Support / Security / Advisories / Mandrakelinux 9.2 / MDKSA-2002:017

Package name: php
Date: 2002-02-28
Advisory ID: MDKSA-2002:017
Affected versions: 8.1 i586 , SNF7.2 i586 , CS1.0 i586 , 8.1 i586 , 8.0 i586 , 8.0 i586 , 7.1 i586 , 7.2 i586

Problem description

Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP.

Updated packages

8.1 i586

 d126433068216b59801123022982925d  ia64/8.1/RPMS/php-4.0.6-5.5mdk.ia64.rpm
cb8c57101d1768c528fa8956fd85f9b9  ia64/8.1/RPMS/php-common-4.0.6-5.5mdk.ia64.rpm
a677dae70eafeda055c2b30058c377a5  ia64/8.1/RPMS/php-devel-4.0.6-5.5mdk.ia64.rpm
f33a409f14e64efe14db7e2fa331555f  ia64/8.1/SRPMS/php-4.0.6-5.5mdk.src.rpm

SNF7.2 i586

 bb60af11bb73bf465c17e6288159d2a7  snf7.2/RPMS/mod_php-4.0.4pl1-4.2mdk.i586.rpm
a93e9cf9b204ec50af6f4690e52d3946  snf7.2/RPMS/php-4.0.4pl1-4.2mdk.i586.rpm
2accc4c98e6b9c7dacc5591b227a10c0  snf7.2/RPMS/php-gd-4.0.4pl1-4.2mdk.i586.rpm
8691c37e9b69f2a4b6bea2d050380c30  snf7.2/SRPMS/php-4.0.4pl1-4.2mdk.src.rpm

CS1.0 i586

 b467bf615e96ff6f19441fb76c31e66e  1.0.1/RPMS/php-4.0.6-5.8mdk.i586.rpm
9c94c50c3f0a417612070d907ac3913a  1.0.1/RPMS/php-common-4.0.6-5.8mdk.i586.rpm
b6d1c7eee93643970e912a0068ea108e  1.0.1/RPMS/php-devel-4.0.6-5.8mdk.i586.rpm
d0db071e71527246c027d858627bd79a  1.0.1/SRPMS/php-4.0.6-5.8mdk.src.rpm

8.1 i586

 a6908e6f35d2940ed79f3c80c2891b12  8.1/RPMS/php-4.0.6-5.5mdk.i586.rpm
00f6eb55d1cedd253ca191aeb77ccda7  8.1/RPMS/php-common-4.0.6-5.5mdk.i586.rpm
faeb0148322ff3bb0b6691fc9accdfc5  8.1/RPMS/php-devel-4.0.6-5.5mdk.i586.rpm
f33a409f14e64efe14db7e2fa331555f  8.1/SRPMS/php-4.0.6-5.5mdk.src.rpm

8.0 i586

 40692c18d192b6590f9515490e1ba5ff  8.0/RPMS/php-4.0.6-5.6mdk.i586.rpm
5519419aaf2e801c73b6d544dd1dab13  8.0/RPMS/php-common-4.0.6-5.6mdk.i586.rpm
4405dfea6e9004e418c0d3bf46e5c3b3  8.0/RPMS/php-devel-4.0.6-5.6mdk.i586.rpm
27d88658bd8b9b55ade2c5865caf21b7  8.0/SRPMS/php-4.0.6-5.6mdk.src.rpm

8.0 i586

 ad1d2fb5fa7a4f5ef24cb972090c2e58  ppc/8.0/RPMS/php-4.0.6-5.6mdk.ppc.rpm
46b21874e5927b6df63597aaf0fd98a2  ppc/8.0/RPMS/php-common-4.0.6-5.6mdk.ppc.rpm
e45f1e5aba41d580dbeba24ad24a154c  ppc/8.0/RPMS/php-devel-4.0.6-5.6mdk.ppc.rpm
27d88658bd8b9b55ade2c5865caf21b7  ppc/8.0/SRPMS/php-4.0.6-5.6mdk.src.rpm

7.1 i586

 b467bf615e96ff6f19441fb76c31e66e  7.1/RPMS/php-4.0.6-5.8mdk.i586.rpm
9c94c50c3f0a417612070d907ac3913a  7.1/RPMS/php-common-4.0.6-5.8mdk.i586.rpm
b6d1c7eee93643970e912a0068ea108e  7.1/RPMS/php-devel-4.0.6-5.8mdk.i586.rpm
d0db071e71527246c027d858627bd79a  7.1/SRPMS/php-4.0.6-5.8mdk.src.rpm

7.2 i586

 f2551aaca5328f7ec9cd3acff45bd0ef  7.2/RPMS/php-4.0.6-5.7mdk.i586.rpm
3b48cebd7b87ab6d44140db24bca3677  7.2/RPMS/php-common-4.0.6-5.7mdk.i586.rpm
97c976cbfc17a8858943522fb9a61cd8  7.2/RPMS/php-devel-4.0.6-5.7mdk.i586.rpm
8eb30f21520e5450271eef6cb81b9fd6  7.2/SRPMS/php-4.0.6-5.7mdk.src.rpm

References

http://security.e-matters.de/advisories/012002.html