Home page logo
/

bugtraq logo Bugtraq mailing list archives

[RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11]
From: bugzilla () redhat com
Date: Fri, 22 Mar 2002 11:23 -0500

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated PHP packages are available [updated 2002-Mar-11]
Advisory ID:       RHSA-2002:035-18
Issue date:        2002-02-27
Updated on:        2002-03-21
Product:           Red Hat Linux
Keywords:          PHP remote exploit mulitpart MIME
Cross references:  
Obsoletes:         RHSA-2000:088 RHSA-2000:136
---------------------------------------------------------------------

1. Topic:

Updated PHP packages are available to fix vulnerabilities in the functions
that parse multipart MIME data, which are used when uploading files
through forms.

This revised advisory contains updated packages for Red Hat Linux 7, 7.1,
and 7.2.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386, ia64

Red Hat Linux 7.2 - i386, ia64, s390

3. Problem description:

PHP is an HTML-embeddable scripting language.  A number of flaws have been
found in the way PHP handles multipart/form-data POST requests.  Each of
these flaws could allow an attacker to execute arbitrary code on the remote
system.

PHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an
arbitrary heap overflow (easy to exploit).  These versions of PHP were
shipped with Red Hat Linux 6.2.
   
PHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a
heap-off-by-one (easy to exploit).  These versions of PHP were shipped with 
Red Hat Linux 7.0.

PHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one
hard to exploit).  These versions of PHP were shipped with Red Hat Linux
7.1 and as erratas to 7.0.

PHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).
These versions of PHP were shipped with Red Hat Linux 7.2
      
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0081 to this issue.

If you are running PHP 4.0.3 or above, one way to work around these bugs is
to disable the fileupload support within your php.ini file (by setting
file_uploads = Off).

All users of PHP are advised to immediately upgrade to these errata
packages which close these vulnerabilities.

A previous version of this erratum included a version of the MySQL
extension which was compiled with an incorrect default pathname for the
socket used to connect to database servers residing on the local host.

