Mandriva Linux Security Advisory - Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The updated packages have been patched to correct these issues.
36c685354707ed85c37d537fa3d18fa1b4cdf1dc975794ed6df7b5c8b8e59c42
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:129
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php4
Date : July 3, 2008
Affected: Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5
were discovered that could produce a zero seed in rare circumstances on
32bit systems and generations a portion of zero bits during conversion
due to insufficient precision on 64bit systems (CVE-2008-2107,
CVE-2008-2108).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108
_______________________________________________________________________
Updated Packages:
Corporate 3.0:
60cb1523549183eae75f173db44ce2d7 corporate/3.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm
4ba8abbdc22274e036ea6f7ae4909316 corporate/3.0/i586/php432-devel-4.3.4-4.28.C30mdk.i586.rpm
1f3277efa994d0e978704b0e1ef81cee corporate/3.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm
ed7c11b9e615d50c2626cc8651b2aecb corporate/3.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm
8969b7bbe0a389d9c17073a4734afe67 corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
Corporate 3.0/X86_64:
fae5232b68c4347ea4ab1f424001ca36 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.28.C30mdk.x86_64.rpm
e2d37f7e766faf61b01570d3b2763900 corporate/3.0/x86_64/php432-devel-4.3.4-4.28.C30mdk.x86_64.rpm
c6f7fbbca3e521fd092239da0e542f99 corporate/3.0/x86_64/php-cgi-4.3.4-4.28.C30mdk.x86_64.rpm
af7d5aca6faf6a432f19d445e5910c14 corporate/3.0/x86_64/php-cli-4.3.4-4.28.C30mdk.x86_64.rpm
8969b7bbe0a389d9c17073a4734afe67 corporate/3.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
Multi Network Firewall 2.0:
0aed85766f3a2938d9c1e33bb5a199ff mnf/2.0/i586/libphp_common432-4.3.4-4.28.C30mdk.i586.rpm
c14ad69a438163322e9c4802be2a9162 mnf/2.0/i586/php-cgi-4.3.4-4.28.C30mdk.i586.rpm
ed7c11b9e615d50c2626cc8651b2aecb mnf/2.0/i586/php-cli-4.3.4-4.28.C30mdk.i586.rpm
523bafb85ede32063f4738e6426ab23d mnf/2.0/SRPMS/php-4.3.4-4.28.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIbWsumqjQ0CJFipgRAsxRAKCe0zLMaz8Akj/J/HCyhYExLp1GXgCeMKrt
qBH74ZN3vFcg99ivslfGoKE=
=rQ++
-----END PGP SIGNATURE-----