Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2006:144 ] - Updated php packages fix vulnerability
From: security () mandriva com
Date: Mon, 21 Aug 2006 15:59:00 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:144
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : php
 Date    : August 21, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was discovered in the sscanf function that could allow
 attackers in certain circumstances to execute arbitrary code via
 argument swapping which incremented an index past the end of an array
 and triggered a buffer over-read.
 
 Updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 c4156de63b5b04c72129e275184c8589  2006.0/RPMS/libphp5_common5-5.0.4-9.13.20060mdk.i586.rpm
 d8a272fb6115fcb185bf273307cfa945  2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.i586.rpm
 1cdca894d3ec7810c031329bf9b022b5  2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.i586.rpm
 5729200eecf5a7e8e7113f4b43116723  2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.i586.rpm
 8fa33cfb6ccdd669f27ba1686db24fcd  2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.i586.rpm
 60462a513b931f23a15d7b4e6af9af90  2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 a05922ab7f687dbe9cd74b5546e2ec4f  x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.13.20060mdk.x86_64.rpm
 00599ac74cb16ef47988addae1a01e94  x86_64/2006.0/RPMS/php-cgi-5.0.4-9.13.20060mdk.x86_64.rpm
 0b4ff38a92b2ddf41a25abe1155b6bb8  x86_64/2006.0/RPMS/php-cli-5.0.4-9.13.20060mdk.x86_64.rpm
 39eda4d79d65a2ce4f0f9b8d2f66414d  x86_64/2006.0/RPMS/php-devel-5.0.4-9.13.20060mdk.x86_64.rpm
 be71b05ae1fdb0a38bd5a5831cdb7b2f  x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.13.20060mdk.x86_64.rpm
 60462a513b931f23a15d7b4e6af9af90  x86_64/2006.0/SRPMS/php-5.0.4-9.13.20060mdk.src.rpm

 Corporate 3.0:
 e78d38e4f23349aef5fd8fb0ce21f9ed  corporate/3.0/RPMS/libphp_common432-4.3.4-4.19.C30mdk.i586.rpm
 e02ce53ce1a53d1d2868c7751bfdb4e5  corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.i586.rpm
 f911c1968c8c4600e304da4cbf6cd91b  corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.i586.rpm
 1555db6b00d118207bb07ef987dea7d0  corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.i586.rpm
 cac345df4a30ed6668aae005b88c5469  corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1af2ab4b349ba0e751716a915b2da80c  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.19.C30mdk.x86_64.rpm
 ba056de7a5bc14e1d013b64bd83cd765  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.19.C30mdk.x86_64.rpm
 d15a90260a0b2d0a5b9c3d5a24e18b93  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.19.C30mdk.x86_64.rpm
 ab47db1054598cd47994044be0d58f2a  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.19.C30mdk.x86_64.rpm
 cac345df4a30ed6668aae005b88c5469  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.19.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 c148d89f0bf1c0f6079fe83ef6718402  mnf/2.0/RPMS/libphp_common432-4.3.4-4.19.M20mdk.i586.rpm
 1697ade79fd11a329c68b3ed525facf5  mnf/2.0/RPMS/php432-devel-4.3.4-4.19.M20mdk.i586.rpm
 f1085937ffe9b8f77cb9ce0d5f6f6e51  mnf/2.0/RPMS/php-cgi-4.3.4-4.19.M20mdk.i586.rpm
 85065b170be58a5d6b7248cef13e2404  mnf/2.0/RPMS/php-cli-4.3.4-4.19.M20mdk.i586.rpm
 80d16af425dc23129b0bf396344f83d5  mnf/2.0/SRPMS/php-4.3.4-4.19.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE6f+7mqjQ0CJFipgRAgO4AKCmZjvytxb9tyay3hAE/j1rL94SbgCgrwcv
tfGZbize4boWnozuGCE0KRc=
=umgx
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2006:144 ] - Updated php packages fix vulnerability security (Aug 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]