[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 677/05 - Mandriva - Security Update Advisories for lm_sensors, bluez-utils, pcre, php



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 677/05 dated 26.08.05  Time: 11:53  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Mandriva Linux Security Update Advisories
MDKSA-2005:149 - lm_sensors
MDKSA-2005:150 - bluez-utils
MDKSA-2005:151 - pcre
MDKSA-2005:152 - php

Detail
====== 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           lm_sensors
 Advisory ID:            MDKSA-2005:149
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in
 the lm_sensors package created temporary files in an insecure manner.
 This could allow a symlink attack to create or overwrite arbitrary
 files with full root privileges because pwmconfig is typically executed
 by root.
 
 The updated packages have been patched to correct this problem by using
 mktemp to create the temporary files.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2672
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 df10273b9fba09f7c5ce627bb5e36ada  10.0/RPMS/liblm_sensors3-2.8.4-2.1.100mdk.i586.rpm
 9d7b0eb57123bd343c332f7fce076397  10.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.100mdk.i586.rpm
 85abe9679e939b093f1bd7d77e7d7e16  10.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.100mdk.i586.rpm
 3212cbd6f8123492b47a33c70f28e67c  10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.i586.rpm
 fcc02a355b53b9e922ddb26cefe0753a  10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 ec6a4717784b523a0b3359cda0576765  amd64/10.0/RPMS/lib64lm_sensors3-2.8.4-2.1.100mdk.amd64.rpm
 0a72c0a128cacefe91f1f7cc49e5762f  amd64/10.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.100mdk.amd64.rpm
 24db3949ab603bfe06066e95fe332673  amd64/10.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.100mdk.amd64.rpm
 2e514d87df42d4aa351939c4b27e2fe7  amd64/10.0/RPMS/lm_sensors-2.8.4-2.1.100mdk.amd64.rpm
 fcc02a355b53b9e922ddb26cefe0753a  amd64/10.0/SRPMS/lm_sensors-2.8.4-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 1c851f52f07dd18fd84e4c47102c656f  10.1/RPMS/liblm_sensors3-2.8.7-7.1.101mdk.i586.rpm
 6802ce70ffab988d04579d009b78d8a7  10.1/RPMS/liblm_sensors3-devel-2.8.7-7.1.101mdk.i586.rpm
 6b59df6a1814d9300b9d590a1ab4008f  10.1/RPMS/liblm_sensors3-static-devel-2.8.7-7.1.101mdk.i586.rpm
 4ab2767ada36c3eb47ec7dff9aae28df  10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.i586.rpm
 e978ae8f29f593dbf3dbb59eda006db1  10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 965c42926063cd3abee729f3e3b6b850  x86_64/10.1/RPMS/lib64lm_sensors3-2.8.7-7.1.101mdk.x86_64.rpm
 a470b4f7b984c5e17f579abc10edd49f  x86_64/10.1/RPMS/lib64lm_sensors3-devel-2.8.7-7.1.101mdk.x86_64.rpm
 7612338836b497a6bdd3b638120e67ef  x86_64/10.1/RPMS/lib64lm_sensors3-static-devel-2.8.7-7.1.101mdk.x86_64.rpm
 1805b24a8c2f2c09b0f19259f3ebcb58  x86_64/10.1/RPMS/lm_sensors-2.8.7-7.1.101mdk.x86_64.rpm
 e978ae8f29f593dbf3dbb59eda006db1  x86_64/10.1/SRPMS/lm_sensors-2.8.7-7.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 bc0221e163fa223e9f7a7e8b101209eb  10.2/RPMS/liblm_sensors3-2.9.0-4.1.102mdk.i586.rpm
 90d172096a15727c0e9f55f8f6459d14  10.2/RPMS/liblm_sensors3-devel-2.9.0-4.1.102mdk.i586.rpm
 92020d0fafe62fc329dfcc3d1d9ed4e6  10.2/RPMS/liblm_sensors3-static-devel-2.9.0-4.1.102mdk.i586.rpm
 7c67db72576b4e623e8c0adf6f3b49aa  10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.i586.rpm
 bf68836cfdf5be70f4fac4e5f928c3ae  10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 0588a52c3be2a4327042f0ef762f2677  x86_64/10.2/RPMS/lib64lm_sensors3-2.9.0-4.1.102mdk.x86_64.rpm
 6f101ef435f161d6d2fd2801ea90ade2  x86_64/10.2/RPMS/lib64lm_sensors3-devel-2.9.0-4.1.102mdk.x86_64.rpm
 b1d4d08c90db9fb7a5c889a88e855529  x86_64/10.2/RPMS/lib64lm_sensors3-static-devel-2.9.0-4.1.102mdk.x86_64.rpm
 6c80fec8081da73a246d02be3b361fd5  x86_64/10.2/RPMS/lm_sensors-2.9.0-4.1.102mdk.x86_64.rpm
 bf68836cfdf5be70f4fac4e5f928c3ae  x86_64/10.2/SRPMS/lm_sensors-2.9.0-4.1.102mdk.src.rpm

