-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:038 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : February 6, 2007 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. (CVE-2006-6383) Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. PHP uses an embedded copy of GD and may be susceptible to the same issue. (CVE-2007-0455) Updated packages have been patched to correct these issues. Users must restart Apache for the changes to take effect. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: f4975722488c515d7701f3f2475c45c1 2006.0/i586/libphp5_common5-5.0.4-9.18.20060mdk.i586.rpm df6d91c7fb6deadd6447c68d41a7a57f 2006.0/i586/php-cgi-5.0.4-9.18.20060mdk.i586.rpm 861b613a3caa594e9d18de2f66711c1c 2006.0/i586/php-cli-5.0.4-9.18.20060mdk.i586.rpm aa74ed178e6523b28d6f0ee1cfb2b9a6 2006.0/i586/php-devel-5.0.4-9.18.20060mdk.i586.rpm cdc33f50531e2815c3f39a2f12eca69d 2006.0/i586/php-fcgi-5.0.4-9.18.20060mdk.i586.rpm 0df45677da595137066ec38171463402 2006.0/i586/php-gd-5.0.4-2.1.20060mdk.i586.rpm 09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm 9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 94d70f0d65bebd9b8b235ec523bef3c4 2006.0/x86_64/lib64php5_common5-5.0.4-9.18.20060mdk.x86_64.rpm 3e145f94684bd8aaae230b181a3bab18 2006.0/x86_64/php-cgi-5.0.4-9.18.20060mdk.x86_64.rpm 5a460212062d85cc35c52c6c42e3babc 2006.0/x86_64/php-cli-5.0.4-9.18.20060mdk.x86_64.rpm a31b6a63963f4486ee7839e449fb60ef 2006.0/x86_64/php-devel-5.0.4-9.18.20060mdk.x86_64.rpm 6c0ae39e3a6b8cb07a44271e5b128e2f 2006.0/x86_64/php-fcgi-5.0.4-9.18.20060mdk.x86_64.rpm 228bb108271c28550034b39b9f6cafee 2006.0/x86_64/php-gd-5.0.4-2.1.20060mdk.x86_64.rpm 09416e0ce824f667f9f247950e3f6b87 2006.0/SRPMS/php-5.0.4-9.18.20060mdk.src.rpm 9caab8fb262742b7fdc8e2787db26e49 2006.0/SRPMS/php-gd-5.0.4-2.1.20060mdk.src.rpm Mandriva Linux 2007.0: c8879f538ab9a93f1999c9dc8aa2f6c7 2007.0/i586/libphp5_common5-5.1.6-1.4mdv2007.0.i586.rpm e8c050d86574fb1d2a52a5b3ec85a255 2007.0/i586/php-cgi-5.1.6-1.4mdv2007.0.i586.rpm 92391d48bd18ab9e20e64039a4a9f2ff 2007.0/i586/php-cli-5.1.6-1.4mdv2007.0.i586.rpm d7b3ddc58da98113342434d45e04c3a8 2007.0/i586/php-devel-5.1.6-1.4mdv2007.0.i586.rpm a5dd9b692fbd9c41be42fa2d59539c1d 2007.0/i586/php-fcgi-5.1.6-1.4mdv2007.0.i586.rpm a2d2a3091d51ffc74793760ed31a1faa 2007.0/i586/php-gd-5.1.6-1.1mdv2007.0.i586.rpm 719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 5bf3650bbe564873a14ea8b6bf3ade06 