-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:167 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : July 28, 2009 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in PHP: - Fixed upstream bug #48378 (exif_read_data() segfaults on certain corrupted .jpeg files). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://bugs.php.net/bug.php?id=48378 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 3f3f7fad7715e287ae8c0a07cdb76823 mes5/i586/libphp5_common5-5.2.6-18.7mdvmes5.i586.rpm 5d18fb8298f181829658f5449f2b91fe mes5/i586/php-bcmath-5.2.6-18.7mdvmes5.i586.rpm 0cd0cdf199f37a72127b7425b061dd29 mes5/i586/php-bz2-5.2.6-18.7mdvmes5.i586.rpm ec7a4e660a0cf2cb4f8807dc81278a0e mes5/i586/php-calendar-5.2.6-18.7mdvmes5.i586.rpm f2461766d72c06a687c7eaa9f8d71ccf mes5/i586/php-cgi-5.2.6-18.7mdvmes5.i586.rpm 8d5b0d81f6dcc14094bb3d58761aa00f mes5/i586/php-cli-5.2.6-18.7mdvmes5.i586.rpm 305bbf621650f6e94378fa3e1a5a0ff8 mes5/i586/php-ctype-5.2.6-18.7mdvmes5.i586.rpm 1916da01319fe20cd102c8ccacc143c6 mes5/i586/php-curl-5.2.6-18.7mdvmes5.i586.rpm 037916c7471c442d37bed21f9826985d mes5/i586/php-dba-5.2.6-18.7mdvmes5.i586.rpm f2d33d30de41ed00a695ed82aa1e2365 mes5/i586/php-dbase-5.2.6-18.7mdvmes5.i586.rpm 4ba05fad00e76b56b0db435dc59bba1f mes5/i586/php-devel-5.2.6-18.7mdvmes5.i586.rpm e1d0f4b53b71740d424c9f144b9093ef mes5/i586/php-dom-5.2.6-18.7mdvmes5.i586.rpm 6e2159a2d55b6628cddf405d936fbdc1 mes5/i586/php-exif-5.2.6-18.7mdvmes5.i586.rpm d00ee84dda18b87eaee1a4396d6c78ee mes5/i586/php-fcgi-5.2.6-18.7mdvmes5.i586.rpm 7ff8f6f7354987343ada6b8bef6a144f mes5/i586/php-filter-5.2.6-18.7mdvmes5.i586.rpm 3f4a6d9500a7fe82e10ae0d488b65589 mes5/i586/php-ftp-5.2.6-18.7mdvmes5.i586.rpm 105ac192f815384c9c53ef523da933f8 mes5/i586/php-gd-5.2.6-18.7mdvmes5.i586.rpm 43a0e868728c87c67160941b2a4bedec mes5/i586/php-gettext-5.2.6-18.7mdvmes5.i586.rpm a1bd5d58ee395db72e50b529fec7e012 mes5/i586/php-gmp-5.2.6-18.7mdvmes5.i586.rpm e578e13d30e90f8fe1d1be3f50bf6693 mes5/i586/php-hash-5.2.6-18.7mdvmes5.i586.rpm be58a37030dfa7fd5c078e9453c53413 mes5/i586/php-iconv-5.2.6-18.7mdvmes5.i586.rpm 8cfccfce97e77d98cecb807f3d1de310 mes5/i586/php-imap-5.2.6-18.7mdvmes5.i586.rpm 384dcbbe2737a2321c245d993a3554f5 mes5/i586/php-json-5.2.6-18.7mdvmes5.i586.rpm 19e398328899ab709cd59a40476a82d6 mes5/i586/php-ldap-5.2.6-18.7mdvmes5.i586.rpm 