 Corporate 3.0:
 b992ecee206b158aa13752250f55a239  corporate/3.0/RPMS/liblm_sensors3-2.8.4-2.1.C30mdk.i586.rpm
 1422d8d639631c0d82e7ffdaef8ecfb2  corporate/3.0/RPMS/liblm_sensors3-devel-2.8.4-2.1.C30mdk.i586.rpm
 0c8f7b0c546748c218b6f96c14747b04  corporate/3.0/RPMS/liblm_sensors3-static-devel-2.8.4-2.1.C30mdk.i586.rpm
 900cd7aabecb4af76a1900005f2cc82f  corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.i586.rpm
 42537c2b258f5d5c859e89554b18e670  corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5f2ba067df2ffcea7460ecbbed5b9406  x86_64/corporate/3.0/RPMS/lib64lm_sensors3-2.8.4-2.1.C30mdk.x86_64.rpm
 532c570adec5fddf0bc1de218f281113  x86_64/corporate/3.0/RPMS/lib64lm_sensors3-devel-2.8.4-2.1.C30mdk.x86_64.rpm
 6ea29988cd83558f4acea49cc3eaa34f  x86_64/corporate/3.0/RPMS/lib64lm_sensors3-static-devel-2.8.4-2.1.C30mdk.x86_64.rpm
 7a8e60e83b80043606b839119d43d26b  x86_64/corporate/3.0/RPMS/lm_sensors-2.8.4-2.1.C30mdk.x86_64.rpm
 42537c2b258f5d5c859e89554b18e670  x86_64/corporate/3.0/SRPMS/lm_sensors-2.8.4-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkmlmqjQ0CJFipgRAtgkAKCAM8a41udjZdz8A9aR4LjlFWjpaACfQ6dp
KcIzx0iSnhhIpW4nRbVczuY=
=TYCh
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           bluez-utils
 Advisory ID:            MDKSA-2005:150
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability in bluez-utils was discovered by Henryk Plotz.  Due to
 missing input sanitizing, it was possible for an attacker to execute
 arbitrary commands supplied as a device name from the remote bluetooth
 device.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2547
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 a363e2012cbf365604147ea094d48e51  10.0/RPMS/bluez-utils-2.4-4.1.100mdk.i586.rpm
 b9836323e7edaefa139dbf803ed5b11a  10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 0c14d3c62ccbb9c53f88f41129883226  amd64/10.0/RPMS/bluez-utils-2.4-4.1.100mdk.amd64.rpm
 b9836323e7edaefa139dbf803ed5b11a  amd64/10.0/SRPMS/bluez-utils-2.4-4.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 ae95bbad5bb67d20a6d209500c729062  10.1/RPMS/bluez-utils-2.10-3.1.101mdk.i586.rpm
 15c9d82af6f029699f5f17901277b4f5  10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.i586.rpm
 e612f6d35745cba68c362003a4c163e4  10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c63fc9b66c8a6886602fcc34dcc82f0b  x86_64/10.1/RPMS/bluez-utils-2.10-3.1.101mdk.x86_64.rpm
 d27d581f66ed0f4d23ad627f836e86f1  x86_64/10.1/RPMS/bluez-utils-cups-2.10-3.1.101mdk.x86_64.rpm
 e612f6d35745cba68c362003a4c163e4  x86_64/10.1/SRPMS/bluez-utils-2.10-3.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 f909df9003986b72b21a95044298ddba  10.2/RPMS/bluez-utils-2.14-1.1.102mdk.i586.rpm
 c3a06b22a142cb1a5b3f9d07e7acc65f  10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.i586.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 1dccad3836e309b8046d677eccc96cc5  x86_64/10.2/RPMS/bluez-utils-2.14-1.1.102mdk.x86_64.rpm
 76ace2f605fccfb1570c3f74d6c1a5ef  x86_64/10.2/RPMS/bluez-utils-cups-2.14-1.1.102mdk.x86_64.rpm
 c8e48eedc86d6f3dc5e1aa97d4b819fd  x86_64/10.2/SRPMS/bluez-utils-2.14-1.1.102mdk.src.rpm

 Corporate 3.0:
 e9db54c7ed37293e88f9a6a296ef5aa2  corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.i586.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 6cd0acb52a764d5ed594b616c0947db4  x86_64/corporate/3.0/RPMS/bluez-utils-2.4-4.1.C30mdk.x86_64.rpm
 68ecbc8a999f219d5613b5ddc3aed4df  x86_64/corporate/3.0/SRPMS/bluez-utils-2.4-4.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkoGmqjQ0CJFipgRAnlNAKCF87ZavpMhfLYGibRLgs4xgSEheQCg6j8f
OVri7gtCTXz7Kn58ruNfTEI=
=BEvC
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           pcre
 Advisory ID:            MDKSA-2005:151
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 309b57502a08710bc746463e40564c2e  10.0/RPMS/libpcre0-4.5-3.1.100mdk.i586.rpm
 a7f390ea8291db6a913db92434ab4fd1  10.0/RPMS/libpcre0-devel-4.5-3.1.100mdk.i586.rpm
 e7ad5f3caae546bc9f76d90c53d98131  10.0/RPMS/pcre-4.5-3.1.100mdk.i586.rpm
 e832acf199d237eb25869d3e1dd1f3a5  10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 5ec78978882ae59e235036f463caf728  amd64/10.0/RPMS/lib64pcre0-4.5-3.1.100mdk.amd64.rpm
 c1ea77b8c96a64de277200642c0f39c4  amd64/10.0/RPMS/lib64pcre0-devel-4.5-3.1.100mdk.amd64.rpm
 459960f18b926090eccfbae6faa0c84f  amd64/10.0/RPMS/pcre-4.5-3.1.100mdk.amd64.rpm
 e832acf199d237eb25869d3e1dd1f3a5  amd64/10.0/SRPMS/pcre-4.5-3.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 5fb1ddf8ac2ed8bb2268bf3e18b64529  10.1/RPMS/libpcre0-4.5-5.1.101mdk.i586.rpm
 819b1b79f017971f145b8c12b78cc593  10.1/RPMS/libpcre0-devel-4.5-5.1.101mdk.i586.rpm
 acb97853ce1673ad72027ff5057428c0  10.1/RPMS/pcre-4.5-5.1.101mdk.i586.rpm
 f4a2d968098de33876cc7ad022f4e751  10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 03249093a10cb990ec3cc5a362924841  x86_64/10.1/RPMS/lib64pcre0-4.5-5.1.101mdk.x86_64.rpm
 f74eadbea48228c62d1093622c6e9bb9  x86_64/10.1/RPMS/lib64pcre0-devel-4.5-5.1.101mdk.x86_64.rpm
 1a0c903d0391d7f935786a84d2fa66eb  x86_64/10.1/RPMS/pcre-4.5-5.1.101mdk.x86_64.rpm
 f4a2d968098de33876cc7ad022f4e751  x86_64/10.1/SRPMS/pcre-4.5-5.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4b3dcaf88712905c07eb9d1eea48f426  10.2/RPMS/libpcre0-5.0-2.1.102mdk.i586.rpm
 93f5253396e53c95b5aebb79a290957c  10.2/RPMS/libpcre0-devel-5.0-2.1.102mdk.i586.rpm
 c42b2c321aacd8fc36aaed195aaed054  10.2/RPMS/pcre-5.0-2.1.102mdk.i586.rpm
 c9bd1f6fd2816a6ff02c08533faa700a  10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 9c16f12aec35bc1d32932ecf478e0672  x86_64/10.2/RPMS/lib64pcre0-5.0-2.1.102mdk.x86_64.rpm
 93ff357fa977d8a26ac5a4a0ef2b6400  x86_64/10.2/RPMS/lib64pcre0-devel-5.0-2.1.102mdk.x86_64.rpm
 a2ceb2799814de8984ca6707b497fce5  x86_64/10.2/RPMS/pcre-5.0-2.1.102mdk.x86_64.rpm
 c9bd1f6fd2816a6ff02c08533faa700a  x86_64/10.2/SRPMS/pcre-5.0-2.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 39a7d2f6d40af5ca22b7a78607b3217f  mnf/2.0/RPMS/libpcre0-4.5-3.1.M20mdk.i586.rpm
 de30c5803f323b1b124234c21f125b25  mnf/2.0/RPMS/pcre-4.5-3.1.M20mdk.i586.rpm
 6c8e57198db4380e69017f8299ff40e5  mnf/2.0/SRPMS/pcre-4.5-3.1.M20mdk.src.rpm

