MDVSA-2009:248

Package name

php

Date

2009-09-25

Advisory ID

MDVSA-2009:248

Affected versions

2009.1 i586 , 2009.1 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in php:

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don't use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.

This update provides a solution to these vulnerabilities.

Updated packages

2009.1 i586

 85e87867b1548801a6c2db93fc18fb9d  2009.1/i586/libphp5_common5-5.2.9-6.2mdv2009.1.i586.rpm
 522dceebef8202cddd695f9962db1f18  2009.1/i586/php-bcmath-5.2.9-6.2mdv2009.1.i586.rpm
 e4f245c0c1f296a7c3adac8daf7125d8  2009.1/i586/php-bz2-5.2.9-6.2mdv2009.1.i586.rpm
 530e87e21a18e61a70d174213e51e3f1  2009.1/i586/php-calendar-5.2.9-6.2mdv2009.1.i586.rpm
 d8075e6ce477d0c2c980696870b7d32c  2009.1/i586/php-cgi-5.2.9-6.2mdv2009.1.i586.rpm
 17bdfb65700ac9515e89104afe26fc7c  2009.1/i586/php-cli-5.2.9-6.2mdv2009.1.i586.rpm
 03719088b010f503a60a9b60d55d268d  2009.1/i586/php-ctype-5.2.9-6.2mdv2009.1.i586.rpm
 4d16e8a053e2c619e9b66ca8ad00394c  2009.1/i586/php-curl-5.2.9-6.2mdv2009.1.i586.rpm
 a229d229ec0c305532a9d522727ca817  2009.1/i586/php-dba-5.2.9-6.2mdv2009.1.i586.rpm
 d3c14dbf23f93d6f3f348f116a26acb1  2009.1/i586/php-dbase-5.2.9-6.2mdv2009.1.i586.rpm
 b449e0fbe5dca4baa1bffac5bcc85e07  2009.1/i586/php-devel-5.2.9-6.2mdv2009.1.i586.rpm
 1dac1b2cc84dfbf9993f2aa26939ffb4  2009.1/i586/php-dom-5.2.9-6.2mdv2009.1.i586.rpm
 1ef14250dc32846e0395a07f4829d52c  2009.1/i586/php-exif-5.2.9-6.2mdv2009.1.i586.rpm
 d066223f07fdf6af0722848d82364348  2009.1/i586/php-fcgi-5.2.9-6.2mdv2009.1.i586.rpm
 aa3d6954c1e78d2653a52ecf16e471ff  2009.1/i586/php-filter-5.2.9-6.2mdv2009.1.i586.rpm
 35d3f28617e885a4e750bcd3a97ecba0  2009.1/i586/php-ftp-5.2.9-6.2mdv2009.1.i586.rpm
 9174368e959c14b7a5addd08d4874017  2009.1/i586/php-gd-5.2.9-6.2mdv2009.1.i586.rpm
 1af200e3d52ea023318a5495d541b1e4  2009.1/i586/php-gettext-5.2.9-6.2mdv2009.1.i586.rpm
 8c491c96a8ece15d5d60aa5aa2ceab0c  2009.1/i586/php-gmp-5.2.9-6.2mdv2009.1.i586.rpm
 ae5c5fcc780bdd07d88cfcd349d30e58  2009.1/i586/php-hash-5.2.9-6.2mdv2009.1.i586.rpm
 2a517cb53a676165d3a4de358c0f148e  2009.1/i586/php-iconv-5.2.9-6.2mdv2009.1.i586.rpm
 1a4c3ab931cd2df5a347170f36c338f7  2009.1/i586/php-imap-5.2.9-6.2mdv2009.1.i586.rpm
 37aba4274ae00ded7e087bbb8605f221  2009.1/i586/php-json-5.2.9-6.2mdv2009.1.i586.rpm
 c10f22cb6dcb0e5016c0535738132065  2009.1/i586/php-ldap-5.2.9-6.2mdv2009.1.i586.rpm
 5ef7cd867bfd5b2c329a3e4723f84247  2009.1/i586/php-mbstring-5.2.9-6.2mdv2009.1.i586.rpm
 3de9ad85e6bad9da2f028bb408e33da7  2009.1/i586/php-mcrypt-5.2.9-6.2mdv2009.1.i586.rpm
 0fc60371b161403a58c02e4f964d4b83  2009.1/i586/php-mhash-5.2.9-6.2mdv2009.1.i586.rpm
 5294173b4191fb03944840c8679967b0  2009.1/i586/php-mime_magic-5.2.9-6.2mdv2009.1.i586.rpm
 9df85b613e24cbd38b74978e4e28301c  2009.1/i586/php-ming-5.2.9-6.2mdv2009.1.i586.rpm
 f2113d23146f1a295579fe6fc012aa1f  2009.1/i586/php-mssql-5.2.9-6.2mdv2009.1.i586.rpm
 3d8b142f6a4b5290623ef5b28395cd36  2009.1/i586/php-mysql-5.2.9-6.2mdv2009.1.i586.rpm
 12e09193a2be5a3dfc960e9def73278f  2009.1/i586/php-mysqli-5.2.9-6.2mdv2009.1.i586.rpm
