-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: php Advisory ID: MDKSA-2005:152 Date: August 25th, 2005 Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1, Multi Network Firewall 2.0 ______________________________________________________________________ Problem Description: Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. The php packages, as shipped, were built using a private copy of pcre. The updated packages have been rebuilt against the system pcre libs to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491 ______________________________________________________________________ Updated Packages: Mandrakelinux 10.0: eb0e368698b2fda5305b91ab1db8454b 10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm 1816cfcc76d579e46733d572b9419fce 10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm 44eccf95b5ea20a7980bc57193fd4207 10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm a69cc3baef9baa683242e30f6011f8e2 10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm a0a2f9a9e8241a515cf2b548beae4cb7 10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm Mandrakelinux 10.0/AMD64: fd1a6e1293506461a19e5cc80d90eecb amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm f9374c5b4339d568fe6e05bfb17b81f7 amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm 0f811ea9666a35feaeb3176bef2145e4 amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm 5cc1e89e7e2d2474d4249713855ab1b1 amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm a0a2f9a9e8241a515cf2b548beae4cb7 amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm Mandrakelinux 10.1: 696d96819a573db2fc9ef77018a1cd5a 10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm cd75f36ce70b59b1e7d89ec17e939c01 10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm 190fb5d7390f421ab639f086b0d4b830 10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm 92d72f61dba2582098b490790d1dd759 10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm 7c1fd0570af6566a47ef240e072757e3 10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 497261e30c8f34eeb074273dff2e51cd x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm 08f0ba426c68ae93549dc9617aec9fa7 x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm beb9dfc3eabafd3491f3996f339b89a7 x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm 3b9dfd200b756098165f7df0381e4fbd x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm 7c1fd0570af6566a47ef240e072757e3 x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm Mandrakelinux 10.2: 586822538c1277d23958c0ccc7ca5f5b 10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm eda7407c1646e614949886cc0779c317 10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm cc5883ec909c52dd3c8eafd069bfefad 10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm 7ba1ae1b35dcae80c87e934f7942ba4b 10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm 8e6141b81f2a0852338915b5b5f78f43 10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm Mandrakelinux 10.2/X86_64: df8091c501dc846ee06d91843bb5bb01 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm d6ed3306dbdf94e2d9a9331e787082c6 x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm 9fae82418ec0cb926515a401563cd6f6 x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm 0a966fc75dfeba6697907a9d85365521 x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm 8e6141b81f2a0852338915b5b5f78f43 x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm Multi Network Firewall 2.0: 9512ea70132f3edb788c48a4d3ac7e34 mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm 5df5f70c8470ece4238d11f0cb213fb0 mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm c1c3eae72209c6742cbaa204fe1174d4 mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm Corporate Server 2.1: 20e4fe9664591d97bd7e87bce7abf8a1 corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm b5c53e71a69a7d8812bb2871cef26aaf corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm 483f7f2db9ec6d49e29ba7c4488996ee corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm 1b3cbc4961e4ef50c6304d6a8f03cd0a corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm 0b15baacbb3243b46143fd041a8dd8f4 corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm Corporate Server 2.1/X86_64: 734b15eebd17d63cef3e3a7f042c9fb1 x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm d3c6941f8c98f4e868e5b9b2366e8886 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm 8eed243db07e3b87186598d050dcee8b x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm 839e1b9811714d35ce87b6d7bdd4a326 x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm 0b15baacbb3243b46143fd041a8dd8f4 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm Corporate 3.0: 0058c2f1310f1d9d96699565d285a9f2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm 6d8a5bad11aa6891a21ed9ad3da4dc45 corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm 12c74a0af4df6572420c5ba18881cc3c corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm e1e8b213071496d8bcd20d8c54288b4a corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm d29855cc6df3d29b38eba206acf7c1d2 corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm Corporate 3.0/X86_64: de5bbf1a212dda1610ba9cb39429ee03 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm bb62cee7751251be364cb9a42467066b x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm 28a83cd6fdf175ea0e7f0907b708acd4 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm 91d3df83d21e58d339ac5f84e97b7386 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm d29855cc6df3d29b38eba206acf7c1d2 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDDkrImqjQ0CJFipgRAmZsAJwPg2M9yYquQzxTwFsfTR/zeDpRjwCfU/25 0iO114SDZxGvdjZiNj6oj3k= =M1FP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/