 Corporate Server 2.1:
 de01932f1bb779c78999762bb5057653  corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.i586.rpm
 2a7c71195755079fe3eee0fda834a7d9  corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.i586.rpm
 aae9df225a2bdafa9f60feeb397f5796  corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.i586.rpm
 16ff4bcf36bba60143ac847e0ce91cb0  corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 d310322b1038159b0270ae62140e8b4c  x86_64/corporate/2.1/RPMS/libpcre0-3.9-5.1.C21mdk.x86_64.rpm
 7977cc9ab34756f1653e96e996abdfb4  x86_64/corporate/2.1/RPMS/libpcre0-devel-3.9-5.1.C21mdk.x86_64.rpm
 aad833aca80deac98d7157de58a9ef68  x86_64/corporate/2.1/RPMS/pcre-3.9-5.1.C21mdk.x86_64.rpm
 16ff4bcf36bba60143ac847e0ce91cb0  x86_64/corporate/2.1/SRPMS/pcre-3.9-5.1.C21mdk.src.rpm

 Corporate 3.0:
 18dd263d0c809022c870a29899eeb8b3  corporate/3.0/RPMS/libpcre0-4.5-3.2.C30mdk.i586.rpm
 674b5bba9b87dc2ed6e6fafe9c53abfc  corporate/3.0/RPMS/libpcre0-devel-4.5-3.2.C30mdk.i586.rpm
 d5df129d1e9d7800e1b9a97cccb96217  corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.i586.rpm
 e9f3f1d4a19b0396481871aa0c398c16  corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a5a97684dac58a4bce9748039c961278  x86_64/corporate/3.0/RPMS/lib64pcre0-4.5-3.2.C30mdk.x86_64.rpm
 d1dcd3f60940c3165d42b79c631b558d  x86_64/corporate/3.0/RPMS/lib64pcre0-devel-4.5-3.2.C30mdk.x86_64.rpm
 bc0dae706980d75df70c6080cb1968a4  x86_64/corporate/3.0/RPMS/pcre-4.5-3.2.C30mdk.x86_64.rpm
 e9f3f1d4a19b0396481871aa0c398c16  x86_64/corporate/3.0/SRPMS/pcre-4.5-3.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkpnmqjQ0CJFipgRAu+AAJ4rpwF57tztJVaEmZcskC8xc1QhoQCfaFCK
Co3E1meGMO7bWPtcuVYDSi4=
=JArc
- -----END PGP SIGNATURE-----


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           php
 Advisory ID:            MDKSA-2005:152
 Date:                   August 25th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Integer overflow in pcre_compile.c in Perl Compatible Regular
 Expressions (PCRE) before 6.2, as used in multiple products, allows
 attackers to execute arbitrary code via quantifier values in regular
 expressions, which leads to a heap-based buffer overflow.
 
