Mandriva Linux Security Advisory 2011-004 - Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush, phar_parse_url, or phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function. The updated packages have been upgraded to the latest version and patched to correct this issue.
cc0b39fb95de35b1449b811335b5e9616ac2bf267eaceb0d0502416b54b87310-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:004
http://www.mandriva.com/security/
_______________________________________________________________________
Package : php-phar
Date : January 10, 2011
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in php-phar:
Multiple format string vulnerabilities in the phar extension in PHP
5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive
information (memory contents) and possibly execute arbitrary code
via a crafted phar:// URI that is not properly handled by the (1)
phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or
(4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5)
phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers
errors in the php_stream_wrapper_log_error function (CVE-2010-2094).
The updated packages have been upgraded to the latest version (2.0.0)
and patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2094
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
18ac572d36b85d01b8d2887b5ac66306 mes5/i586/php-phar-2.0.0-0.1mdvmes5.1.i586.rpm
66fed8527abc284d6b41e547fa9f7fe5 mes5/SRPMS/php-phar-2.0.0-0.1mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
64664dc1a71b0b0df61a14faf178d737 mes5/x86_64/php-phar-2.0.0-0.1mdvmes5.1.x86_64.rpm
66fed8527abc284d6b41e547fa9f7fe5 mes5/SRPMS/php-phar-2.0.0-0.1mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNK4v8mqjQ0CJFipgRAi0HAKDW8sKRC6nuVSZIUcvISH4wJ9BYPgCgxNKx
NRVMwDjjYWWLjWhl1UX1m+U=
=e10m
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed