpm
 74e4c83ddae2b6104993b61092620bda  2008.1/i586/php-mhash-5.2.5-14.1mdv2008.1.i586.rpm
 720c20e13ebd9507acefad959a0e02d7  2008.1/i586/php-mime_magic-5.2.5-14.1mdv2008.1.i586.rpm
 30c12b2df3ddb506d7ecc430ab4866be  2008.1/i586/php-ming-5.2.5-14.1mdv2008.1.i586.rpm
 32fbce35e02d7b65b0cc2cdbc6d08586  2008.1/i586/php-mssql-5.2.5-14.1mdv2008.1.i586.rpm
 9cf62b9e2ddd9336e6f524a6d90780e7  2008.1/i586/php-mysql-5.2.5-14.1mdv2008.1.i586.rpm
 e522238c50ebcbc6ca91f358be4e1c2e  2008.1/i586/php-mysqli-5.2.5-14.1mdv2008.1.i586.rpm
 1dd4dad359a05f08196abf13221abf20  2008.1/i586/php-ncurses-5.2.5-14.1mdv2008.1.i586.rpm
 7db383a489801c8353894e4b9f7e6512  2008.1/i586/php-odbc-5.2.5-14.1mdv2008.1.i586.rpm
 5f63c09754e30903b4876f2c2a822f6a  2008.1/i586/php-openssl-5.2.5-14.1mdv2008.1.i586.rpm
 4e96480d6769fac868af9566c091b3fc  2008.1/i586/php-pcntl-5.2.5-14.1mdv2008.1.i586.rpm
 0718aa1bffe5e7c91b10f70c7eec68f3  2008.1/i586/php-pdo-5.2.5-14.1mdv2008.1.i586.rpm
 7c0b4674ec56c2a6fe87c7b224e1ccab  2008.1/i586/php-pdo_dblib-5.2.5-14.1mdv2008.1.i586.rpm
 7e3881d1059fb8c1b5986b1852f97696  2008.1/i586/php-pdo_mysql-5.2.5-14.1mdv2008.1.i586.rpm
 0f3d7ede7adf2cae8d0a2735ada5fbc4  2008.1/i586/php-pdo_odbc-5.2.5-14.1mdv2008.1.i586.rpm
 b9dbde00f72ae70b8328441ce041bcac  2008.1/i586/php-pdo_pgsql-5.2.5-14.1mdv2008.1.i586.rpm
 bebde3a51ea7599d4cab973b0d21caed  2008.1/i586/php-pdo_sqlite-5.2.5-14.1mdv2008.1.i586.rpm
 fd9f335c54865f610bb3d5d708fef9bb  2008.1/i586/php-pgsql-5.2.5-14.1mdv2008.1.i586.rpm
 5466493db048f4bed3dc5e3d8b13aed2  2008.1/i586/php-posix-5.2.5-14.1mdv2008.1.i586.rpm
 127092f9644567139b8205269215adbb  2008.1/i586/php-pspell-5.2.5-14.1mdv2008.1.i586.rpm
 1d121691eaa30b2dc6a6704b39d03ce1  2008.1/i586/php-readline-5.2.5-14.1mdv2008.1.i586.rpm
 f9980c14e99ed971263dbe0b4c92ce71  2008.1/i586/php-recode-5.2.5-14.1mdv2008.1.i586.rpm
 c0307d2020f00104e0c4d4043f5e5437  2008.1/i586/php-session-5.2.5-14.1mdv2008.1.i586.rpm
 eada076c0ee76e265288c4ebbb255635  2008.1/i586/php-shmop-5.2.5-14.1mdv2008.1.i586.rpm
 83ccb133b2599af455f477320035c561  2008.1/i586/php-snmp-5.2.5-14.1mdv2008.1.i586.rpm
 e7bb2545d59e14f092557451dfcc160a  2008.1/i586/php-soap-5.2.5-14.1mdv2008.1.i586.rpm
 f2d2d080d7c96c1fc7c8f9b6c33e99b0  2008.1/i586/php-sockets-5.2.5-14.1mdv2008.1.i586.rpm
 bbebe55b2bceb651c326259534a0468d  2008.1/i586/php-sqlite-5.2.5-14.1mdv2008.1.i586.rpm
 3abc11b2e11b6357320e7f7e64369924  2008.1/i586/php-sysvmsg-5.2.5-14.1mdv2008.1.i586.rpm
 5d7fda3b32ac01f36959b567921f7cf2  2008.1/i586/php-sysvsem-5.2.5-14.1mdv2008.1.i586.rpm
 fa966a7d383c29cee238ce0537226c0c  2008.1/i586/php-sysvshm-5.2.5-14.1mdv2008.1.i586.rpm
 60844677bf0322abd1c7beef732bf33b  2008.1/i586/php-tidy-5.2.5-14.1mdv2008.1.i586.rpm
 8c3bce1a573136ab356d1640f1be9fa3  2008.1/i586/php-tokenizer-5.2.5-14.1mdv2008.1.i586.rpm
 74576d184434f0bd36821b5f3963f533  2008.1/i586/php-wddx-5.2.5-14.1mdv2008.1.i586.rpm
 058bfe6e2ba389dae88e3dbdc19fda00  2008.1/i586/php-xml-5.2.5-14.1mdv2008.1.i586.rpm
 8ebd48b983d0a5e68bc6ef81b6698964  2008.1/i586/php-xmlreader-5.2.5-14.1mdv2008.1.i586.rpm
 908064c9dc1ddd6337d5ff4d619fb6c4  2008.1/i586/php-xmlrpc-5.2.5-14.1mdv2008.1.i586.rpm
 a01f3cf2339e062cec8652898791e800  2008.1/i586/php-xmlwriter-5.2.5-14.1mdv2008.1.i586.rpm
 ca7d59d3a9eec66673b71bd56aea8dfe  2008.1/i586/php-xsl-5.2.5-14.1mdv2008.1.i586.rpm
 6616f95893cd6fce078149160fe4399e  2008.1/i586/php-zlib-5.2.5-14.1mdv2008.1.i586.rpm 
 c682f37976c4704d2cfeaa7cd431178b  2008.1/SRPMS/php-5.2.5-14.1mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829