Support / Security / Advisories / Corporate Server 4.0 / MDVSA-2008:082

Package name: php-apc
Date: 2008-04-09
Advisory ID: MDVSA-2008:082
Affected versions: CS4.0 x86_64 , CS4.0 i586

Problem description

Daniel Papasian discovered a stack-based buffer overflow in the
apc_search_paths() function in APC that can be triggered when
processing long filenames. A remote attacker could exploit this
vulnerability to execute arbitrarty code in PHP applications that
pass user-controlled input to the include() function.

The updated packages have been patched to correct these issues.

Updated packages

CS4.0 x86_64

 4d58c491a9cc42cde58f519f35794c8f  corporate/4.0/x86_64/php4-apc-3.0.11-1.1.20060mlcs4.x86_64.rpm
 3f53d18d2c29d88aa7e1c5ccf45d255f  corporate/4.0/x86_64/php4-apc-admin-3.0.11-1.1.20060mlcs4.x86_64.rpm
 468eb332b10101d0051af4696c6b4f6f  corporate/4.0/x86_64/php-apc-3.0.11-2.1.20060mlcs4.x86_64.rpm
 3be0fb797e4eb676d6374a26463e6541  corporate/4.0/x86_64/php-apc-admin-3.0.11-2.1.20060mlcs4.x86_64.rpm 
 90c85cef2bc50c175cad42f80aefd116  corporate/4.0/SRPMS/php4-apc-3.0.11-1.1.20060mlcs4.src.rpm
 90ce6133b0964a41b8b2fd7880af84e0  corporate/4.0/SRPMS/php-apc-3.0.11-2.1.20060mlcs4.src.rpm

CS4.0 i586

 f8a3b00e540d1227a01859a0eb5b8308  corporate/4.0/i586/php4-apc-3.0.11-1.1.20060mlcs4.i586.rpm
 f515e731577e4848c5442a39cfec3bb3  corporate/4.0/i586/php4-apc-admin-3.0.11-1.1.20060mlcs4.i586.rpm
 a3d785f83389bfd7a06e1c7c7ff1e0ba  corporate/4.0/i586/php-apc-3.0.11-2.1.20060mlcs4.i586.rpm
 7dc5b581c14fcca3c6c4bb07b93a0370  corporate/4.0/i586/php-apc-admin-3.0.11-2.1.20060mlcs4.i586.rpm 
 90c85cef2bc50c175cad42f80aefd116  corporate/4.0/SRPMS/php4-apc-3.0.11-1.1.20060mlcs4.src.rpm
 90ce6133b0964a41b8b2fd7880af84e0  corporate/4.0/SRPMS/php-apc-3.0.11-2.1.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1488