MDVSA-2009:024
- Package name
- php4
- Date
- 2009-01-21
- Advisory ID
- MDVSA-2009:024
- Affected versions
- CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586
Problem description
A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).
A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
arbitrary code via the delimiter argument to the explode() function
(CVE-2008-3659).
PHP, when used as a FastCGI module, allowed remote attackers to cause
a denial of service (crash) via a request with multiple dots preceding
the extension (CVE-2008-3660).
The updated packages have been patched to correct these issues.
Updated packages
CS3.0 i586
acf26c8efc90342d906e59c0444bd46a corporate/3.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm f7cf98731681e6af45aca3dd2246c0f7 corporate/3.0/i586/php432-devel-4.3.4-4.29.C30mdk.i586.rpm 8f8d00fa42b95a28e77d600d081c95d9 corporate/3.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm d6b96c7cf8d6416ec3d8bb111c4440da corporate/3.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm 57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
CS4.0 x86_64
60d3900495dd46161a6ba20fdbdfdd7d corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.9.20060mlcs4.x86_64.rpm 60e039c9d60030616e4f05c81ea29455 corporate/4.0/x86_64/php4-cgi-4.4.4-1.9.20060mlcs4.x86_64.rpm f8e9e9faf82d8edbe2d9bf88572f2311 corporate/4.0/x86_64/php4-cli-4.4.4-1.9.20060mlcs4.x86_64.rpm 5561a9c77979daf567d1acffc73d4918 corporate/4.0/x86_64/php4-devel-4.4.4-1.9.20060mlcs4.x86_64.rpm dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm
MNF2.0 i586
0183137a3353b21a77e147b745d21ec4 mnf/2.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm 1173011f1e24f85619f78966b1533e11 mnf/2.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm b726b9c13b620a12c5e8603c197d76c9 mnf/2.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm 87805cd270bffde644fee3ec29ecfd54 mnf/2.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
CS3.0 x86_64
8164e4bfb1a7ffb5fd1bca2afcaef9ef corporate/3.0/x86_64/lib64php_common432-4.3.4-4.29.C30mdk.x86_64.rpm 625a98ec0ec42052ffbb9da5f8b9caca corporate/3.0/x86_64/php432-devel-4.3.4-4.29.C30mdk.x86_64.rpm 5b3143860009e7cf82f323e45f575324 corporate/3.0/x86_64/php-cgi-4.3.4-4.29.C30mdk.x86_64.rpm 48bff6270d231dffc8a5fbfbe0d1630e corporate/3.0/x86_64/php-cli-4.3.4-4.29.C30mdk.x86_64.rpm 57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
CS4.0 i586
828884555043ebbf5af7d91d8a6401ad corporate/4.0/i586/libphp4_common4-4.4.4-1.9.20060mlcs4.i586.rpm ac0b8ea0e61fdda9e8716fde02f25100 corporate/4.0/i586/php4-cgi-4.4.4-1.9.20060mlcs4.i586.rpm 19eddb6987778bee19f9978cc59cb54b corporate/4.0/i586/php4-cli-4.4.4-1.9.20060mlcs4.i586.rpm 4ea6bb54f1ea066cd6ee29d894d9a0fd corporate/4.0/i586/php4-devel-4.4.4-1.9.20060mlcs4.i586.rpm dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm