MDKSA-2003:082
- Package name
- php
- Date
- 2003-08-04
- Advisory ID
- MDKSA-2003:082
- Affected versions
- 9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586
Problem description
A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442). As well, two vulnerabilities had not been patched in the PHP packages included with Mandrake Linux 8.2: The mail() function did not filter ASCII control filters from its arguments, which could allow an attacker to modify the mail message content (CAN-2002-0986). Another vulnerability in the mail() function would allow a remote attacker to bypass safe mode restrictions and modify the command line arguments passed to the MTA in the fifth argument (CAN-2002-0985). All users are encouraged to upgrade to these patched packages.
Updated packages
9.1 i586
6b619580c7746d6fb7de30e18ccbc8eb 9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm 2257ab6cab4132c3cb3d7194b24f385f 9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm eefa69b71480d00a111e7ad05f74576a 9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm a60a59d10f0450b324f2b1b5562da780 9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm e5e4397440f44a88bec02fc10328c745 9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm
CS2.1 x86_64
5d16fe6239287e468dd75852cb43e6d3 x86_64/corporate/2.1/RPMS/php-4.2.3-4.1mdk.x86_64.rpm d712ce373cd416f7e523dba8b0171ccc x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.x86_64.rpm 51bd73c0704e20fac62d98e2380edb3e x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.x86_64.rpm 06ef571267aaa0a2e614873d888dbb63 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.x86_64.rpm e509b58e93bf56cac67ccc698db40f51 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm
CS2.1 i586
758b1a556caf000d93413eb8c15753c4 corporate/2.1/RPMS/php-4.2.3-4.1mdk.i586.rpm e1d95a181a57c88856f48171fd0d9cff corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.i586.rpm 60e292858ee79c53e429a141253fa388 corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm 5a1f0075209cb38b3fdba3eeaf785e25 corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm e509b58e93bf56cac67ccc698db40f51 corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm
9.0 i586
758b1a556caf000d93413eb8c15753c4 9.0/RPMS/php-4.2.3-4.1mdk.i586.rpm e1d95a181a57c88856f48171fd0d9cff 9.0/RPMS/php-common-4.2.3-4.1mdk.i586.rpm 60e292858ee79c53e429a141253fa388 9.0/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm 5a1f0075209cb38b3fdba3eeaf785e25 9.0/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm e509b58e93bf56cac67ccc698db40f51 9.0/SRPMS/php-4.2.3-4.1mdk.src.rpm
8.2 i586
a7ba8429a705ba764be5be5baa5d8f92 8.2/RPMS/php-4.1.2-1.1mdk.i586.rpm 848bd3bb74b2fa3b24d9a1f05ca651c2 8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm 3b94f6e3e8ba24fa5b71fa93e3d2eb25 8.2/RPMS/php-devel-4.1.2-1.1mdk.i586.rpm 465bdb929c9df6bb156b2910a2a21b98 8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm
MNF8.2 i586
848bd3bb74b2fa3b24d9a1f05ca651c2 mnf8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm 465bdb929c9df6bb156b2910a2a21b98 mnf8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm
9.1 i586
6b619580c7746d6fb7de30e18ccbc8eb ppc/9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm 2257ab6cab4132c3cb3d7194b24f385f ppc/9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm eefa69b71480d00a111e7ad05f74576a ppc/9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm a60a59d10f0450b324f2b1b5562da780 ppc/9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm e5e4397440f44a88bec02fc10328c745 ppc/9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm
8.2 i586
10fd0c4e0d65516654bee858d40b66af ppc/8.2/RPMS/php-4.1.2-1.1mdk.ppc.rpm d3f047831dc4b093eb30b8e343256207 ppc/8.2/RPMS/php-common-4.1.2-1.1mdk.ppc.rpm 96c4e2196b61066b6a57c013265ff612 ppc/8.2/RPMS/php-devel-4.1.2-1.1mdk.ppc.rpm 465bdb929c9df6bb156b2910a2a21b98 ppc/8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm