Home page logo
/

bugtraq logo Bugtraq mailing list archives

[ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities
From: security () mandriva com
Date: Tue, 17 Oct 2006 18:32:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:185
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : October 17, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass
 certain Apache HTTP Server httpd.conf options, such as safe_mode and
 open_basedir, via the ini_restore function, which resets the values to
 their php.ini (Master Value) defaults. (CVE-2006-4625)

 A race condition in the symlink function in PHP 5.1.6 and earlier
 allows local users to bypass the open_basedir restriction by using a
 combination of symlink, mkdir, and unlink functions to change the file
 path after the open_basedir check and before the file is opened by the
 underlying system, as demonstrated by symlinking a symlink into a
 subdirectory, to point to a parent directory via .. (dot dot)
 sequences, and then unlinking the resulting symlink. (CVE-2006-5178)

 Because the design flaw cannot be solved it is strongly recommended to
 disable the symlink() function if you are using the open_basedir
 feature. You can achieve that by adding symlink to the list of disabled
 functions within your php.ini:  disable_functions=...,symlink

 The updated packages do not alter the system php.ini.

 Updated packages have been patched to correct the CVE-2006-4625 issue.
 Users must restart Apache for the changes to take effect.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 7b9ad6634f3b5307025b87ad98561bd4  2006.0/i586/libphp5_common5-5.0.4-9.16.20060mdk.i586.rpm
 0d8236ff100de2f5302823d5ba5b2352  2006.0/i586/php-cgi-5.0.4-9.16.20060mdk.i586.rpm
 2a571c3bce931c414c23cf60a7adf794  2006.0/i586/php-cli-5.0.4-9.16.20060mdk.i586.rpm
 1b5cc543c1274843eaa00e72d9ee0862  2006.0/i586/php-devel-5.0.4-9.16.20060mdk.i586.rpm
 7c1c90f460b51eb7675f9fa297e49db6  2006.0/i586/php-fcgi-5.0.4-9.16.20060mdk.i586.rpm 
 017578a23304ae4f57d24de3d3f15cd8  2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 2a059bc5330467dbeba77ea79b647874  2006.0/x86_64/lib64php5_common5-5.0.4-9.16.20060mdk.x86_64.rpm
 3a59479574575a357e841abfbce8b143  2006.0/x86_64/php-cgi-5.0.4-9.16.20060mdk.x86_64.rpm
 75e164fa3b7be5cd31d89c14e97abc7c  2006.0/x86_64/php-cli-5.0.4-9.16.20060mdk.x86_64.rpm
 247d30753dfd7905dd551acddfe9ec38  2006.0/x86_64/php-devel-5.0.4-9.16.20060mdk.x86_64.rpm
 30c793f9c493c8f75d554b9831adcc41  2006.0/x86_64/php-fcgi-5.0.4-9.16.20060mdk.x86_64.rpm 
 017578a23304ae4f57d24de3d3f15cd8  2006.0/SRPMS/php-5.0.4-9.16.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 6fe8562e783fc7ba1ffe6004747f6ea1  2007.0/i586/libphp5_common5-5.1.6-1.2mdv2007.0.i586.rpm
 9535734bceebf3f5866d88df9ce13416  2007.0/i586/php-cgi-5.1.6-1.2mdv2007.0.i586.rpm
 9c205cc11ea4bd566528cf484da6a799  2007.0/i586/php-cli-5.1.6-1.2mdv2007.0.i586.rpm
 ea9d3720bab8912cedb03ba031448f02  2007.0/i586/php-devel-5.1.6-1.2mdv2007.0.i586.rpm
 dbfdb03f5d8959305a74bee6d01f87bb  2007.0/i586/php-fcgi-5.1.6-1.2mdv2007.0.i586.rpm 
 7576b12cb3591dbc2ccda6a364ad78a0  2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1d5b9358b862e3d5a329d9e8dfdca7d6  2007.0/x86_64/lib64php5_common5-5.1.6-1.2mdv2007.0.x86_64.rpm
 e761594b551c9416d3c525acd3404ec9  2007.0/x86_64/php-cgi-5.1.6-1.2mdv2007.0.x86_64.rpm
 e33c203f34d05200eae7e807eb55db06  2007.0/x86_64/php-cli-5.1.6-1.2mdv2007.0.x86_64.rpm
 8ff2c627456c5be71a49fe9713d7a04b  2007.0/x86_64/php-devel-5.1.6-1.2mdv2007.0.x86_64.rpm
 251c46935c1137cec958766aef5940ee  2007.0/x86_64/php-fcgi-5.1.6-1.2mdv2007.0.x86_64.rpm 
 7576b12cb3591dbc2ccda6a364ad78a0  2007.0/SRPMS/php-5.1.6-1.2mdv2007.0.src.rpm

 Corporate 3.0:
 94d92ba1402025e29384e46c1e1d8417  corporate/3.0/i586/libphp_common432-4.3.4-4.21.C30mdk.i586.rpm
 24b459dc2a595622306ffa6dd81110eb  corporate/3.0/i586/php432-devel-4.3.4-4.21.C30mdk.i586.rpm
 dbcf46a2ea6ec148aef9def41559cb2c  corporate/3.0/i586/php-cgi-4.3.4-4.21.C30mdk.i586.rpm
 c20d060d73d89bab88e20a1d2b7eb317  corporate/3.0/i586/php-cli-4.3.4-4.21.C30mdk.i586.rpm 
 2f30a3b70a2a71033239ab9f1a225007  corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6a8d26121ca42d6412027e782ab3155e  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.21.C30mdk.x86_64.rpm
 f57e2926bd5720c4a701c30eff89c3d9  corporate/3.0/x86_64/php432-devel-4.3.4-4.21.C30mdk.x86_64.rpm
 6bc7d2d669a7de8488a916daca0f9537  corporate/3.0/x86_64/php-cgi-4.3.4-4.21.C30mdk.x86_64.rpm
 36a84a2b19392ac8fc233f284fefd4b1  corporate/3.0/x86_64/php-cli-4.3.4-4.21.C30mdk.x86_64.rpm 
 2f30a3b70a2a71033239ab9f1a225007  corporate/3.0/SRPMS/php-4.3.4-4.21.C30mdk.src.rpm

 Corporate 4.0:
 9a16fa6647a207b0b1bb83d3ffa9c0a7  corporate/4.0/i586/libphp4_common4-4.4.4-1.1.20060mlcs4.i586.rpm
 cf05e55a175a6ef9082f921138e075d8  corporate/4.0/i586/libphp5_common5-5.1.6-1.1.20060mlcs4.i586.rpm
 e21a56860c5b39ad4d0a973d0b5c04ae  corporate/4.0/i586/php4-cgi-4.4.4-1.1.20060mlcs4.i586.rpm
 80ace134c6d464d2eae73f412792f824  corporate/4.0/i586/php4-cli-4.4.4-1.1.20060mlcs4.i586.rpm
 41eb1b206d4ee9fc4e7a9536fe736e71  corporate/4.0/i586/php4-devel-4.4.4-1.1.20060mlcs4.i586.rpm
 59f2320d9b1a149bde3addd9e6cd6f62  corporate/4.0/i586/php-cgi-5.1.6-1.1.20060mlcs4.i586.rpm
 20a49834ba864b820956b8758cecbfe4  corporate/4.0/i586/php-cli-5.1.6-1.1.20060mlcs4.i586.rpm
 a02cc4ffa1999da4ee3479b0af25972b  corporate/4.0/i586/php-devel-5.1.6-1.1.20060mlcs4.i586.rpm
 4e4d849a1af4e2d74175ee0492585472  corporate/4.0/i586/php-fcgi-5.1.6-1.1.20060mlcs4.i586.rpm 
 8d0b699e033d7032f7a7395c09db0d8d  corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
 ebb91921a4759e8f8c796a76b19903e0  corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 88081e7ca8787e0c3a28bf09b8a3b276  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.1.20060mlcs4.x86_64.rpm
 06b0f4c04cc26c495421ad45dd54fbef  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.1.20060mlcs4.x86_64.rpm
 a978e89b61aebec8ab614f5fae97610b  corporate/4.0/x86_64/php4-cgi-4.4.4-1.1.20060mlcs4.x86_64.rpm
 f63d42fbfadba50cc664e6e1d45cd75b  corporate/4.0/x86_64/php4-cli-4.4.4-1.1.20060mlcs4.x86_64.rpm
 8ffc4994ae4916f3f02affe22e34506d  corporate/4.0/x86_64/php4-devel-4.4.4-1.1.20060mlcs4.x86_64.rpm
 973b5ad29c8824382bdc590938275edb  corporate/4.0/x86_64/php-cgi-5.1.6-1.1.20060mlcs4.x86_64.rpm
 db0a9003ca5f6a0a45e480755a32a6c9  corporate/4.0/x86_64/php-cli-5.1.6-1.1.20060mlcs4.x86_64.rpm
 18aa080e3686268e6127857c354cda6a  corporate/4.0/x86_64/php-devel-5.1.6-1.1.20060mlcs4.x86_64.rpm
 f3a6f93b353b9d4bdbf45f0d90b31d3f  corporate/4.0/x86_64/php-fcgi-5.1.6-1.1.20060mlcs4.x86_64.rpm 
 8d0b699e033d7032f7a7395c09db0d8d  corporate/4.0/SRPMS/php4-4.4.4-1.1.20060mlcs4.src.rpm
 ebb91921a4759e8f8c796a76b19903e0  corporate/4.0/SRPMS/php-5.1.6-1.1.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 0658393ea4e410043f9870bd7c501c94  mnf/2.0/i586/libphp_common432-4.3.4-4.21.M20mdk.i586.rpm
 bd00bdb12dd43728047dff4eda4e31bf  mnf/2.0/i586/php432-devel-4.3.4-4.21.M20mdk.i586.rpm
 d7a103f7ec687688b117d1ed1193ef47  mnf/2.0/i586/php-cgi-4.3.4-4.21.M20mdk.i586.rpm
 872e6981783ce2afe256210322997b5c  mnf/2.0/i586/php-cli-4.3.4-4.21.M20mdk.i586.rpm 
 30afbb282708f88fb06eb0b1fd2ae371  mnf/2.0/SRPMS/php-4.3.4-4.21.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFNUjRmqjQ0CJFipgRApJUAJ9tTYAQ3Wj018j10ZTPcIUPDwtVugCfWFmO
+bWFp+FLdKuvZ40LZXLJLFk=
=ZsnD
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • [ MDKSA-2006:185 ] - Updated php packages to address multiple vulnerabilities security (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]