 The php packages, as shipped, were built using a private copy of pcre.
 
 The updated packages have been rebuilt against the system pcre libs
 to correct this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 eb0e368698b2fda5305b91ab1db8454b  10.0/RPMS/libphp_common432-4.3.4-4.6.100mdk.i586.rpm
 1816cfcc76d579e46733d572b9419fce  10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.i586.rpm
 44eccf95b5ea20a7980bc57193fd4207  10.0/RPMS/php-cli-4.3.4-4.6.100mdk.i586.rpm
 a69cc3baef9baa683242e30f6011f8e2  10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.i586.rpm
 a0a2f9a9e8241a515cf2b548beae4cb7  10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 fd1a6e1293506461a19e5cc80d90eecb  amd64/10.0/RPMS/lib64php_common432-4.3.4-4.6.100mdk.amd64.rpm
 f9374c5b4339d568fe6e05bfb17b81f7  amd64/10.0/RPMS/php-cgi-4.3.4-4.6.100mdk.amd64.rpm
 0f811ea9666a35feaeb3176bef2145e4  amd64/10.0/RPMS/php-cli-4.3.4-4.6.100mdk.amd64.rpm
 5cc1e89e7e2d2474d4249713855ab1b1  amd64/10.0/RPMS/php432-devel-4.3.4-4.6.100mdk.amd64.rpm
 a0a2f9a9e8241a515cf2b548beae4cb7  amd64/10.0/SRPMS/php-4.3.4-4.6.100mdk.src.rpm

 Mandrakelinux 10.1:
 696d96819a573db2fc9ef77018a1cd5a  10.1/RPMS/libphp_common432-4.3.8-3.4.101mdk.i586.rpm
 cd75f36ce70b59b1e7d89ec17e939c01  10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.i586.rpm
 190fb5d7390f421ab639f086b0d4b830  10.1/RPMS/php-cli-4.3.8-3.4.101mdk.i586.rpm
 92d72f61dba2582098b490790d1dd759  10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.i586.rpm
 7c1fd0570af6566a47ef240e072757e3  10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 497261e30c8f34eeb074273dff2e51cd  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.4.101mdk.x86_64.rpm
 08f0ba426c68ae93549dc9617aec9fa7  x86_64/10.1/RPMS/php-cgi-4.3.8-3.4.101mdk.x86_64.rpm
 beb9dfc3eabafd3491f3996f339b89a7  x86_64/10.1/RPMS/php-cli-4.3.8-3.4.101mdk.x86_64.rpm
 3b9dfd200b756098165f7df0381e4fbd  x86_64/10.1/RPMS/php432-devel-4.3.8-3.4.101mdk.x86_64.rpm
 7c1fd0570af6566a47ef240e072757e3  x86_64/10.1/SRPMS/php-4.3.8-3.4.101mdk.src.rpm

 Mandrakelinux 10.2:
 586822538c1277d23958c0ccc7ca5f5b  10.2/RPMS/libphp_common432-4.3.10-7.2.102mdk.i586.rpm
 eda7407c1646e614949886cc0779c317  10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.i586.rpm
 cc5883ec909c52dd3c8eafd069bfefad  10.2/RPMS/php-cli-4.3.10-7.2.102mdk.i586.rpm
 7ba1ae1b35dcae80c87e934f7942ba4b  10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.i586.rpm
 8e6141b81f2a0852338915b5b5f78f43  10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 df8091c501dc846ee06d91843bb5bb01  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.2.102mdk.x86_64.rpm
 d6ed3306dbdf94e2d9a9331e787082c6  x86_64/10.2/RPMS/php-cgi-4.3.10-7.2.102mdk.x86_64.rpm
 9fae82418ec0cb926515a401563cd6f6  x86_64/10.2/RPMS/php-cli-4.3.10-7.2.102mdk.x86_64.rpm
 0a966fc75dfeba6697907a9d85365521  x86_64/10.2/RPMS/php432-devel-4.3.10-7.2.102mdk.x86_64.rpm
 8e6141b81f2a0852338915b5b5f78f43  x86_64/10.2/SRPMS/php-4.3.10-7.2.102mdk.src.rpm

