MDKSA-2006:074

Nom du paquet

php

Date

2006-04-24

Advisory ID

MDKSA-2006:074

Affected versions

MNF2.0 i586 , 2006.0 i586 , 10.2 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.2 x86_64 , 2006.0 x86_64

Problem description

A cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP
<= 5.1.2 allows remote attackers to inject arbitrary web script or HTML
via long array variables, including (1) a large number of dimensions
or (2) long values, which prevents HTML tags from being removed.
(CVE-2006-0996)

Directory traversal vulnerability in file.c in PHP <= 5.1.2 allows
local users to bypass open_basedir restrictions and allows remote
attackers to create files in arbitrary directories via the tempnam
function. (CVE-2006-1494)

The copy function in file.c in PHP <= 5.1.2 allows local users to
bypass safe mode and read arbitrary files via a source argument
containing a compress.zlib:// URI. (CVE-2006-1608)

Updated packages have been patched to address these issues. After
upgrading these packages, please run "service httpd restart".

Updated packages

MNF2.0 i586

 47733a5fa2b3ea413a53ce000a0bbc73  mnf/2.0/RPMS/libphp_common432-4.3.4-4.15.M20mdk.i586.rpm
 9f6cdbe97597ba858c202937cc0e2999  mnf/2.0/RPMS/php432-devel-4.3.4-4.15.M20mdk.i586.rpm
 181a9b0a5673f83096dddadc07a3324d  mnf/2.0/RPMS/php-cgi-4.3.4-4.15.M20mdk.i586.rpm
 08928ad43dccf63184d0cb9b7090a2a6  mnf/2.0/RPMS/php-cli-4.3.4-4.15.M20mdk.i586.rpm
 47295c4db3710a956c489848f253ada7  mnf/2.0/SRPMS/php-4.3.4-4.15.M20mdk.src.rpm

2006.0 i586

 f9f92f293c9a66facd9df8d387aff8a4  2006.0/RPMS/libphp5_common5-5.0.4-9.7.20060mdk.i586.rpm
 7e9966dbcae985dc1a96d504a0f62608  2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.i586.rpm
 5986088bc45b33a07cfa9040728eda4b  2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.i586.rpm
 cb71d5ed6ce66a8cb8bb6eb606f41c18  2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.i586.rpm
 35a8f28a1bf837da8c4cd4c7ccfbabf0  2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.i586.rpm
 4ed1817971b580bf5158ba8c7849942a  2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

10.2 i586

 6cb691aa48c2296c57f3d65d2724f7d3  10.2/RPMS/libphp_common432-4.3.10-7.11.102mdk.i586.rpm
 6c72033c47da9a215e7d9d5818bd8a4c  10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.i586.rpm
 2d3b41503d65dbb63afd816b82dcc4c0  10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.i586.rpm
 23dff1292b45e3019cfcff624988c1bf  10.2/RPMS/php-cli-4.3.10-7.11.102mdk.i586.rpm
 80ea8ca3381b02fe700184e2f4996a01  10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

CS3.0 x86_64

 9569da02e4cd1d854cdbad8dcf91003a  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.15.C30mdk.x86_64.rpm
 476b548c9d342dac9a5a3bb230f17f33  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.x86_64.rpm
 dffb56720790f00ed138e9b66a4f9145  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.x86_64.rpm
 6549890f5a9d15a721ced4ff8991149b  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.x86_64.rpm
 1a9f953f763ea289713cc8b456cde484  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

CS3.0 i586

 9465ef267ccc97c3bdb93ac1c01d4e1f  corporate/3.0/RPMS/libphp_common432-4.3.4-4.15.C30mdk.i586.rpm
 b93cf0957bafbe7b8fd09e389e213bd7  corporate/3.0/RPMS/php432-devel-4.3.4-4.15.C30mdk.i586.rpm
 5c804ad53a5465611daf49e1a086f0e1  corporate/3.0/RPMS/php-cgi-4.3.4-4.15.C30mdk.i586.rpm
 b14c50b9c0f43f187db405cc8f55cd08  corporate/3.0/RPMS/php-cli-4.3.4-4.15.C30mdk.i586.rpm
 1a9f953f763ea289713cc8b456cde484  corporate/3.0/SRPMS/php-4.3.4-4.15.C30mdk.src.rpm

10.2 x86_64

 b0aa527c34e84bd561028bc7be2f15f3  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.11.102mdk.x86_64.rpm
 99908ebcd99ad6fd6743dfcc7bc8f0bb  x86_64/10.2/RPMS/php432-devel-4.3.10-7.11.102mdk.x86_64.rpm
 1bd9fe999525590c0349daf67f091120  x86_64/10.2/RPMS/php-cgi-4.3.10-7.11.102mdk.x86_64.rpm
 96c4cc779c0b95b9d657c7a22ce25a6c  x86_64/10.2/RPMS/php-cli-4.3.10-7.11.102mdk.x86_64.rpm
 80ea8ca3381b02fe700184e2f4996a01  x86_64/10.2/SRPMS/php-4.3.10-7.11.102mdk.src.rpm

2006.0 x86_64

 12034267cfa851d3cd1790147fe33a33  x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.7.20060mdk.x86_64.rpm
 71fa67fd6f623cca6bef276f8698966c  x86_64/2006.0/RPMS/php-cgi-5.0.4-9.7.20060mdk.x86_64.rpm
 a5ae41e39b78f723e5c008f42cd94713  x86_64/2006.0/RPMS/php-cli-5.0.4-9.7.20060mdk.x86_64.rpm
 26d888c996a63a6f30f1158f1f262ac5  x86_64/2006.0/RPMS/php-devel-5.0.4-9.7.20060mdk.x86_64.rpm
 7bffe3e550178279eb0cf86a63135ed8  x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.7.20060mdk.x86_64.rpm
 4ed1817971b580bf5158ba8c7849942a  x86_64/2006.0/SRPMS/php-5.0.4-9.7.20060mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1608