This setting corresponds to the mysql.default_socket setting in the
/etc/php.ini file, and can also be corrected there.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After applying these updates you will need to restart your web server if it
was running before the update was applied.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/php-3.0.18-8.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/php-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/php-4.0.6-13.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/php-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-devel-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-imap-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-ldap-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-manual-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-mysql-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-odbc-4.0.6-13.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-pgsql-4.0.6-13.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/php-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-devel-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-imap-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-ldap-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-manual-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-mysql-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-odbc-4.0.6-13.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-pgsql-4.0.6-13.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/php-4.0.6-14.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/php-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-devel-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-imap-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-ldap-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-manual-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-mysql-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-odbc-4.0.6-14.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-pgsql-4.0.6-14.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/php-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-devel-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-imap-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-ldap-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-manual-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-mysql-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-odbc-4.0.6-14.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-pgsql-4.0.6-14.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/php-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-devel-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-imap-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-ldap-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-manual-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-mysql-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-odbc-4.0.6-14.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-pgsql-4.0.6-14.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/php-4.0.6-15.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/php-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-devel-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-imap-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-ldap-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-manual-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-mysql-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-odbc-4.0.6-15.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-pgsql-4.0.6-15.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/php-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-devel-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-imap-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-ldap-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-manual-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-mysql-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-odbc-4.0.6-15.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-pgsql-4.0.6-15.ia64.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
f07b6317aee9ade09625a8166641edc7 6.2/en/os/SRPMS/php-3.0.18-8.src.rpm
c56a2c896756ce982e14b329ee122c97 6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
1a14f54cf642e41b6474f7bd8d89b4b7 6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
90244d18f76ce2f254e946edcb28e4b9 6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm
7b05bacc07896a17866cbe73b9c37eba 6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
1266ab137b0fb24e7447683e9100c501 6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
f4219464571e14737e1e5e3d414ae5d2 6.2/en/os/i386/php-3.0.18-8.i386.rpm
9e4250f304c8832a0d0e99d98109f59c 6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
31630b40f901d1617cfe0fce4a2e14df 6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm
78ade58fa6517548264f21996bf799a3 6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
c4985d7263824fd4c837f997605afff2 6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
08e4722c97645d8bde860ff0b9dbb48c 6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