2007.0/x86_64/lib64php5_common5-5.1.6-1.4mdv2007.0.x86_64.rpm 34ed4aa6be49dcb88f7bbc0a5c2e8690 2007.0/x86_64/php-cgi-5.1.6-1.4mdv2007.0.x86_64.rpm 608fc651103e04774dd99542ac9c24e3 2007.0/x86_64/php-cli-5.1.6-1.4mdv2007.0.x86_64.rpm ade70a35519251e33fece3b184a5e42c 2007.0/x86_64/php-devel-5.1.6-1.4mdv2007.0.x86_64.rpm 32a0cd75a40a80b04d4f62e7a5695cf6 2007.0/x86_64/php-fcgi-5.1.6-1.4mdv2007.0.x86_64.rpm b65ee3000cc55d6835bde68de1285708 2007.0/x86_64/php-gd-5.1.6-1.1mdv2007.0.x86_64.rpm 719976944ad1da508b9dd10eb1068e41 2007.0/SRPMS/php-5.1.6-1.4mdv2007.0.src.rpm af2f0370851c3d3729b89586d9eded8e 2007.0/SRPMS/php-gd-5.1.6-1.1mdv2007.0.src.rpm Corporate 3.0: a4d72dc3de251851206c67e9706432a6 corporate/3.0/i586/libphp_common432-4.3.4-4.23.C30mdk.i586.rpm b8e1d56bb999975f9ea0a66d8877847f corporate/3.0/i586/php-cgi-4.3.4-4.23.C30mdk.i586.rpm 433ae81fdc6d1238c0931e43f6989a9b corporate/3.0/i586/php-cli-4.3.4-4.23.C30mdk.i586.rpm 2a1717d00d78a6a6f34cddb987c0f279 corporate/3.0/i586/php-gd-4.3.4-1.5.C30mdk.i586.rpm 44c2653add5bf2cc23a2d8f6bfa3b31e corporate/3.0/i586/php432-devel-4.3.4-4.23.C30mdk.i586.rpm b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm Corporate 3.0/X86_64: cfd5971fec1866bf5fe3c5e23adaba58 corporate/3.0/x86_64/lib64php_common432-4.3.4-4.23.C30mdk.x86_64.rpm 14be94ecf6ddc1f3b910b802624de67c corporate/3.0/x86_64/php-cgi-4.3.4-4.23.C30mdk.x86_64.rpm b016f2131f015adf8a0d0da27033569f corporate/3.0/x86_64/php-cli-4.3.4-4.23.C30mdk.x86_64.rpm 9355a4e63f1e5193f43f5048541885bf corporate/3.0/x86_64/php-gd-4.3.4-1.5.C30mdk.x86_64.rpm 77c18b09786f412789f63d6094a4fd23 corporate/3.0/x86_64/php432-devel-4.3.4-4.23.C30mdk.x86_64.rpm b8efd05ff96d101323b6253aa08b5e93 corporate/3.0/SRPMS/php-4.3.4-4.23.C30mdk.src.rpm d18944ac47e27e3653fe99e134ecba18 corporate/3.0/SRPMS/php-gd-4.3.4-1.5.C30mdk.src.rpm Corporate 4.0: 64274f70614e93e30b479a7ba0613e8a corporate/4.0/i586/libphp4_common4-4.4.4-1.3.20060mlcs4.i586.rpm 43f22e53482c4451a24f3008a7ba75eb corporate/4.0/i586/libphp5_common5-5.1.6-1.3.20060mlcs4.i586.rpm 2c1b8b75b49bf78b6a677d36832e116c corporate/4.0/i586/php-cgi-5.1.6-1.3.20060mlcs4.i586.rpm 64261b179e2db73b5838d96020835cae corporate/4.0/i586/php-cli-5.1.6-1.3.20060mlcs4.i586.rpm dfd172a482e20943dabd3b3fbef9ba95 corporate/4.0/i586/php-devel-5.1.6-1.3.20060mlcs4.i586.rpm 1a57eb8f5b70cd4ea28b98b462493e51 corporate/4.0/i586/php-fcgi-5.1.6-1.3.20060mlcs4.i586.rpm bd060ffd97d1ede4a3c9453de8287970 corporate/4.0/i586/php-gd-5.1.6-1.1.20060mlcs4.i586.rpm