what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-024

Mandriva Linux Security Advisory 2009-024
Posted Jan 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-024 - Multiple buffer overflows and a denial of service vulnerability have been addressed in the php4 package.

tags | advisory, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2008-3658, CVE-2008-3659, CVE-2008-3660
SHA-256 | 693f0010c51f54b5cda83cc4d52e36fcc5326e3b2f3589850ad19a7868a35b0e

Mandriva Linux Security Advisory 2009-024

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:024
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php4
Date : January 21, 2009
Affected: Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A buffer overflow in the imageloadfont() function in PHP allowed
context-dependent attackers to cause a denial of service (crash)
and potentially execute arbitrary code via a crafted font file
(CVE-2008-3658).

A buffer overflow in the memnstr() function allowed context-dependent
attackers to cause a denial of service (crash) and potentially execute
arbitrary code via the delimiter argument to the explode() function
(CVE-2008-3659).

PHP, when used as a FastCGI module, allowed remote attackers to cause
a denial of service (crash) via a request with multiple dots preceding
the extension (CVE-2008-3660).

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
acf26c8efc90342d906e59c0444bd46a corporate/3.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm
f7cf98731681e6af45aca3dd2246c0f7 corporate/3.0/i586/php432-devel-4.3.4-4.29.C30mdk.i586.rpm
8f8d00fa42b95a28e77d600d081c95d9 corporate/3.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm
d6b96c7cf8d6416ec3d8bb111c4440da corporate/3.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm
57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm

Corporate 3.0/X86_64:
8164e4bfb1a7ffb5fd1bca2afcaef9ef corporate/3.0/x86_64/lib64php_common432-4.3.4-4.29.C30mdk.x86_64.rpm
625a98ec0ec42052ffbb9da5f8b9caca corporate/3.0/x86_64/php432-devel-4.3.4-4.29.C30mdk.x86_64.rpm
5b3143860009e7cf82f323e45f575324 corporate/3.0/x86_64/php-cgi-4.3.4-4.29.C30mdk.x86_64.rpm
48bff6270d231dffc8a5fbfbe0d1630e corporate/3.0/x86_64/php-cli-4.3.4-4.29.C30mdk.x86_64.rpm
57b308993c4e4635f343d4ef0d36a6c2 corporate/3.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm

Corporate 4.0:
828884555043ebbf5af7d91d8a6401ad corporate/4.0/i586/libphp4_common4-4.4.4-1.9.20060mlcs4.i586.rpm
ac0b8ea0e61fdda9e8716fde02f25100 corporate/4.0/i586/php4-cgi-4.4.4-1.9.20060mlcs4.i586.rpm
19eddb6987778bee19f9978cc59cb54b corporate/4.0/i586/php4-cli-4.4.4-1.9.20060mlcs4.i586.rpm
4ea6bb54f1ea066cd6ee29d894d9a0fd corporate/4.0/i586/php4-devel-4.4.4-1.9.20060mlcs4.i586.rpm
dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
60d3900495dd46161a6ba20fdbdfdd7d corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.9.20060mlcs4.x86_64.rpm
60e039c9d60030616e4f05c81ea29455 corporate/4.0/x86_64/php4-cgi-4.4.4-1.9.20060mlcs4.x86_64.rpm
f8e9e9faf82d8edbe2d9bf88572f2311 corporate/4.0/x86_64/php4-cli-4.4.4-1.9.20060mlcs4.x86_64.rpm
5561a9c77979daf567d1acffc73d4918 corporate/4.0/x86_64/php4-devel-4.4.4-1.9.20060mlcs4.x86_64.rpm
dc2d58cb2ed98936ec15dc030689fb14 corporate/4.0/SRPMS/php4-4.4.4-1.9.20060mlcs4.src.rpm

Multi Network Firewall 2.0:
0183137a3353b21a77e147b745d21ec4 mnf/2.0/i586/libphp_common432-4.3.4-4.29.C30mdk.i586.rpm
1173011f1e24f85619f78966b1533e11 mnf/2.0/i586/php-cgi-4.3.4-4.29.C30mdk.i586.rpm
b726b9c13b620a12c5e8603c197d76c9 mnf/2.0/i586/php-cli-4.3.4-4.29.C30mdk.i586.rpm
87805cd270bffde644fee3ec29ecfd54 mnf/2.0/SRPMS/php-4.3.4-4.29.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJd55+mqjQ0CJFipgRAmtGAJ45ZVHxX/mQROiWu/W+EmPyT+UwFgCfRdDR
jaoTCVqDPgqPjX/k4OYu1Vk=
=fHY4
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close