Package name
php
Date
2006-09-07
Advisory ID
MDKSA-2006:162
Affected versions
CS3.0 i586 , MNF2.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5
do not check for the safe_mode and open_basedir settings, which allows
local users to bypass the settings (CVE-2006-4481).

Buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have
an unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table
array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).

CVE-2006-4485 does not affect the Corporate3 or MNF2 versions of PHP.

Updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 3eb436590e289bc53b5bf6560ba04b02  corporate/3.0/RPMS/libphp_common432-4.3.4-4.20.C30mdk.i586.rpm
 25e55ccb44fe52f3a2dbbded0463c344  corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.i586.rpm
 b970a8c32bc44c3736173d90dc251141  corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.i586.rpm
 90098a78f8376e8abc5cad6d6eab75f9  corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.i586.rpm
 65ec1dc0a8da743bbc8c31b02b2e0463  corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.i586.rpm
 f301535d5f0f4eab5b0d6a1d9b231ef8  corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.i586.rpm
 e7eb6f56b39b5c72b3a2dbb602ab8d46  corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
 55da5f48aa9e2851b88377d436fc154b  corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
 3133219ccf7cd83aec8f03823b6bcf48  corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

MNF2.0 i586

 90ed06dbf0316651afc4d8990477ca7d  mnf/2.0/RPMS/libphp_common432-4.3.4-4.20.M20mdk.i586.rpm
 bbf7116a28e92bd9c6ce531e8014cc22  mnf/2.0/RPMS/php432-devel-4.3.4-4.20.M20mdk.i586.rpm
 0c5f0a2f78cdb87ddd4a2a316d107e4c  mnf/2.0/RPMS/php-cgi-4.3.4-4.20.M20mdk.i586.rpm
 27885acc0df6e7fa21ee1d165df8f426  mnf/2.0/RPMS/php-cli-4.3.4-4.20.M20mdk.i586.rpm
 14c40d13e47645ceaddb28508008fd8f  mnf/2.0/RPMS/php-gd-4.3.4-1.4.M20mdk.i586.rpm
 bfdf39861fc0614d9a81889f6c0dbac6  mnf/2.0/SRPMS/php-4.3.4-4.20.M20mdk.src.rpm
 1c40bfd8df9786d467993f0eabc9eff9  mnf/2.0/SRPMS/php-gd-4.3.4-1.4.M20mdk.src.rpm

2006.0 i586

 146279492bdd9a03694778e265582d65  2006.0/RPMS/libphp5_common5-5.0.4-9.14.20060mdk.i586.rpm
 ca99a7740c1b47df847a56cbb25a8e80  2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.i586.rpm
 665f72c14d5c2d485047c8c288946227  2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.i586.rpm
 ddb6f8354c06c2f7bd78823dc846b2b5  2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.i586.rpm
 a8ba6ed38bb91aa170882a2c0ad32e32  2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.i586.rpm
 ddc3fc12907892012c0db9df119edaab  2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.i586.rpm
 7231862a27ba9135e9cfcce3c455af3a  2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
 69d5c165b33b00454cc56b27bb21eba7  2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

2006.0 x86_64

 4ba33ec1fd91fdad05aaffb2d8dc766a  x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.14.20060mdk.x86_64.rpm
 023e44a6bc50c5edaa3abfe85a888ec3  x86_64/2006.0/RPMS/php-cgi-5.0.4-9.14.20060mdk.x86_64.rpm
 29e82f10dba8da27a73e57df3ffc198b  x86_64/2006.0/RPMS/php-cli-5.0.4-9.14.20060mdk.x86_64.rpm
 69fd9d2282d1bc50c19078f8537e4084  x86_64/2006.0/RPMS/php-devel-5.0.4-9.14.20060mdk.x86_64.rpm
 a849151feb32d3bcca9f5d175289fce5  x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.14.20060mdk.x86_64.rpm
 1551e3c19dde54eaa19dabe5fe8a31db  x86_64/2006.0/RPMS/php-imap-5.0.4-2.4.20060mdk.x86_64.rpm
 7231862a27ba9135e9cfcce3c455af3a  x86_64/2006.0/SRPMS/php-5.0.4-9.14.20060mdk.src.rpm
 69d5c165b33b00454cc56b27bb21eba7  x86_64/2006.0/SRPMS/php-imap-5.0.4-2.4.20060mdk.src.rpm

CS3.0 x86_64

 c5213371e2b3ff49c18bcb7eea366b86  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.20.C30mdk.x86_64.rpm
 48206012e77a6949d36188f3b2743afc  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.20.C30mdk.x86_64.rpm
 e37a90b7ba3b52fce6bbecd6ec8960bf  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.20.C30mdk.x86_64.rpm
 24ce234e4d366125e4a13ca5ac2d0bf6  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.20.C30mdk.x86_64.rpm
 60dd687ca2f9fc7b1aa8717533d1ed81  x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.4.C30mdk.x86_64.rpm
 86ff3c6e121b52fd6a092c7f8e35885c  x86_64/corporate/3.0/RPMS/php-imap-4.3.4-1.4.C30mdk.x86_64.rpm
 e7eb6f56b39b5c72b3a2dbb602ab8d46  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.20.C30mdk.src.rpm
 55da5f48aa9e2851b88377d436fc154b  x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.4.C30mdk.src.rpm
 3133219ccf7cd83aec8f03823b6bcf48  x86_64/corporate/3.0/SRPMS/php-imap-4.3.4-1.4.C30mdk.src.rpm

References