e7d645e78c829242e3f81ab16aa8903d corporate/4.0/i586/php4-cgi-4.4.4-1.3.20060mlcs4.i586.rpm 1379c35acd8c2a414d482d5d0f5c782a corporate/4.0/i586/php4-cli-4.4.4-1.3.20060mlcs4.i586.rpm 10f753850f58ea02962272a4a30b8ed0 corporate/4.0/i586/php4-devel-4.4.4-1.3.20060mlcs4.i586.rpm ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm 528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm 6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: a667b24b7182332997da97d003095bf4 corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.3.20060mlcs4.x86_64.rpm 96860c73274abe165290ad70a1f8bbec corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.3.20060mlcs4.x86_64.rpm e53ed6e99e23219f351b9dd0faf1fbf8 corporate/4.0/x86_64/php-cgi-5.1.6-1.3.20060mlcs4.x86_64.rpm 2894870436518afda0788313f6fe9d6e corporate/4.0/x86_64/php-cli-5.1.6-1.3.20060mlcs4.x86_64.rpm 3e78d378968a67edda64f8a1db752b21 corporate/4.0/x86_64/php-devel-5.1.6-1.3.20060mlcs4.x86_64.rpm 16b8070a55f06ede6cce10bbac1f5706 corporate/4.0/x86_64/php-fcgi-5.1.6-1.3.20060mlcs4.x86_64.rpm f3fccbe495f311fb13e64b3c2532323b corporate/4.0/x86_64/php-gd-5.1.6-1.1.20060mlcs4.x86_64.rpm e8825bc14914ae4f896b28ab1b04e7ae corporate/4.0/x86_64/php4-cgi-4.4.4-1.3.20060mlcs4.x86_64.rpm 1249dfd5f50a707ac6a31c18dec924e0 corporate/4.0/x86_64/php4-cli-4.4.4-1.3.20060mlcs4.x86_64.rpm f38d55e2315ba81db68dcb237a783ef0 corporate/4.0/x86_64/php4-devel-4.4.4-1.3.20060mlcs4.x86_64.rpm ab1bc26c56c8d5c0c82544bd189ccb06 corporate/4.0/SRPMS/php-5.1.6-1.3.20060mlcs4.src.rpm 528acaacac81d6ca4c195355fd5935c1 corporate/4.0/SRPMS/php-gd-5.1.6-1.1.20060mlcs4.src.rpm 6fea47535848cb3eeb381d8e9ceaf278 corporate/4.0/SRPMS/php4-4.4.4-1.3.20060mlcs4.src.rpm Multi Network Firewall 2.0: 1a5b0a4fa1fe65d9b01ac1fcb87e57f4 mnf/2.0/i586/libphp_common432-4.3.4-4.23.M20mdk.i586.rpm 1ca60ff9165bc3fc897f5a4fac0a27ab mnf/2.0/i586/php-cgi-4.3.4-4.23.M20mdk.i586.rpm 5ecb69d1ba9a1aefb943fdf00922a67e mnf/2.0/i586/php-cli-4.3.4-4.23.M20mdk.i586.rpm 43adb03ed86a75a3e90387c075f36bea mnf/2.0/i586/php-gd-4.3.4-1.5.M20mdk.i586.rpm e83875b4d3307b9d16602bf2da0c245a mnf/2.0/i586/php432-devel-4.3.4-4.23.M20mdk.i586.rpm fb782af12ca499a56594703feb6bed2c mnf/2.0/SRPMS/php-4.3.4-4.23.M20mdk.src.rpm fb344c42cba2a62c03c42b864b2e3151 mnf/2.0/SRPMS/php-gd-4.3.4-1.5.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFyQv3mqjQ0CJFipgRAjDEAKCLn4/gWRIof2G9RBEcR3PlAb0YswCeNKkK lRvByGSY6blc0yvvmysCSV0= =rtk4 -----END PGP SIGNATURE-----