 1551a51c721087d3b92260d9f585274b  2009.1/i586/php-ncurses-5.2.9-6.2mdv2009.1.i586.rpm
 916f591a0a987ff98c92cde1cc961e5b  2009.1/i586/php-odbc-5.2.9-6.2mdv2009.1.i586.rpm
 7cf7be81f66e25ac0695644785808bfc  2009.1/i586/php-openssl-5.2.9-6.2mdv2009.1.i586.rpm
 f3ba03b40095cc1d08f1a1c725208e80  2009.1/i586/php-pcntl-5.2.9-6.2mdv2009.1.i586.rpm
 9814280eb36dc952fa84195dee51fcb9  2009.1/i586/php-pdo-5.2.9-6.2mdv2009.1.i586.rpm
 6eca042187056998cce3218d29b6fe64  2009.1/i586/php-pdo_dblib-5.2.9-6.2mdv2009.1.i586.rpm
 1db4d26269a9a625e8dd7fce3fb6fac3  2009.1/i586/php-pdo_mysql-5.2.9-6.2mdv2009.1.i586.rpm
 8fb1ec5235174c0f4f2aed4a059820d0  2009.1/i586/php-pdo_odbc-5.2.9-6.2mdv2009.1.i586.rpm
 48cbbd29283af0a26ef08f0a8c43764f  2009.1/i586/php-pdo_pgsql-5.2.9-6.2mdv2009.1.i586.rpm
 52057a39b6523cbdc8c345d55708a726  2009.1/i586/php-pdo_sqlite-5.2.9-6.2mdv2009.1.i586.rpm
 182deb058e30c6231b5e1b6e9c716773  2009.1/i586/php-pgsql-5.2.9-6.2mdv2009.1.i586.rpm
 77a01e22aabdcac128d332a49cdf22c2  2009.1/i586/php-posix-5.2.9-6.2mdv2009.1.i586.rpm
 43a6792914cedc5784a8d632c85906c2  2009.1/i586/php-pspell-5.2.9-6.2mdv2009.1.i586.rpm
 b45752be458fcdc318624aa8ec5b7282  2009.1/i586/php-readline-5.2.9-6.2mdv2009.1.i586.rpm
 69765de70de2a84fe5924e68d176c083  2009.1/i586/php-recode-5.2.9-6.2mdv2009.1.i586.rpm
 b1e80b8432ac9e51c80cdddbb26cd21a  2009.1/i586/php-session-5.2.9-6.2mdv2009.1.i586.rpm
 8562d7ac3ef9ecafbcbedfc5aeb4d4d0  2009.1/i586/php-shmop-5.2.9-6.2mdv2009.1.i586.rpm
 e1613016a170a96713fcf6da6682477a  2009.1/i586/php-snmp-5.2.9-6.2mdv2009.1.i586.rpm
 2e0a5ce706ab444411fc63bfd3e9c8e6  2009.1/i586/php-soap-5.2.9-6.2mdv2009.1.i586.rpm
 d625751f8c8e4abdf1d362142d76c787  2009.1/i586/php-sockets-5.2.9-6.2mdv2009.1.i586.rpm
 36dbb23dee2862046ce74ad84b8dd0fe  2009.1/i586/php-sqlite-5.2.9-6.2mdv2009.1.i586.rpm
 0a50e296bbcb03f1eae5e1842b719fcc  2009.1/i586/php-sybase-5.2.9-6.2mdv2009.1.i586.rpm
 de1659a6aff4c99b63dc8c1164d2fe61  2009.1/i586/php-sysvmsg-5.2.9-6.2mdv2009.1.i586.rpm
 2189b13becc4418b0c298ee139b4f8f2  2009.1/i586/php-sysvsem-5.2.9-6.2mdv2009.1.i586.rpm
 eeeb083fd84b49c50fb6bfb402332dc1  2009.1/i586/php-sysvshm-5.2.9-6.2mdv2009.1.i586.rpm
 99a1a6307e2e25ebd77932496a76efe8  2009.1/i586/php-tidy-5.2.9-6.2mdv2009.1.i586.rpm
 5eb2422032a81fd035ed0a835e264fa2  2009.1/i586/php-tokenizer-5.2.9-6.2mdv2009.1.i586.rpm
 0a372bc1e6df667a9d26c6218ad0a8c6  2009.1/i586/php-wddx-5.2.9-6.2mdv2009.1.i586.rpm
 a0b1cd31b14ab59fd5be536a7e5701c9  2009.1/i586/php-xml-5.2.9-6.2mdv2009.1.i586.rpm
 5046cfd407bfd096fa615ab44f8415a1  2009.1/i586/php-xmlreader-5.2.9-6.2mdv2009.1.i586.rpm
 0b8fd99b5c6de57491d43e9e691b6dcb  2009.1/i586/php-xmlrpc-5.2.9-6.2mdv2009.1.i586.rpm
 58bd68197b5d38eca13d24cad5a50e36  2009.1/i586/php-xmlwriter-5.2.9-6.2mdv2009.1.i586.rpm
 c062198e507c9b17a27eed035ffe1eb5  2009.1/i586/php-xsl-5.2.9-6.2mdv2009.1.i586.rpm
 4d5c7dc89e290ed2366d5bfd33584c56  2009.1/i586/php-zip-5.2.9-6.2mdv2009.1.i586.rpm
 c7c66b802cc467f02b1b88bdc18b5aa5  2009.1/i586/php-zlib-5.2.9-6.2mdv2009.1.i586.rpm 
 14ce077421185006aca3c756375f008b  2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm

