|
|
| Problem Description |
Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).
The updated packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 3.0
60cb1523549183eae75f173db44ce2d7 corporate/3.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm 4ba8abbdc22274e036ea6f7ae4909316 corporate/3.0/i586/php432-devel-4.3.4-4.28.C30mdk.i586.rpm 1f3277efa994d0e978704b0e1ef81cee corporate/3.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm ed7c11b9e615d50c2626cc8651b2aecb corporate/3.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm 8969b7bbe0a389d9c17073a4734afe67 corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
Corporate Server 3.0/X86_64
fae5232b68c4347ea4ab1f424001ca36 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.28.C30mdk.x86_64.rpm e2d37f7e766faf61b01570d3b2763900 corporate/3.0/x86_64/php432-devel-4.3.4-4.28.C30mdk.x86_64.rpm c6f7fbbca3e521fd092239da0e542f99 corporate/3.0/x86_64/php-cgi-4.3.4-4.28.C30mdk.x86_64.rpm af7d5aca6faf6a432f19d445e5910c14 corporate/3.0/x86_64/php-cli-4.3.4-4.28.C30mdk.x86_64.rpm 8969b7bbe0a389d9c17073a4734afe67 corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
Multi Network Firewall 2.0
0aed85766f3a2938d9c1e33bb5a199ff mnf/2.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm c14ad69a438163322e9c4802be2a9162 mnf/2.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm ed7c11b9e615d50c2626cc8651b2aecb mnf/2.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm 523bafb85ede32063f4738e6426ab23d mnf/2.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.