Package name
php
Date
2009-11-29
Advisory ID
MDVSA-2009:305
Affected versions
CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586

Problem description

Some vulnerabilities were discovered and corrected in php:

PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of temporary files created when handling a multipart/form-data POST
request, which allows remote attackers to cause a denial of service
(resource exhaustion), and makes it easier for remote attackers to
exploit local file inclusion vulnerabilities, via multiple requests,
related to lack of support for the max_file_uploads directive
(CVE-2009-4017).

The updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 fdef0aab5f09878e3699418b72c214cd  corporate/3.0/i586/libphp_common432-4.3.4-4.32.C30mdk.i586.rpm
 5dd573cc5ce44c2aeea4c4b074d5dc0d  corporate/3.0/i586/php432-devel-4.3.4-4.32.C30mdk.i586.rpm
 c10153c08511a060cb0bd1fe62650244  corporate/3.0/i586/php-cgi-4.3.4-4.32.C30mdk.i586.rpm
 dcf1106af7e2d85b3c97dfdcd1a389ff  corporate/3.0/i586/php-cli-4.3.4-4.32.C30mdk.i586.rpm
 31b7c19d5cc24d569f931a66dd189743  corporate/3.0/i586/php-ini-4.3.4-1.2.C30mdk.noarch.rpm 
 0edbc33999f0c3ea89274979bfaa1383  corporate/3.0/SRPMS/php-4.3.4-4.32.C30mdk.src.rpm
 0f7d5371e221c065dae5df633a25b2bf  corporate/3.0/SRPMS/php-ini-4.3.4-1.2.C30mdk.src.rpm

CS4.0 x86_64

 3673367f2065655c6c6956d46fe5cb40  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.13.20060mlcs4.x86_64.rpm
 5d8073b77022027ae52807d9e6fa9ad0  corporate/4.0/x86_64/php4-cgi-4.4.4-1.13.20060mlcs4.x86_64.rpm
 1b2fbdce98301d27f728291582fe1bb5  corporate/4.0/x86_64/php4-cli-4.4.4-1.13.20060mlcs4.x86_64.rpm
 e63603fce6cd743e24a9daaea57e4158  corporate/4.0/x86_64/php4-devel-4.4.4-1.13.20060mlcs4.x86_64.rpm
 0ebb3a50cac9be78aa58f70878172b37  corporate/4.0/x86_64/php4-ini-4.4.4-1.1.20060mlcs4.x86_64.rpm 
 24e1c9f9f2e18c9bd499b091b612451f  corporate/4.0/SRPMS/php4-4.4.4-1.13.20060mlcs4.src.rpm
 fc6ddef80946eab5c104d93c137cce6f  corporate/4.0/SRPMS/php4-ini-4.4.4-1.1.20060mlcs4.src.rpm

MNF2.0 i586

 6d6ab3c75e122369a08072660fb34193  mnf/2.0/i586/libphp_common432-4.3.4-4.32.C30mdk.i586.rpm
 d041d4fa041a72d09df0553db43ec372  mnf/2.0/i586/php432-devel-4.3.4-4.32.C30mdk.i586.rpm
 6a549283056c664f895f8d3891667ff9  mnf/2.0/i586/php-cgi-4.3.4-4.32.C30mdk.i586.rpm
 c20be6cce583ade37d6303b3e75d1c11  mnf/2.0/i586/php-cli-4.3.4-4.32.C30mdk.i586.rpm
 d618ae651d9d6d7df2edcd6c0d8f09fc  mnf/2.0/i586/php-ini-4.3.4-1.2.C30mdk.noarch.rpm 
 b583bb5e05e00e921d269e9fb57d0810  mnf/2.0/SRPMS/php-4.3.4-4.32.C30mdk.src.rpm
 4bf37a9915cbafa029ad42d812a91937  mnf/2.0/SRPMS/php-ini-4.3.4-1.2.C30mdk.src.rpm

CS3.0 x86_64

 57331f796957a2cdaf17ec1b7058893f  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.32.C30mdk.x86_64.rpm
 9f081fb2c3760702dd20edec39542b68  corporate/3.0/x86_64/php432-devel-4.3.4-4.32.C30mdk.x86_64.rpm
 e200e5a2f2c3f295d00f9af87b925f7b  corporate/3.0/x86_64/php-cgi-4.3.4-4.32.C30mdk.x86_64.rpm
 c5bd292c2bb5a8dcaa00f6f7494f827f  corporate/3.0/x86_64/php-cli-4.3.4-4.32.C30mdk.x86_64.rpm
 779611f1322a1c525eca29fbddd4d31a  corporate/3.0/x86_64/php-ini-4.3.4-1.2.C30mdk.noarch.rpm 
 0edbc33999f0c3ea89274979bfaa1383  corporate/3.0/SRPMS/php-4.3.4-4.32.C30mdk.src.rpm
 0f7d5371e221c065dae5df633a25b2bf  corporate/3.0/SRPMS/php-ini-4.3.4-1.2.C30mdk.src.rpm

CS4.0 i586

 579acf668145864e21610ff1614faee1  corporate/4.0/i586/libphp4_common4-4.4.4-1.13.20060mlcs4.i586.rpm
 79d3fb035f70c7d9360c5458788aec8a  corporate/4.0/i586/php4-cgi-4.4.4-1.13.20060mlcs4.i586.rpm
 54c94e3ca4521a6aef4d2273eb9ef140  corporate/4.0/i586/php4-cli-4.4.4-1.13.20060mlcs4.i586.rpm
 2e014106d72fc661ccd430a5fc36e2ea  corporate/4.0/i586/php4-devel-4.4.4-1.13.20060mlcs4.i586.rpm
 4ba5982c7b2de7e64d84d9f9a72b187b  corporate/4.0/i586/php4-ini-4.4.4-1.1.20060mlcs4.i586.rpm 
 24e1c9f9f2e18c9bd499b091b612451f  corporate/4.0/SRPMS/php4-4.4.4-1.13.20060mlcs4.src.rpm
 fc6ddef80946eab5c104d93c137cce6f  corporate/4.0/SRPMS/php4-ini-4.4.4-1.1.20060mlcs4.src.rpm

References