2009.1 x86_64

 87161d3c159b4ef92ff2496ccac2df7a  2009.1/x86_64/lib64php5_common5-5.2.9-6.2mdv2009.1.x86_64.rpm
 2cdc374b15af8866d1570ac45adc2d19  2009.1/x86_64/php-bcmath-5.2.9-6.2mdv2009.1.x86_64.rpm
 aa3e358a57c536a98e08862d310b130d  2009.1/x86_64/php-bz2-5.2.9-6.2mdv2009.1.x86_64.rpm
 089b7350d826be1e602c212997ca43aa  2009.1/x86_64/php-calendar-5.2.9-6.2mdv2009.1.x86_64.rpm
 e05cfd39d2acaf7b0c747205afdbafd8  2009.1/x86_64/php-cgi-5.2.9-6.2mdv2009.1.x86_64.rpm
 e52616165bae90bc50434645ae889ba2  2009.1/x86_64/php-cli-5.2.9-6.2mdv2009.1.x86_64.rpm
 02f92d9ccbeed27c68f999a08ae1bb74  2009.1/x86_64/php-ctype-5.2.9-6.2mdv2009.1.x86_64.rpm
 4a4f312fa9c8b47c85346fe43ee280fe  2009.1/x86_64/php-curl-5.2.9-6.2mdv2009.1.x86_64.rpm
 d50ecf0df916ba2b005ed9aef6b7ee00  2009.1/x86_64/php-dba-5.2.9-6.2mdv2009.1.x86_64.rpm
 8bb5fecba66fa1f45818841c2e3119c7  2009.1/x86_64/php-dbase-5.2.9-6.2mdv2009.1.x86_64.rpm
 29e26f8dd9992765b9ab115695d53487  2009.1/x86_64/php-devel-5.2.9-6.2mdv2009.1.x86_64.rpm
 2fbbef91b647b73ecb28a16e0b20c488  2009.1/x86_64/php-dom-5.2.9-6.2mdv2009.1.x86_64.rpm
 963db6b3a197618b2909ff47c03ec93e  2009.1/x86_64/php-exif-5.2.9-6.2mdv2009.1.x86_64.rpm
 46c2a26f74d9a0b05f31f435d2e52d12  2009.1/x86_64/php-fcgi-5.2.9-6.2mdv2009.1.x86_64.rpm
 b7cd04b9c3cda09a22fce1bac23269b3  2009.1/x86_64/php-filter-5.2.9-6.2mdv2009.1.x86_64.rpm
 080bffb0d573549dfedd92580ff9d52d  2009.1/x86_64/php-ftp-5.2.9-6.2mdv2009.1.x86_64.rpm
 0911154fa6039a0afe2a9ed97641171c  2009.1/x86_64/php-gd-5.2.9-6.2mdv2009.1.x86_64.rpm
 dd674b3c6e2a947efd3b7141950461a5  2009.1/x86_64/php-gettext-5.2.9-6.2mdv2009.1.x86_64.rpm
 ed7f7469ea0a25d7ccf3c8cfb1f9e636  2009.1/x86_64/php-gmp-5.2.9-6.2mdv2009.1.x86_64.rpm
 286eaef3b1cc89b4731d56d59ab981a7  2009.1/x86_64/php-hash-5.2.9-6.2mdv2009.1.x86_64.rpm
 3b872a3a221f411ade41c99cb7d51fb8  2009.1/x86_64/php-iconv-5.2.9-6.2mdv2009.1.x86_64.rpm
 0b256ee66d4cbe6c2b4c73c2595edc43  2009.1/x86_64/php-imap-5.2.9-6.2mdv2009.1.x86_64.rpm
 32650ba3e635036500b581778352f584  2009.1/x86_64/php-json-5.2.9-6.2mdv2009.1.x86_64.rpm
