MDKSA-2007:087

Nom du paquet

php

Date

2007-04-18

Advisory ID

MDKSA-2007:087

Affected versions

CS3.0 i586 , MNF2.0 i586 , CS3.0 x86_64

Problem description

A heap-based buffer overflow vulnerability was found in PHP's gd
extension. A script that could be forced to process WBMP images
from an untrusted source could result in arbitrary code execution
(CVE-2007-1001).

A DoS flaw was found in how PHP processed a deeply nested array.
A remote attacker could cause the PHP intrerpreter to creash
by submitting an input variable with a deeply nested array
(CVE-2007-1285).

A vulnerability was discovered in the way PHP's unserialize() function
processed data. A remote attacker able to pass arbitrary data to
PHP's unserialize() function could possibly execute arbitrary code
as the apache user (CVE-2007-1286).

A double-free flaw was found in the session_decode() function that
could allow a remote attacker to potentially execute arbitrary code
as the apache user if they are able to pass arbitrary data to PHP's
session_decode() function (CVE-2007-1711).

A vulnerability in how PHP's mail() function processed header data was
discovered. If a script sent mail using a subject header containing
a string from an untrusted source, a remote attacker could send bulk
email to unintended recipients (CVE-2007-1718).

Updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 2b15b0bc22742758bb62fcd320180106  corporate/3.0/i586/libphp_common432-4.3.4-4.25.C30mdk.i586.rpm
 fe5339f7b2da384dfde700c20c501aab  corporate/3.0/i586/php-cgi-4.3.4-4.25.C30mdk.i586.rpm
 110991ac64c73f0b2febc7f67a9f0144  corporate/3.0/i586/php-cli-4.3.4-4.25.C30mdk.i586.rpm
 adc9ea974665abe40372bbf762ecf61a  corporate/3.0/i586/php-gd-4.3.4-1.6.C30mdk.i586.rpm
 eb068f34f5c376dc7a1dc0ea29501a1f  corporate/3.0/i586/php432-devel-4.3.4-4.25.C30mdk.i586.rpm 
 526b4e2d8afee42eb1f3d125ee2aba87  corporate/3.0/SRPMS/php-4.3.4-4.25.C30mdk.src.rpm
 607997f818ac53d2af7c8fcaef7a0171  corporate/3.0/SRPMS/php-gd-4.3.4-1.6.C30mdk.src.rpm

MNF2.0 i586

 5b7e1a1db6250ff6407e2bdb72012e1f  mnf/2.0/i586/libphp_common432-4.3.4-4.25.M20mdk.i586.rpm
 ab13e78a0c41f9dc32e92d4ea003807d  mnf/2.0/i586/php-cgi-4.3.4-4.25.M20mdk.i586.rpm
 513eb7fdff9ed48249f35fdf0d49507e  mnf/2.0/i586/php-cli-4.3.4-4.25.M20mdk.i586.rpm
 04a3bf4b56d20b26103cf28c49c1c4a3  mnf/2.0/i586/php-gd-4.3.4-1.6.M20mdk.i586.rpm
 0f72994f611b8be41fb944616b07e53b  mnf/2.0/i586/php432-devel-4.3.4-4.25.M20mdk.i586.rpm 
 2da2bb6ebf427fce22912e37448b5dd8  mnf/2.0/SRPMS/php-4.3.4-4.25.M20mdk.src.rpm
 50a5b40d98a9394cf0093751aaa47877  mnf/2.0/SRPMS/php-gd-4.3.4-1.6.M20mdk.src.rpm

CS3.0 x86_64

 db3c2959f962b81805c8619efb297b9d  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.25.C30mdk.x86_64.rpm
 d97ed23384c43d388c93cb978d414e68  corporate/3.0/x86_64/php-cgi-4.3.4-4.25.C30mdk.x86_64.rpm
 dfac457ee4b81a5d54ad6f343809a241  corporate/3.0/x86_64/php-cli-4.3.4-4.25.C30mdk.x86_64.rpm
 da07d371618eaf195a2d88721355a3d6  corporate/3.0/x86_64/php-gd-4.3.4-1.6.C30mdk.x86_64.rpm
 efbf7920f6ed9595aa9c55e42e1a72ce  corporate/3.0/x86_64/php432-devel-4.3.4-4.25.C30mdk.x86_64.rpm 
 526b4e2d8afee42eb1f3d125ee2aba87  corporate/3.0/SRPMS/php-4.3.4-4.25.C30mdk.src.rpm
 607997f818ac53d2af7c8fcaef7a0171  corporate/3.0/SRPMS/php-gd-4.3.4-1.6.C30mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718