Nom du paquet
php
Date
2009-09-25
Advisory ID
MDVSA-2009:246
Affected versions
CS3.0 i586 , CS4.0 x86_64 , MNF2.0 i586 , CS3.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities was discovered and corrected in php:

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to
an incorrect sanity check for the color index. (CVE-2009-3293)

This update provides a solution to these vulnerabilities.

Updated packages

CS3.0 i586

 4a02595b5eea0b6875698b3171c6de18  corporate/3.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
 1d5d7040ec73f39c49be4cfb6424ccb1  corporate/3.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
 223f27eb0ba733c0898589f2bd9f939d  corporate/3.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
 f97c40bcbbff8baf4858b2021399f681  corporate/3.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
 ce14b49faa8a0e0e1f30446a9fd697dd  corporate/3.0/i586/php-dba_bundle-4.3.4-1.1.C30mdk.i586.rpm
 6dba56cf1716e33d1c672806b83a5c56  corporate/3.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm 
 6729a16844799b099c84a2ba1396dd47  corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 512d01dbfe8ef3037ec2045746342840  corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
 2d58a96f81c208cad9b65189156f92e0  corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

CS4.0 x86_64

 f4673f56052dc7eba2ef99ec1a087b90  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.12.20060mlcs4.x86_64.rpm
 a1d13abd89f308b9acd14d642fcdd4f2  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.14.20060mlcs4.x86_64.rpm
 95d1663b8cb815525ae40f3a1ef60cae  corporate/4.0/x86_64/php4-cgi-4.4.4-1.12.20060mlcs4.x86_64.rpm
 bd86092a42f161beaf8a29b8e5f7531e  corporate/4.0/x86_64/php4-cli-4.4.4-1.12.20060mlcs4.x86_64.rpm
 67bc38c3e38ef6541828706179a13f1e  corporate/4.0/x86_64/php4-dba_bundle-4.4.4-1.1.20060mlcs4.x86_64.rpm
 f4d2a49b4abefbc5d517aae7630345f9  corporate/4.0/x86_64/php4-devel-4.4.4-1.12.20060mlcs4.x86_64.rpm
 547ed3d3a4cee4dc66da158241316b80  corporate/4.0/x86_64/php4-exif-4.4.4-1.2.20060mlcs4.x86_64.rpm
 391646867948bc40505a7346b3214e1b  corporate/4.0/x86_64/php-cgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
 a201cd45b38486f398081a1d16ac7d72  corporate/4.0/x86_64/php-cli-5.1.6-1.14.20060mlcs4.x86_64.rpm
 a67a0a8ba90e41f18fd36bc1f05e3311  corporate/4.0/x86_64/php-dba-5.1.6-1.1.20060mlcs4.x86_64.rpm
 a636fea041109d1d28c7323d4075179e  corporate/4.0/x86_64/php-devel-5.1.6-1.14.20060mlcs4.x86_64.rpm
 c02a5dda722f0d6fa7144feb8ba1ce50  corporate/4.0/x86_64/php-exif-5.1.6-1.2.20060mlcs4.x86_64.rpm
 e50415f8780f27db1b68a10a6d372a6f  corporate/4.0/x86_64/php-fcgi-5.1.6-1.14.20060mlcs4.x86_64.rpm
 91fabbd879295321a4573cff179fec16  corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 000d8f8c7c014e06dc26aa0cb579c5d8  corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
 26fb6c37afef6a5fcd5208bad2ebc553  corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
 1dd0142cab4710111ea4ba356632e4f4  corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
 800e3ef31cb6a98c3c7391b53c100d1a  corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
 6e0180221caaa5f8fbaf72f269b0c1ff  corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
 3f84b5d0bd2e3ae9d8a6cc61ee842eba  corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
 fbc401dc2fbf97e849568d42f3a0907d  corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

MNF2.0 i586

 b4c61a34209cb2665757431b76c29618  mnf/2.0/i586/libphp_common432-4.3.4-4.30.C30mdk.i586.rpm
 6a46ca28a0edfa8d4de397ea468c6b7e  mnf/2.0/i586/php432-devel-4.3.4-4.30.C30mdk.i586.rpm
 aeedd733f5d44af49cf0fbd5260833c4  mnf/2.0/i586/php-cgi-4.3.4-4.30.C30mdk.i586.rpm
 5fba6d630664beaaebf243da3fb4d287  mnf/2.0/i586/php-cli-4.3.4-4.30.C30mdk.i586.rpm
 d18c9980d35f042f8aaf663fe2e2942d  mnf/2.0/i586/php-gd-4.3.4-1.8.C30mdk.i586.rpm 
 0dd3ff93902b0f993a5e767cc50e017b  mnf/2.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 a86659f66c2327f54c921ffccfc589cd  mnf/2.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