17d9aaac1927e3dd631dfd26fd75e25e 6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
4f9a316f188315dddc6d2d7b3f643abc 6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm
f7783e877972c2cd4a8c91574fef4655 6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
b2ac8533b51b8a63db12cee2e334bc70 6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
bb29d69be271e9392ac5d7927bb5898b 7.0/en/os/SRPMS/php-4.0.6-13.src.rpm
0b712264f703cbeb1ec8bfd4aef472fc 7.0/en/os/alpha/php-4.0.6-13.alpha.rpm
6ad1e3760f43c0bc6565aeb0e3e893c4 7.0/en/os/alpha/php-devel-4.0.6-13.alpha.rpm
a591f97833ef17101dcdf4d3a83afca8 7.0/en/os/alpha/php-imap-4.0.6-13.alpha.rpm
71c2a9c5ac2110886a40fc95531bbc9b 7.0/en/os/alpha/php-ldap-4.0.6-13.alpha.rpm
0340411a93de40a1adf9399cf4250f98 7.0/en/os/alpha/php-manual-4.0.6-13.alpha.rpm
a867a755350bdb973ca9bb6715d8ee02 7.0/en/os/alpha/php-mysql-4.0.6-13.alpha.rpm
85f509ab6df2eeff3598ee83a00a4894 7.0/en/os/alpha/php-odbc-4.0.6-13.alpha.rpm
00181ed29d93b2b58b0b80898c15b4db 7.0/en/os/alpha/php-pgsql-4.0.6-13.alpha.rpm
af89043ea355c15f56b956851d0aa4d5 7.0/en/os/i386/php-4.0.6-13.i386.rpm
df120a36632bfefed5e8214c103153c8 7.0/en/os/i386/php-devel-4.0.6-13.i386.rpm
954c496e71a391754431e604fea27d3a 7.0/en/os/i386/php-imap-4.0.6-13.i386.rpm
fe6a47d82357ff4b2f2ecb3c4b5b9263 7.0/en/os/i386/php-ldap-4.0.6-13.i386.rpm
6494c2fe238beb90e8f5d374bef78b82 7.0/en/os/i386/php-manual-4.0.6-13.i386.rpm
c9756317b0164b5a9eb4e598233f6603 7.0/en/os/i386/php-mysql-4.0.6-13.i386.rpm
0d219a74f9a603faa6bec0d6cae404ff 7.0/en/os/i386/php-odbc-4.0.6-13.i386.rpm
b31f9833aa9de5fb146bd7b0d83d3447 7.0/en/os/i386/php-pgsql-4.0.6-13.i386.rpm
744b77f8a3cc55a27d4d60ab7981c535 7.1/en/os/SRPMS/php-4.0.6-14.src.rpm
c050178fb44e084ff22c5df45313e4c5 7.1/en/os/alpha/php-4.0.6-14.alpha.rpm
20aec96fa6f11d258e7341364c7267fe 7.1/en/os/alpha/php-devel-4.0.6-14.alpha.rpm
0efbcddd0fece2113f11b4d73ed8fe7d 7.1/en/os/alpha/php-imap-4.0.6-14.alpha.rpm
4c312b08af6779ec7d232f6d5ee48110 7.1/en/os/alpha/php-ldap-4.0.6-14.alpha.rpm
46847ebec323ce1eee75f94a5e211ff9 7.1/en/os/alpha/php-manual-4.0.6-14.alpha.rpm
59ef323131bed33623b9e1fba289ed2f 7.1/en/os/alpha/php-mysql-4.0.6-14.alpha.rpm
9fbcb899edc3541018ec122c40576ff5 7.1/en/os/alpha/php-odbc-4.0.6-14.alpha.rpm
e278989038dc0f87936569846aa293fc 7.1/en/os/alpha/php-pgsql-4.0.6-14.alpha.rpm
dc1140d7f7b18781d672e309dd7ca04b 7.1/en/os/i386/php-4.0.6-14.i386.rpm
fa4b579888995b6573e7a73804158f96 7.1/en/os/i386/php-devel-4.0.6-14.i386.rpm
1263d98ba75ec5ca1e65d48bd368379d 7.1/en/os/i386/php-imap-4.0.6-14.i386.rpm
74efc20c094b707be855dabaf2add1f4 7.1/en/os/i386/php-ldap-4.0.6-14.i386.rpm
cbc44ab6b2fc44a02494bf2471919961 7.1/en/os/i386/php-manual-4.0.6-14.i386.rpm
5d495b80a74f66322a47fd944966f279 7.1/en/os/i386/php-mysql-4.0.6-14.i386.rpm
b354335acc5b940d2f0e738fc4787be6 7.1/en/os/i386/php-odbc-4.0.6-14.i386.rpm
d077d9fa21dadb3c057678230b3074c0 7.1/en/os/i386/php-pgsql-4.0.6-14.i386.rpm
3228e983d9ddc1d489a842530b89d243 7.1/en/os/ia64/php-4.0.6-14.ia64.rpm
4833f11cffa29e2ddb875363e5b3f251 7.1/en/os/ia64/php-devel-4.0.6-14.ia64.rpm
47b48d59b575a9b575d611e0f172b7aa 7.1/en/os/ia64/php-imap-4.0.6-14.ia64.rpm
e4332a1b20a06ed9fb8f81fde2cc804b 7.1/en/os/ia64/php-ldap-4.0.6-14.ia64.rpm
6f7f723ee3f53ffca3f3d5ff45019b79 7.1/en/os/ia64/php-manual-4.0.6-14.ia64.rpm
3724f9d8d8f4d220346863a88de13d76 7.1/en/os/ia64/php-mysql-4.0.6-14.ia64.rpm
4b8f83a823e31ed823a3140a760483ff 7.1/en/os/ia64/php-odbc-4.0.6-14.ia64.rpm
3f3331675054fddb9da31bf86b0c5547 7.1/en/os/ia64/php-pgsql-4.0.6-14.ia64.rpm
66ecdcea3196a94160ce6cdbc2ddc4d6 7.2/en/os/SRPMS/php-4.0.6-15.src.rpm
39ba1ae47d084733ed62d13bdc2c94c7 7.2/en/os/i386/php-4.0.6-15.i386.rpm
78b159fdd343e51f94999702535b0ea7 7.2/en/os/i386/php-devel-4.0.6-15.i386.rpm
ee99d2eef98e265a3bbf8f8a7560aae2 7.2/en/os/i386/php-imap-4.0.6-15.i386.rpm
71e442a419d01253b28e153bb8c0e14d 7.2/en/os/i386/php-ldap-4.0.6-15.i386.rpm
dfe7acedf564e7870ec6ae2a5ba35cea 7.2/en/os/i386/php-manual-4.0.6-15.i386.rpm
79c7dd197bd32308cd6fde471ab6ecf9 7.2/en/os/i386/php-mysql-4.0.6-15.i386.rpm
6f361675b3abdf2a0217e1060102b4d3 7.2/en/os/i386/php-odbc-4.0.6-15.i386.rpm
d4fed68c16d30a4bc8a810ffa1e38f47 7.2/en/os/i386/php-pgsql-4.0.6-15.i386.rpm
f4576c3f1337e53762cb5faa3f6c1d50 7.2/en/os/ia64/php-4.0.6-15.ia64.rpm
206f11bcc8a84d18b742f3e1200bf284 7.2/en/os/ia64/php-devel-4.0.6-15.ia64.rpm
68320556a17082261578fca3b7b8cb83 7.2/en/os/ia64/php-imap-4.0.6-15.ia64.rpm
dfe2bf8b9ed61589e43acf87d4d37c22 7.2/en/os/ia64/php-ldap-4.0.6-15.ia64.rpm
bf8af9aa9891e0491bd5e4e3d22ae821 7.2/en/os/ia64/php-manual-4.0.6-15.ia64.rpm
971ba2e0d2fdec91d80bb7337a7f7b9f 7.2/en/os/ia64/php-mysql-4.0.6-15.ia64.rpm
d6f5e5077ba72d94a21479923382cfe4 7.2/en/os/ia64/php-odbc-4.0.6-15.ia64.rpm
9141daf011bb0bd53543214cb438bbc8 7.2/en/os/ia64/php-pgsql-4.0.6-15.ia64.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://security.e-matters.de/advisories/012002.html
http://www.kb.cert.org/vuls/id/297363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.


  By Date           By Thread  

Current thread:
  • [RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11] bugzilla (Mar 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault