[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 304/05 - Two Mandriva Linux Update Advisories:
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 304/05 dated 19.04.05 Time: 14:20
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
Two Mandriva Linux Update Advisories:
1. MDKA-2005:017 - kdelibs
2. MDKSA-2005:072 - php
Detail
======
1. New kdelibs packages are available to address various bugs.
2. A number of vulnerabilities are addressed in this PHP update
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKA-2005:017
Date: April 18th, 2005
Affected versions: 10.1
______________________________________________________________________
Problem Description:
New kdelibs packages are available to address various bugs. The details
are as follows.
- fix webdav+auth
- Don't crash when js is disable
- fix khtml kde bug #86973
- fix khtml kde bug #76434
- fix khtml kde bug #66591
- fix khtml kde bug #93035
- fix khtml kde bug #81393
- fix khtml kde bug #88727
- fix khtml kde bug #99854
_______________________________________________________________________
References:
http://bugs.kde.org/show_bug.cgi?id=86973
http://bugs.kde.org/show_bug.cgi?id=76434
http://bugs.kde.org/show_bug.cgi?id=66591
http://bugs.kde.org/show_bug.cgi?id=93035
http://bugs.kde.org/show_bug.cgi?id=81393
http://bugs.kde.org/show_bug.cgi?id=88727
http://bugs.kde.org/show_bug.cgi?id=99854
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
f0ca804f5fc66bd5e39aa98915d85680 10.1/RPMS/kdelibs-common-3.2.3-105.1.101mdk.i586.rpm
51fec0eac5d3302323da0a3d61214101 10.1/RPMS/libkdecore4-3.2.3-105.1.101mdk.i586.rpm
063b1f9ea4b36ca4913c58775b43f55d 10.1/RPMS/libkdecore4-devel-3.2.3-105.1.101mdk.i586.rpm
c5912ca74e5a7f872ce3cc38d5c72c35 10.1/SRPMS/kdelibs-3.2.3-105.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
f188e29aa6f57f4f57988b45c5cde004 x86_64/10.1/RPMS/kdelibs-common-3.2.3-105.1.101mdk.x86_64.rpm
d969156254ffbd929de5ce89b91a63af x86_64/10.1/RPMS/lib64kdecore4-3.2.3-105.1.101mdk.x86_64.rpm
f83c5dad20eaaaa7afaf9702a7bd519b x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-105.1.101mdk.x86_64.rpm
51fec0eac5d3302323da0a3d61214101 x86_64/10.1/RPMS/libkdecore4-3.2.3-105.1.101mdk.i586.rpm
c5912ca74e5a7f872ce3cc38d5c72c35 x86_64/10.1/SRPMS/kdelibs-3.2.3-105.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZGadmqjQ0CJFipgRAjgbAJ92cqD1DxuD+5adxhfJXBoB6boxtACeKfL2
Bevc42N+9E6Raokjwxon+Yo=
=DkWi
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: php
Advisory ID: MDKSA-2005:072
Date: April 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0,
Corporate Server 2.1
______________________________________________________________________
Problem Description:
A number of vulnerabilities are addressed in this PHP update:
Stefano Di Paolo discovered integer overflows in PHP's pack(),
unpack(), and shmop_write() functions which could allow a malicious
script to break out of safe mode and execute arbitray code with
privileges of the PHP interpreter (CAN-2004-1018; this was previously
fixed in Mandrakelinux >= 10.0 in MDKSA-2004:151).
Stefan Esser discovered two safe mode bypasses which would allow
malicious scripts to circumvent path restrictions by using
virtual_popen() with a current directory containing shell meta-
characters (CAN-2004-1063) or by creating a specially crafted
directory whose length exceeded the capacity of realpath()
(CAN-2004-1064; both of these were previously fixed in Mandrakelinux
>= 10.0 in MDKSA-2004:151).
Two Denial of Service vulnerabilities were found in the getimagesize()
function which uses the format-specific internal functions
php_handle_iff() and php_handle_jpeg() which would get stuck in
infinite loops when certain (invalid) size parameters are read from
the image (CAN-2005-0524 and CAN-2005-0525).
An integer overflow was discovered in the exif_process_IFD_TAG()
function in PHP's EXIF module. EXIF tags with a specially crafted
"Image File Directory" (IFD) tag would cause a buffer overflow which
could be exploited to execute arbitrary code with the privileges of
the PHP server (CAN-2005-1042).
Another vulnerability in the EXIF module was also discovered where
headers with a large IFD nesting level would cause an unbound
recursion which would eventually overflow the stack and cause the
executed program to crash (CAN-2004-1043).
All of these issues are addressed in the Corporate Server 2.1 packages
and the last three issues for all other platforms, which had
previously included the first two issues but had not been mentioned
in MDKSA-2004:151.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
f7d974aa23e07a33ffc28d24d57ae6d1 10.0/RPMS/libphp_common432-4.3.4-4.5.100mdk.i586.rpm
345a78284dee2a035f627e348e73923b 10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.i586.rpm
14a9a57cb05438a2b95ac47fa68755be 10.0/RPMS/php-cli-4.3.4-4.5.100mdk.i586.rpm
1d43beb4125253db8a9bdaaffec6abce 10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.i586.rpm
44a1aa8be7f1f56120568028d3cce0a0 10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
9651a95c09fef8db80f8d0455f1d4aae amd64/10.0/RPMS/lib64php_common432-4.3.4-4.5.100mdk.amd64.rpm
d883ef32f7f60531cf2be850d5e9dcba amd64/10.0/RPMS/php-cgi-4.3.4-4.5.100mdk.amd64.rpm
21f487c746312c589115e12b9ed0d13e amd64/10.0/RPMS/php-cli-4.3.4-4.5.100mdk.amd64.rpm
0a9e996779cc13cfa458c39aa6bf6472 amd64/10.0/RPMS/php432-devel-4.3.4-4.5.100mdk.amd64.rpm
44a1aa8be7f1f56120568028d3cce0a0 amd64/10.0/SRPMS/php-4.3.4-4.5.100mdk.src.rpm
Mandrakelinux 10.1:
f75cb008b1eafcce1167f487fd0742ef 10.1/RPMS/libphp_common432-4.3.8-3.3.101mdk.i586.rpm
6522017c3e097f22a37f293d765f4141 10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.i586.rpm
4ba9ade6db11e4035f73ede36e361ad7 10.1/RPMS/php-cli-4.3.8-3.3.101mdk.i586.rpm
63d4d58bbc3a01b89c688660be399af0 10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.i586.rpm
f4fe82b93cf84987b0787e297d5189de 10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
fb08286032f45020ecd96e07b0da51af x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.3.101mdk.x86_64.rpm
e1ae8214e11a7e62e987cde10e53c609 x86_64/10.1/RPMS/php-cgi-4.3.8-3.3.101mdk.x86_64.rpm
44c080a9d90e282da95b5d809e90df52 x86_64/10.1/RPMS/php-cli-4.3.8-3.3.101mdk.x86_64.rpm
d23e51652be1cb62f4704a5c4fe4a7a9 x86_64/10.1/RPMS/php432-devel-4.3.8-3.3.101mdk.x86_64.rpm
f4fe82b93cf84987b0787e297d5189de x86_64/10.1/SRPMS/php-4.3.8-3.3.101mdk.src.rpm
Mandrakelinux 10.2:
cc1f7f17fdcaf8dc87efcad94a241eca 10.2/RPMS/libphp_common432-4.3.10-7.1.102mdk.i586.rpm
3655f4254ca1ee329462e1f744533ed2 10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.i586.rpm
a6084914e21c0a5873d5b94bb914411f 10.2/RPMS/php-cli-4.3.10-7.1.102mdk.i586.rpm
41a0168e7a2fdb581b59e5550c02418f 10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.i586.rpm
2e3bf475cc0a73a2402d487e1bcaa741 10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
17130ea081a475bebce9ef1f4ea89c22 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.1.102mdk.x86_64.rpm
5b9712e9d2b3709243080eefe5f36037 x86_64/10.2/RPMS/php-cgi-4.3.10-7.1.102mdk.x86_64.rpm
6e77ec1f4a00e757e9144c798f86b465 x86_64/10.2/RPMS/php-cli-4.3.10-7.1.102mdk.x86_64.rpm
f55fc2c228f012266c55e830cc858698 x86_64/10.2/RPMS/php432-devel-4.3.10-7.1.102mdk.x86_64.rpm
2e3bf475cc0a73a2402d487e1bcaa741 x86_64/10.2/SRPMS/php-4.3.10-7.1.102mdk.src.rpm
Corporate Server 2.1:
f418349daa18087f1b2bd2d06d07a7d7 corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.i586.rpm
f55f290333af492f34104d1821ece93d corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.i586.rpm
ff25be7d53aa1f8efa1ac7ea06935c60 corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.i586.rpm
38a6771932090c0b49a495caa244047f corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.i586.rpm
57a79e60657b372524d7b8af3535cfe6 corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm
Corporate Server 2.1/X86_64:
0459cb20800a58b6ee41fc6ac2dc55b2 x86_64/corporate/2.1/RPMS/php-4.2.3-4.4.C21mdk.x86_64.rpm
462186f5005cafbfe66dd99cb9110e30 x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.4.C21mdk.x86_64.rpm
5f6c49093da250595d27917455fff5bd x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.4.C21mdk.x86_64.rpm
5fb114b6761fcd231cbbbfde6e41252d x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.4.C21mdk.x86_64.rpm
57a79e60657b372524d7b8af3535cfe6 x86_64/corporate/2.1/SRPMS/php-4.2.3-4.4.C21mdk.src.rpm
Corporate 3.0:
eab4aa42fbd404630d0eb350ea17efd1 corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm
3138545d861d0c28acc81f77424e95c5 corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm
b26d65545512c6698cfb5d3280961677 corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm
6bfa6303f2f8a52c963f9df4bf59c639 corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm
9f017d501ff162d276b0e2832468a5c8 corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
eab4aa42fbd404630d0eb350ea17efd1 x86_64/corporate/3.0/RPMS/libphp_common432-4.3.4-4.5.C30mdk.i586.rpm
3138545d861d0c28acc81f77424e95c5 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.5.C30mdk.i586.rpm
b26d65545512c6698cfb5d3280961677 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.5.C30mdk.i586.rpm
6bfa6303f2f8a52c963f9df4bf59c639 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.5.C30mdk.i586.rpm
9f017d501ff162d276b0e2832468a5c8 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.5.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCZGd6mqjQ0CJFipgRArzeAKCwF9l5b7X4e2V1lwVKBEmKxzhb2gCdGPe6
tLdpH8LT8qnWvHfu0Yo4XIA=
=eOcy
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the canonical site
to ensure that you receive the most current information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQCVAwUBQmUFdYpao72zK539AQF09gP/YIJUQsnlHVq4t4FE2yKEiT4U7XSoZMfD
6i9zR/mlFHEIyAc8htod9UBCXz4LCUbtJAEZ5Q6gn+5eO7ndcswp0bkuYXbzDlIy
D3JpVlA4QwobBAWMreX6/1DCPbOnMLxBibBK5xZB4okEbDKYbMWVCfIIFYLUCjQi
mpf8NCUF0VI=
=EgbI
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________