1610789d1b6d71df79205768ecbb0291 mes5/i586/php-mbstring-5.2.6-18.7mdvmes5.i586.rpm c390849fa5ab08c93ca0c8acc368b111 mes5/i586/php-mcrypt-5.2.6-18.7mdvmes5.i586.rpm f264919a94dd9aacaa372c52a54d8a71 mes5/i586/php-mhash-5.2.6-18.7mdvmes5.i586.rpm ea4d46de23507d2a930c0a7930b00c6c mes5/i586/php-mime_magic-5.2.6-18.7mdvmes5.i586.rpm 5b24f880b2da1dee384b9a5864d3af68 mes5/i586/php-ming-5.2.6-18.7mdvmes5.i586.rpm 24b0a3f240c7e6e479329b9728f7d335 mes5/i586/php-mssql-5.2.6-18.7mdvmes5.i586.rpm e8f5ab9ba4764cad24cb7b6db3587f09 mes5/i586/php-mysql-5.2.6-18.7mdvmes5.i586.rpm b304c4cdde8c31d5ba85e84d685e83fa mes5/i586/php-mysqli-5.2.6-18.7mdvmes5.i586.rpm 2fe42371ea26650ab872751e593e0ca7 mes5/i586/php-ncurses-5.2.6-18.7mdvmes5.i586.rpm f68c4cbaa7391751f3fef61cd866faf4 mes5/i586/php-odbc-5.2.6-18.7mdvmes5.i586.rpm 3a13b0e1352098a827d31cf250ec735d mes5/i586/php-openssl-5.2.6-18.7mdvmes5.i586.rpm a92bb27a2ef2028ce601f9b088e29e0b mes5/i586/php-pcntl-5.2.6-18.7mdvmes5.i586.rpm 3beb653001b2693d5ce5129290f6e233 mes5/i586/php-pdo-5.2.6-18.7mdvmes5.i586.rpm 74e4c64bbf07f4055183064bb8a11354 mes5/i586/php-pdo_dblib-5.2.6-18.7mdvmes5.i586.rpm 69d4e0a949aedab166b4448da7d771c4 mes5/i586/php-pdo_mysql-5.2.6-18.7mdvmes5.i586.rpm 6c443ab06fd96a2ff60de9c61d4af650 mes5/i586/php-pdo_odbc-5.2.6-18.7mdvmes5.i586.rpm 45b60716f1899fba8f7d4d40790687f4 mes5/i586/php-pdo_pgsql-5.2.6-18.7mdvmes5.i586.rpm 6a312266edfce6d6d0f7213f8321fdf4 mes5/i586/php-pdo_sqlite-5.2.6-18.7mdvmes5.i586.rpm 8e1200048be6689d065d11ba20a7a942 mes5/i586/php-pgsql-5.2.6-18.7mdvmes5.i586.rpm d9fdf32c08ef34f5cc03fb727417bb9f mes5/i586/php-posix-5.2.6-18.7mdvmes5.i586.rpm fa3bff403e43e913f1bf2d4296a3937e mes5/i586/php-pspell-5.2.6-18.7mdvmes5.i586.rpm 44187179e55e245b4cf367b55c35ace7 mes5/i586/php-readline-5.2.6-18.7mdvmes5.i586.rpm 6690e2864d6c13576c3a9fb0441b9e87 mes5/i586/php-recode-5.2.6-18.7mdvmes5.i586.rpm 8fdbefee13d4bc1da9b0cb210848c712 mes5/i586/php-session-5.2.6-18.7mdvmes5.i586.rpm 77c116126219c7885ea91887e28cf457 mes5/i586/php-shmop-5.2.6-18.7mdvmes5.i586.rpm 2c885874901749f5aca1cbe5bd660321 mes5/i586/php-snmp-5.2.6-18.7mdvmes5.i586.rpm a2384c1f8b373bd3530bf1c18d8b4f4b mes5/i586/php-soap-5.2.6-18.7mdvmes5.i586.rpm 8f6da18501faff0681f9d6b16d4462d1 mes5/i586/php-sockets-5.2.6-18.7mdvmes5.i586.rpm 2ce3857d635031c38f9d05971ffd0979 mes5/i586/php-sqlite-5.2.6-18.7mdvmes5.i586.rpm 