 147f7913e5aafa98babee853a95ac8de  2009.1/x86_64/php-ldap-5.2.9-6.2mdv2009.1.x86_64.rpm
 a6ba9f430e1d6d99e082aefed08711da  2009.1/x86_64/php-mbstring-5.2.9-6.2mdv2009.1.x86_64.rpm
 8b2b749896ab0468242362ab350a5865  2009.1/x86_64/php-mcrypt-5.2.9-6.2mdv2009.1.x86_64.rpm
 01ce4ab0320c725e2081f2d79e5969a1  2009.1/x86_64/php-mhash-5.2.9-6.2mdv2009.1.x86_64.rpm
 310b3bc146d06143f0f7d92d7816459d  2009.1/x86_64/php-mime_magic-5.2.9-6.2mdv2009.1.x86_64.rpm
 a860f058befbed412bc8e1112c22eefd  2009.1/x86_64/php-ming-5.2.9-6.2mdv2009.1.x86_64.rpm
 56e0cae3517d53962295eecbaab3119e  2009.1/x86_64/php-mssql-5.2.9-6.2mdv2009.1.x86_64.rpm
 65be7a2aa882dbe0a416319c3fe6b1af  2009.1/x86_64/php-mysql-5.2.9-6.2mdv2009.1.x86_64.rpm
 5f50ead57339280cfc8115483d1b9cb7  2009.1/x86_64/php-mysqli-5.2.9-6.2mdv2009.1.x86_64.rpm
 2960093a83589892d2fce5dfb3d3498b  2009.1/x86_64/php-ncurses-5.2.9-6.2mdv2009.1.x86_64.rpm
 2c933d73b441c02a43739f475cee4ea7  2009.1/x86_64/php-odbc-5.2.9-6.2mdv2009.1.x86_64.rpm
 0eac641892d2cfbf871ea8aa1f2fd2e8  2009.1/x86_64/php-openssl-5.2.9-6.2mdv2009.1.x86_64.rpm
 701c71a52ff7d776e42f8d1bdea592cd  2009.1/x86_64/php-pcntl-5.2.9-6.2mdv2009.1.x86_64.rpm
 632035edb60e13778978ac51bb69c849  2009.1/x86_64/php-pdo-5.2.9-6.2mdv2009.1.x86_64.rpm
 be87405c1568f2b3c6c53eea74c422e6  2009.1/x86_64/php-pdo_dblib-5.2.9-6.2mdv2009.1.x86_64.rpm
 3daf4fd63832ccfbe876c998ab321d3b  2009.1/x86_64/php-pdo_mysql-5.2.9-6.2mdv2009.1.x86_64.rpm
 54b7a7bec908451404f229103a9a5127  2009.1/x86_64/php-pdo_odbc-5.2.9-6.2mdv2009.1.x86_64.rpm
 25ccde4246c6204dfaa769d54eff97a7  2009.1/x86_64/php-pdo_pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm
 44359c40034cc2f19faff6ae6ae9e121  2009.1/x86_64/php-pdo_sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm
 ed77502e3b459fa4ca802a3cdb30f308  2009.1/x86_64/php-pgsql-5.2.9-6.2mdv2009.1.x86_64.rpm
 9fc636d9e9586bc7c21998fad4aee576  2009.1/x86_64/php-posix-5.2.9-6.2mdv2009.1.x86_64.rpm
 7dbcddb6aed8923bd042e1335716e311  2009.1/x86_64/php-pspell-5.2.9-6.2mdv2009.1.x86_64.rpm