CS3.0 x86_64

 a655f05bb696767a5c696b2b1e19b2af  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.30.C30mdk.x86_64.rpm
 3314420b910822f2f44f096d57ae26ad  corporate/3.0/x86_64/php432-devel-4.3.4-4.30.C30mdk.x86_64.rpm
 49183f06afa423ba77d25f22cd14e665  corporate/3.0/x86_64/php-cgi-4.3.4-4.30.C30mdk.x86_64.rpm
 7dd4d4d1f55102dc65f9a307cc2a567e  corporate/3.0/x86_64/php-cli-4.3.4-4.30.C30mdk.x86_64.rpm
 1383e2f9be11322cc66888d426e626cb  corporate/3.0/x86_64/php-dba_bundle-4.3.4-1.1.C30mdk.x86_64.rpm
 ee5a8f85e1746fd01fb98f8ae045bbff  corporate/3.0/x86_64/php-gd-4.3.4-1.8.C30mdk.x86_64.rpm 
 6729a16844799b099c84a2ba1396dd47  corporate/3.0/SRPMS/php-4.3.4-4.30.C30mdk.src.rpm
 512d01dbfe8ef3037ec2045746342840  corporate/3.0/SRPMS/php-dba_bundle-4.3.4-1.1.C30mdk.src.rpm
 2d58a96f81c208cad9b65189156f92e0  corporate/3.0/SRPMS/php-gd-4.3.4-1.8.C30mdk.src.rpm

CS4.0 i586

 45f2d838136d3294f4e7596a1408dffb  corporate/4.0/i586/libphp4_common4-4.4.4-1.12.20060mlcs4.i586.rpm
 c463bf145de6bf1c1db9617a24c5990b  corporate/4.0/i586/libphp5_common5-5.1.6-1.14.20060mlcs4.i586.rpm
 914be4bcb8007085dce3aad3199886a8  corporate/4.0/i586/php4-cgi-4.4.4-1.12.20060mlcs4.i586.rpm
 a79f33c63c659b8e19e3b53a3082586f  corporate/4.0/i586/php4-cli-4.4.4-1.12.20060mlcs4.i586.rpm
 1e0b3de1715819c4edb48335e88ca651  corporate/4.0/i586/php4-dba_bundle-4.4.4-1.1.20060mlcs4.i586.rpm
 b6b729eafe1d4baa6112831a64a3b360  corporate/4.0/i586/php4-devel-4.4.4-1.12.20060mlcs4.i586.rpm
 6b0b011b252fb1ceb8f441767d27f184  corporate/4.0/i586/php4-exif-4.4.4-1.2.20060mlcs4.i586.rpm
 4b46d5f0527c24e44a9dbab9f5513a65  corporate/4.0/i586/php-cgi-5.1.6-1.14.20060mlcs4.i586.rpm
 6984850d55cb492e6f0ee2d4f7655286  corporate/4.0/i586/php-cli-5.1.6-1.14.20060mlcs4.i586.rpm
 683507d8d6498eb22acd4bf67c08f3e1  corporate/4.0/i586/php-dba-5.1.6-1.1.20060mlcs4.i586.rpm
 0b9fe463ab494e9421f96d6124276fa6  corporate/4.0/i586/php-devel-5.1.6-1.14.20060mlcs4.i586.rpm
 00ba586a8ac5786de8c2196ab85d8cec  corporate/4.0/i586/php-exif-5.1.6-1.2.20060mlcs4.i586.rpm
 5b0686519a27b7faa3ba549fbc6ddce4  corporate/4.0/i586/php-fcgi-5.1.6-1.14.20060mlcs4.i586.rpm
 92c4a3461f37546cec2e0d203ee55c5f  corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm 
 000d8f8c7c014e06dc26aa0cb579c5d8  corporate/4.0/SRPMS/php4-4.4.4-1.12.20060mlcs4.src.rpm
 26fb6c37afef6a5fcd5208bad2ebc553  corporate/4.0/SRPMS/php4-dba_bundle-4.4.4-1.1.20060mlcs4.src.rpm
 1dd0142cab4710111ea4ba356632e4f4  corporate/4.0/SRPMS/php4-exif-4.4.4-1.2.20060mlcs4.src.rpm
 800e3ef31cb6a98c3c7391b53c100d1a  corporate/4.0/SRPMS/php-5.1.6-1.14.20060mlcs4.src.rpm
 6e0180221caaa5f8fbaf72f269b0c1ff  corporate/4.0/SRPMS/php-dba-5.1.6-1.1.20060mlcs4.src.rpm
 3f84b5d0bd2e3ae9d8a6cc61ee842eba  corporate/4.0/SRPMS/php-exif-5.1.6-1.2.20060mlcs4.src.rpm
 fbc401dc2fbf97e849568d42f3a0907d  corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm

References