5f2d9134478850a1295856e2980a3bc7 mes5/i586/php-sybase-5.2.6-18.7mdvmes5.i586.rpm de42325d4e75bff98bb2a5aeebd5ab45 mes5/i586/php-sysvmsg-5.2.6-18.7mdvmes5.i586.rpm 8a0a6d2fabab73656111b1aa6945b5e0 mes5/i586/php-sysvsem-5.2.6-18.7mdvmes5.i586.rpm 37f19651aa10ae330db4b5047126e23f mes5/i586/php-sysvshm-5.2.6-18.7mdvmes5.i586.rpm 5cba78eec1731c7986a30fd9d685d837 mes5/i586/php-tidy-5.2.6-18.7mdvmes5.i586.rpm 8baf2c8f69b7e167cd5ebd213ebbc18d mes5/i586/php-tokenizer-5.2.6-18.7mdvmes5.i586.rpm 0db6ec2c58b1ec7d887cb972837aa243 mes5/i586/php-wddx-5.2.6-18.7mdvmes5.i586.rpm 9bb87172d24b76fda20b61b16d1f7da7 mes5/i586/php-xml-5.2.6-18.7mdvmes5.i586.rpm 591f1b1dbbf3fdf5d64846d5bc71166e mes5/i586/php-xmlreader-5.2.6-18.7mdvmes5.i586.rpm 17d8620577de04f97e4a7b6ec3dbf3fc mes5/i586/php-xmlrpc-5.2.6-18.7mdvmes5.i586.rpm ef1f423de0ec7169a4db773e271e3295 mes5/i586/php-xmlwriter-5.2.6-18.7mdvmes5.i586.rpm 86a3be1202874ce80931f604f9b4b14f mes5/i586/php-xsl-5.2.6-18.7mdvmes5.i586.rpm 1e5018d72861925351c1e78ee6798aaf mes5/i586/php-zlib-5.2.6-18.7mdvmes5.i586.rpm bac4a30648399229f6e990c3f5fe740f mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm Mandriva Enterprise Server 5/X86_64: 0eeee7f99b0af3771bc647a92743c432 mes5/x86_64/lib64php5_common5-5.2.6-18.7mdvmes5.x86_64.rpm 18d12546bbcc19be0701607652ce6c86 mes5/x86_64/php-bcmath-5.2.6-18.7mdvmes5.x86_64.rpm 6682658fb0d19b7f730ea30f87527fa1 mes5/x86_64/php-bz2-5.2.6-18.7mdvmes5.x86_64.rpm 3c8edcc9d3d8ae861a7958287a4bbde3 mes5/x86_64/php-calendar-5.2.6-18.7mdvmes5.x86_64.rpm 6e865919fde119cdb010d9e7c18eac15 mes5/x86_64/php-cgi-5.2.6-18.7mdvmes5.x86_64.rpm ce829f80228990a6c026ab9e5f453fd0 mes5/x86_64/php-cli-5.2.6-18.7mdvmes5.x86_64.rpm 7cbe82073fd66b6303cf5ff1c6ab68de mes5/x86_64/php-ctype-5.2.6-18.7mdvmes5.x86_64.rpm 9c47d93e840043598e9cd5f576560ed3 mes5/x86_64/php-curl-5.2.6-18.7mdvmes5.x86_64.rpm 0e7255cfb15c5452ad763cfc4017f2f3 mes5/x86_64/php-dba-5.2.6-18.7mdvmes5.x86_64.rpm 992c5fe0d793dc8c936503de3c2945b1 mes5/x86_64/php-dbase-5.2.6-18.7mdvmes5.x86_64.rpm 05880b78b3b1fa26059a74565124abf0 mes5/x86_64/php-devel-5.2.6-18.7mdvmes5.x86_64.rpm 563bee135193e0214f4c906d0fb2899a mes5/x86_64/php-dom-5.2.6-18.7mdvmes5.x86_64.rpm 2219d16f5954717d51b71be2a3bb09ac mes5/x86_64/php-exif-5.2.6-18.7mdvmes5.x86_64.rpm b714d2c2ab5069169140f61b714ad4fd mes5/x86_64/php-fcgi-5.2.6-18.7mdvmes5.x86_64.rpm 