Support / Sécurité / Annonces de sécurité / Multi Network Firewall 2.0 / MDKSA-2005:152

Nom du paquet: php
Date: 2005-08-25
Advisory ID: MDKSA-2005:152
Affected versions: MNF2.0 i586 , 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem.

Updated packages

MNF2.0 i586

 9512ea70132f3edb788c48a4d3ac7e34  mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
5df5f70c8470ece4238d11f0cb213fb0  mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
c1c3eae72209c6742cbaa204fe1174d4  mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

10.2 x86_64

 df8091c501dc846ee06d91843bb5bb01  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm
d6ed3306dbdf94e2d9a9331e787082c6  x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
9fae82418ec0cb926515a401563cd6f6  x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
0a966fc75dfeba6697907a9d85365521  x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
8e6141b81f2a0852338915b5b5f78f43  x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

CS2.1 x86_64

 734b15eebd17d63cef3e3a7f042c9fb1  x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
d3c6941f8c98f4e868e5b9b2366e8886  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm
8eed243db07e3b87186598d050dcee8b  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
839e1b9811714d35ce87b6d7bdd4a326  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
0b15baacbb3243b46143fd041a8dd8f4  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

10.0 amd64

 fd1a6e1293506461a19e5cc80d90eecb  amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
f9374c5b4339d568fe6e05bfb17b81f7  amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
0f811ea9666a35feaeb3176bef2145e4  amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
5cc1e89e7e2d2474d4249713855ab1b1  amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
a0a2f9a9e8241a515cf2b548beae4cb7  amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

10.2 i586

 586822538c1277d23958c0ccc7ca5f5b  10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
eda7407c1646e614949886cc0779c317  10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
cc5883ec909c52dd3c8eafd069bfefad  10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
7ba1ae1b35dcae80c87e934f7942ba4b  10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
8e6141b81f2a0852338915b5b5f78f43  10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

10.1 i586

 696d96819a573db2fc9ef77018a1cd5a  10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
cd75f36ce70b59b1e7d89ec17e939c01  10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
190fb5d7390f421ab639f086b0d4b830  10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
92d72f61dba2582098b490790d1dd759  10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
7c1fd0570af6566a47ef240e072757e3  10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

10.0 i586

 eb0e368698b2fda5305b91ab1db8454b  10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
1816cfcc76d579e46733d572b9419fce  10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
44eccf95b5ea20a7980bc57193fd4207  10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
a69cc3baef9baa683242e30f6011f8e2  10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
a0a2f9a9e8241a515cf2b548beae4cb7  10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

CS3.0 x86_64

 de5bbf1a212dda1610ba9cb39429ee03  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm
bb62cee7751251be364cb9a42467066b  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
28a83cd6fdf175ea0e7f0907b708acd4  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
91d3df83d21e58d339ac5f84e97b7386  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm
d29855cc6df3d29b38eba206acf7c1d2  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

CS3.0 i586

 0058c2f1310f1d9d96699565d285a9f2  corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
6d8a5bad11aa6891a21ed9ad3da4dc45  corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
12c74a0af4df6572420c5ba18881cc3c  corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
e1e8b213071496d8bcd20d8c54288b4a  corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
d29855cc6df3d29b38eba206acf7c1d2  corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

CS2.1 i586

 20e4fe9664591d97bd7e87bce7abf8a1  corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
b5c53e71a69a7d8812bb2871cef26aaf  corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
483f7f2db9ec6d49e29ba7c4488996ee  corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
1b3cbc4961e4ef50c6304d6a8f03cd0a  corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
0b15baacbb3243b46143fd041a8dd8f4  corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

10.1 x86_64

 497261e30c8f34eeb074273dff2e51cd  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
08f0ba426c68ae93549dc9617aec9fa7  x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
beb9dfc3eabafd3491f3996f339b89a7  x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
3b9dfd200b756098165f7df0381e4fbd  x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
7c1fd0570af6566a47ef240e072757e3  x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491