 Multi Network Firewall 2.0:
 9512ea70132f3edb788c48a4d3ac7e34  mnf/2.0/RPMS/libphp_common432-4.3.4-4.6.M20mdk.i586.rpm
 5df5f70c8470ece4238d11f0cb213fb0  mnf/2.0/RPMS/php-cgi-4.3.4-4.6.M20mdk.i586.rpm
 c1c3eae72209c6742cbaa204fe1174d4  mnf/2.0/SRPMS/php-4.3.4-4.6.M20mdk.src.rpm

 Corporate Server 2.1:
 20e4fe9664591d97bd7e87bce7abf8a1  corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.i586.rpm
 b5c53e71a69a7d8812bb2871cef26aaf  corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.i586.rpm
 483f7f2db9ec6d49e29ba7c4488996ee  corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.i586.rpm
 1b3cbc4961e4ef50c6304d6a8f03cd0a  corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.i586.rpm
 0b15baacbb3243b46143fd041a8dd8f4  corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 734b15eebd17d63cef3e3a7f042c9fb1  x86_64/corporate/2.1/RPMS/php-4.2.3-4.5.C21mdk.x86_64.rpm
 d3c6941f8c98f4e868e5b9b2366e8886  x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.5.C21mdk.x86_64.rpm
 8eed243db07e3b87186598d050dcee8b  x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.5.C21mdk.x86_64.rpm
 839e1b9811714d35ce87b6d7bdd4a326  x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.5.C21mdk.x86_64.rpm
 0b15baacbb3243b46143fd041a8dd8f4  x86_64/corporate/2.1/SRPMS/php-4.2.3-4.5.C21mdk.src.rpm

 Corporate 3.0:
 0058c2f1310f1d9d96699565d285a9f2  corporate/3.0/RPMS/libphp_common432-4.3.4-4.6.C30mdk.i586.rpm
 6d8a5bad11aa6891a21ed9ad3da4dc45  corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.i586.rpm
 12c74a0af4df6572420c5ba18881cc3c  corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.i586.rpm
 e1e8b213071496d8bcd20d8c54288b4a  corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.i586.rpm
 d29855cc6df3d29b38eba206acf7c1d2  corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 de5bbf1a212dda1610ba9cb39429ee03  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.6.C30mdk.x86_64.rpm
 bb62cee7751251be364cb9a42467066b  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.6.C30mdk.x86_64.rpm
 28a83cd6fdf175ea0e7f0907b708acd4  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.6.C30mdk.x86_64.rpm
 91d3df83d21e58d339ac5f84e97b7386  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.6.C30mdk.x86_64.rpm
 d29855cc6df3d29b38eba206acf7c1d2  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.6.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDDkrImqjQ0CJFipgRAmZsAJwPg2M9yYquQzxTwFsfTR/zeDpRjwCfU/25
0iO114SDZxGvdjZiNj6oj3k=
=M1FP
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQw71rYpao72zK539AQEzdQP+PFhxoasE5sra6Y2B/oUUp2pqLpScGKKE
pc2ezlNvIVTthGTw1aGXk0/d9tb+RJTKoLIHGTxfX7d7HyaRNykigaPfSt+tIkyv
8hSscA66rZ1C+yTKq8xOgKEpK6FyarCs4KZ8Nw1TbE7bZOOa8zspKrWUAJR043m6
MqjrAENacrQ=
=FpXq
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________