1bc340880d9d62d6ae3ff1c0eb055270 mes5/x86_64/php-filter-5.2.6-18.7mdvmes5.x86_64.rpm 6d72a0e41a9e617401daaa3e150699e5 mes5/x86_64/php-ftp-5.2.6-18.7mdvmes5.x86_64.rpm aad73b613cd87ef786fd97b69c357ac2 mes5/x86_64/php-gd-5.2.6-18.7mdvmes5.x86_64.rpm d36f9ccabf708a37e1e37f1112bbf355 mes5/x86_64/php-gettext-5.2.6-18.7mdvmes5.x86_64.rpm d387456545e32b725cdd92ecc984ec5d mes5/x86_64/php-gmp-5.2.6-18.7mdvmes5.x86_64.rpm 1acf6be0808c25f2a28dcf267cc84026 mes5/x86_64/php-hash-5.2.6-18.7mdvmes5.x86_64.rpm 7cc7619527c23f3da6eff6e866ba2ebe mes5/x86_64/php-iconv-5.2.6-18.7mdvmes5.x86_64.rpm 4569552f683d09f59d9a6bf4bbe690a2 mes5/x86_64/php-imap-5.2.6-18.7mdvmes5.x86_64.rpm 8530229a65ac38d307c64e514a65e30c mes5/x86_64/php-json-5.2.6-18.7mdvmes5.x86_64.rpm 58ea07b3b9ade7ed21cc7a29261dc336 mes5/x86_64/php-ldap-5.2.6-18.7mdvmes5.x86_64.rpm 9df7aa87edc7da3175eb546c63957f01 mes5/x86_64/php-mbstring-5.2.6-18.7mdvmes5.x86_64.rpm b7ed3515e8c76b5e3a2b29a51cf6f303 mes5/x86_64/php-mcrypt-5.2.6-18.7mdvmes5.x86_64.rpm 524009342b4849cd1a2ff155bbe80110 mes5/x86_64/php-mhash-5.2.6-18.7mdvmes5.x86_64.rpm b6e1fe7c644af19aaf5f62cbd526a13f mes5/x86_64/php-mime_magic-5.2.6-18.7mdvmes5.x86_64.rpm fec49dba905b0d9ec4ab5e7340c5ee84 mes5/x86_64/php-ming-5.2.6-18.7mdvmes5.x86_64.rpm 2a5e29d2674e99fe7774d75aba506841 mes5/x86_64/php-mssql-5.2.6-18.7mdvmes5.x86_64.rpm 59fb599962b7e95b755e1103eb3ebab0 mes5/x86_64/php-mysql-5.2.6-18.7mdvmes5.x86_64.rpm 847b10df69452a8682e84920071fbfa1 mes5/x86_64/php-mysqli-5.2.6-18.7mdvmes5.x86_64.rpm e09d8f5ddaf783baabe3e7031169fbc0 mes5/x86_64/php-ncurses-5.2.6-18.7mdvmes5.x86_64.rpm a8d8f6f24ad6b375200eac7620b70199 mes5/x86_64/php-odbc-5.2.6-18.7mdvmes5.x86_64.rpm befad702b7f25e399de66bf7210ee9a9 mes5/x86_64/php-openssl-5.2.6-18.7mdvmes5.x86_64.rpm 108bfdeed8dfb9ee10f626747e19b642 mes5/x86_64/php-pcntl-5.2.6-18.7mdvmes5.x86_64.rpm b430e138d6377df31bb344e7fdfb01e2 mes5/x86_64/php-pdo-5.2.6-18.7mdvmes5.x86_64.rpm fa0ad35f530342c7d4a647083b3bd8b8 mes5/x86_64/php-pdo_dblib-5.2.6-18.7mdvmes5.x86_64.rpm 94c9ebeab2a46fcd91c75773cb67e66a mes5/x86_64/php-pdo_mysql-5.2.6-18.7mdvmes5.x86_64.rpm b552b7089317ab6d00cdaca033e9a10b mes5/x86_64/php-pdo_odbc-5.2.6-18.7mdvmes5.x86_64.rpm ece9f0fc3b49cb9e5407d954f249b77b mes5/x86_64/php-pdo_pgsql-5.2.6-18.7mdvmes5.x86_64.rpm 050ceb9dad2e6e4f6f68abc8b81c2dd5 