 f5fcaac786dfd831d59ea8ad6fc28038  2009.1/x86_64/php-readline-5.2.9-6.2mdv2009.1.x86_64.rpm
 77eac443f9815c6d0ef8e8fd568db4ee  2009.1/x86_64/php-recode-5.2.9-6.2mdv2009.1.x86_64.rpm
 856bf3e9057af8bde882438ad1eee118  2009.1/x86_64/php-session-5.2.9-6.2mdv2009.1.x86_64.rpm
 69cca73c0beddcb52e446d63a73d21e5  2009.1/x86_64/php-shmop-5.2.9-6.2mdv2009.1.x86_64.rpm
 5d8581b3f8e53b8f52da2da0a73884cc  2009.1/x86_64/php-snmp-5.2.9-6.2mdv2009.1.x86_64.rpm
 29ea7403270f17ec5bd30b9112205411  2009.1/x86_64/php-soap-5.2.9-6.2mdv2009.1.x86_64.rpm
 e93c577279cb9cb056bba35e2b186bff  2009.1/x86_64/php-sockets-5.2.9-6.2mdv2009.1.x86_64.rpm
 3bc830edc296be56698d4f13a3ff88e8  2009.1/x86_64/php-sqlite-5.2.9-6.2mdv2009.1.x86_64.rpm
 e121a968ed9ef0973768b780f76f8d32  2009.1/x86_64/php-sybase-5.2.9-6.2mdv2009.1.x86_64.rpm
 fb49c489aee9191893c0938ae9cb8e92  2009.1/x86_64/php-sysvmsg-5.2.9-6.2mdv2009.1.x86_64.rpm
 e9aaeeed090a397dc7c003987429de0b  2009.1/x86_64/php-sysvsem-5.2.9-6.2mdv2009.1.x86_64.rpm
 01f1e4c93d7e6382144f20bb59b2ef70  2009.1/x86_64/php-sysvshm-5.2.9-6.2mdv2009.1.x86_64.rpm
 6267e5a98a49282341ea3dc179924d5e  2009.1/x86_64/php-tidy-5.2.9-6.2mdv2009.1.x86_64.rpm
 92acb690eb21aa10409c84ff68eef490  2009.1/x86_64/php-tokenizer-5.2.9-6.2mdv2009.1.x86_64.rpm
 4525cab46df252d7599cefa4627ab0c3  2009.1/x86_64/php-wddx-5.2.9-6.2mdv2009.1.x86_64.rpm
 3ba5b1bec63ba7291223826530f33e7b  2009.1/x86_64/php-xml-5.2.9-6.2mdv2009.1.x86_64.rpm
 22731636ce30cf7913ca761d46730159  2009.1/x86_64/php-xmlreader-5.2.9-6.2mdv2009.1.x86_64.rpm
 d247b289eb6f6e88cfe17c2e7013a569  2009.1/x86_64/php-xmlrpc-5.2.9-6.2mdv2009.1.x86_64.rpm
 0a00ebcb1987da46f68dc21dc007cad9  2009.1/x86_64/php-xmlwriter-5.2.9-6.2mdv2009.1.x86_64.rpm
 fad982207327d8e636c6f691e842755b  2009.1/x86_64/php-xsl-5.2.9-6.2mdv2009.1.x86_64.rpm
 bbda8f6739f36ba02e858840c5070a75  2009.1/x86_64/php-zip-5.2.9-6.2mdv2009.1.x86_64.rpm
 d40567ee2da7a95b876bff21b748ca3e  2009.1/x86_64/php-zlib-5.2.9-6.2mdv2009.1.x86_64.rpm 
 14ce077421185006aca3c756375f008b  2009.1/SRPMS/php-5.2.9-6.2mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291