|
|
| Problem Description |
A vulnerability was discovered by GulfTech Security in the PHP XML RPC
project. This vulnerability is considered critical and can lead to
remote code execution. The vulnerability also exists in the PEAR
XMLRPC implementation.
Mandriva ships with the PEAR XMLRPC implementation and it has been
patched to correct this problem. It is advised that users examine the
PHP applications they have installed on their servers for any
applications that may come bundled with their own copies of the PEAR
system and either patch RPC.php or use the system PEAR (found in
/usr/share/pear).
Updates have been released for some popular PHP applications such
as WordPress and Serendipity and users are urged to take all
precautions to protect their systems from attack and/or defacement by
upgrading their applications from the authors of the respective
applications.
| Updated Packages |
Mandrakelinux 10.0
38955856a2689f10db9f9f5ca734392c 10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm 18695b853e1aba539da2c68a6d574a4b 10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm
Mandrakelinux 10.0/AMD64
9de5b21dc478563f5277f9157b98c49f amd64/10.0/RPMS/php-pear-4.3.4-3.1.100mdk.noarch.rpm 18695b853e1aba539da2c68a6d574a4b amd64/10.0/SRPMS/php-pear-4.3.4-3.1.100mdk.src.rpm
Mandrakelinux 10.1
d48b2e73f6f1ec0366498014a484f328 10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm 20c91279fa70d68d9e51587980cd262d 10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
dba6b07d89653e4596220cf93a3fed73 x86_64/10.1/RPMS/php-pear-4.3.8-1.1.101mdk.noarch.rpm 20c91279fa70d68d9e51587980cd262d x86_64/10.1/SRPMS/php-pear-4.3.8-1.1.101mdk.src.rpm
Corporate Server 3.0
ac0ffe7efc09f7718461fa81a9ac5864 corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm 1cf934b41b88c63614f4e4d623da479b corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm
Corporate Server 3.0/X86_64
3b4eea612865d6aeb242299c390f2fe9 x86_64/corporate/3.0/RPMS/php-pear-4.3.4-3.1.C30mdk.noarch.rpm 1cf934b41b88c63614f4e4d623da479b x86_64/corporate/3.0/SRPMS/php-pear-4.3.4-3.1.C30mdk.src.rpm
Mandriva Linux LE2005
4734a42ea347a8f3ad42f2ebbde56f22 10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm b564c4dce014d6c3968ef0544effe318 10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
c3349adf16855ee536cbd01077f087e5 x86_64/10.2/RPMS/php-pear-4.3.10-3.1.102mdk.noarch.rpm b564c4dce014d6c3968ef0544effe318 x86_64/10.2/SRPMS/php-pear-4.3.10-3.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
http://www.hardened-php.net/advisory-022005.php
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.