mes5/x86_64/php-pdo_sqlite-5.2.6-18.7mdvmes5.x86_64.rpm fc491cd864973d819661bcc68b631722 mes5/x86_64/php-pgsql-5.2.6-18.7mdvmes5.x86_64.rpm ff61efe07ac8ca4c8ba27bea69b54237 mes5/x86_64/php-posix-5.2.6-18.7mdvmes5.x86_64.rpm 71b72c87e39c11d169a93be5efb1e717 mes5/x86_64/php-pspell-5.2.6-18.7mdvmes5.x86_64.rpm b164bf0494f5c665199ea77ed5ee54b8 mes5/x86_64/php-readline-5.2.6-18.7mdvmes5.x86_64.rpm 7ed47dc225cd90d6175d856247a1f318 mes5/x86_64/php-recode-5.2.6-18.7mdvmes5.x86_64.rpm db43f14bdfe4df39bfc11e7c7b83fc7e mes5/x86_64/php-session-5.2.6-18.7mdvmes5.x86_64.rpm 4c1b910a4fcbd027b5b7137a42321916 mes5/x86_64/php-shmop-5.2.6-18.7mdvmes5.x86_64.rpm 1e41b6c93ee5ff3e28304d95f1d59773 mes5/x86_64/php-snmp-5.2.6-18.7mdvmes5.x86_64.rpm 6b7c1b20f9f8dcf8a1c58ff3c8cd5794 mes5/x86_64/php-soap-5.2.6-18.7mdvmes5.x86_64.rpm df701571bb2cc9273d6f2a9b87a50f4e mes5/x86_64/php-sockets-5.2.6-18.7mdvmes5.x86_64.rpm a32976d038a3c425149a0f865c715cb2 mes5/x86_64/php-sqlite-5.2.6-18.7mdvmes5.x86_64.rpm 6c63b0c429ce16df11f1caa2d84a8e2d mes5/x86_64/php-sybase-5.2.6-18.7mdvmes5.x86_64.rpm 61268adcfced193dfeae341c821299e6 mes5/x86_64/php-sysvmsg-5.2.6-18.7mdvmes5.x86_64.rpm c0e6b02dd1c3983391e54e4d77cb8353 mes5/x86_64/php-sysvsem-5.2.6-18.7mdvmes5.x86_64.rpm 72597bf4617f093bfffbc7c9ef54e6c4 mes5/x86_64/php-sysvshm-5.2.6-18.7mdvmes5.x86_64.rpm 463dc06fab74bb5cda9b745710dad478 mes5/x86_64/php-tidy-5.2.6-18.7mdvmes5.x86_64.rpm 7deead9c4a5b61c92721e62d610aeb8c mes5/x86_64/php-tokenizer-5.2.6-18.7mdvmes5.x86_64.rpm 114c9fdd121e758f691589845ea0ebc2 mes5/x86_64/php-wddx-5.2.6-18.7mdvmes5.x86_64.rpm b28d24edfb2ca5f7818634dbdd20d688 mes5/x86_64/php-xml-5.2.6-18.7mdvmes5.x86_64.rpm 493ade3ce3b8fed7ac359425be3b657b mes5/x86_64/php-xmlreader-5.2.6-18.7mdvmes5.x86_64.rpm 5eb0d96ef06159397cbbfe9495632dc9 mes5/x86_64/php-xmlrpc-5.2.6-18.7mdvmes5.x86_64.rpm 9ce170710f55e6e911ec2907d517dcd9 mes5/x86_64/php-xmlwriter-5.2.6-18.7mdvmes5.x86_64.rpm 072b0cb626bac82b45569ac5a3d34a56 mes5/x86_64/php-xsl-5.2.6-18.7mdvmes5.x86_64.rpm c113df0457277c9f76b67750746e98f6 mes5/x86_64/php-zlib-5.2.6-18.7mdvmes5.x86_64.rpm bac4a30648399229f6e990c3f5fe740f mes5/SRPMS/php-5.2.6-18.7mdvmes5.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKb0MsmqjQ0CJFipgRAoWHAJ4kWkPMTIHKkuWcmTO9wwkeJDP/cACePJAd D9SSQgou/Mz0JazVs8xGHZM= =wTRP -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/