Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: tb13679.htm

PHP regression
PHP regression
PHP regression

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-549-2          December 03, 2007
php5 regression
A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  libapache2-mod-php5             5.2.3-1ubuntu6.2
  php5-cgi                        5.2.3-1ubuntu6.2
  php5-cli                        5.2.3-1ubuntu6.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-549-1 fixed vulnerabilities in PHP.  However, some upstream changes
were incomplete, which caused crashes in certain situations with Ubuntu
7.10.  This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that the wordwrap function did not correctly
 check lengths.  Remote attackers could exploit this to cause
 a crash or monopolize CPU resources, resulting in a denial of
 service. (CVE-2007-3998)

 Integer overflows were discovered in the strspn and strcspn functions.
 Attackers could exploit this to read arbitrary areas of memory, possibly
 gaining access to sensitive information. (CVE-2007-4657)

 Stanislav Malyshev discovered that money_format function did not correctly
 handle certain tokens.  If a PHP application were tricked into processing
 a bad format string, a remote attacker could execute arbitrary code with
 application privileges. (CVE-2007-4658)

 It was discovered that the php_openssl_make_REQ function did not
 correctly check buffer lengths.  A remote attacker could send a
 specially crafted message and execute arbitrary code with application
 privileges. (CVE-2007-4662)

 It was discovered that certain characters in session cookies were not
 handled correctly.  A remote attacker could injection values which could
 lead to altered application behavior, potentially gaining additional
 privileges. (CVE-2007-3799)

 Gerhard Wagner discovered that the chunk_split function did not
 correctly handle long strings.  A remote attacker could exploit this
 to execute arbitrary code with application privileges.  (CVE-2007-2872,
 CVE-2007-4660, CVE-2007-4661)

 Stefan Esser discovered that deeply nested arrays could be made to
 fill stack space.  A remote attacker could exploit this to cause a
 crash or monopolize CPU resources, resulting in a denial of service.
 (CVE-2007-1285, CVE-2007-4670)

 Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars
 functions did not correctly stop when handling partial multibyte
 sequences.  A remote attacker could exploit this to read certain areas of
 memory, possibly gaining access to sensitive information. (CVE-2007-5898)

 It was discovered that the output_add_rewrite_var fucntion would
 sometimes leak session id information to forms targeting remote URLs.
 Malicious remote sites could use this information to gain access to a
 PHP application user's login credentials. (CVE-2007-5899)

Updated packages for Ubuntu 7.10:

  Source archives: 
      Size/MD5:   126545 02fbb9e80b615dc9a718d60c9367538a 
      Size/MD5:     1921 d8aec3af9962e69e67bc7ae6bfa31537 
      Size/MD5:  9341653 df79b04d63fc4c1ccb6d8ea58a9cf3ac

  Architecture independent packages: 
      Size/MD5:   351400 62ead0de4a2ea48ca87be08b0448f5ab 
      Size/MD5:     1082 77c1c2ec676628707caf5588962f0f45

  amd64 architecture (Athlon64, Opteron, EM64T Xeon): 
      Size/MD5:  2669448 95ae60da41ef7b4594f86ff5264a13d4 
      Size/MD5:  5190794 1758c00b1b859342f5c3e73e5e867bbd 
      Size/MD5:  2617924 b4bda6f34586d6c8887cb2c10079ea76 
      Size/MD5:   222450 67e1f5d10721cad22936f0068211a3c7 
      Size/MD5:    24778 811ec34d4ea460b00fac5bdb16e9b8f5 
      Size/MD5:   355046 dfb88072d5b404ee353f4af63ae9ebb2 
      Size/MD5:    37826 6c17e662bb7a6b2c525a705d91fa65d5 
      Size/MD5:    19948 753ec86c6795479bc0891ca9c0670b91 
      Size/MD5:     5516 66519e995a609455868d5ad23e927221 
      Size/MD5:    73880 afcde53c84b70c2f9882d6c319f0ca6c 
      Size/MD5:    37356 ee6186620f7ee27b153c5104db3fa541 
      Size/MD5:    55904 99be8556d41e3561a25e24c281d0a11b 
      Size/MD5:     9642 c3295facb9fa364802abb6857f46f63d 
      Size/MD5:     4996 455b57531d167ecc89555e6e1f5605de 
      Size/MD5:    12352 fdca6404e8a8621fa702f1866e46751a 
      Size/MD5:    39482 55d7eb36b22298c3cae3305ea6e210f4 
      Size/MD5:    19824 8d13dfe918c0cea9d41fae314e22452d 
      Size/MD5:    17880 9ab41423658fbff93ae9c9012400d8ac 
      Size/MD5:    40808 eb5b2070dab4107f00e8e7475eab2b14 
      Size/MD5:    13368 8dc3c21c551572a5187341fe7f9368a4

  i386 architecture (x86 compatible Intel/AMD): 
      Size/MD5:  2542558 0fa871af840de95357d417e81b1bde12 
      Size/MD5:  5024704 4d076101de583289f74b472f66a3d321 
      Size/MD5:  2530522 a45f9fae50da18f4455a55c166b73f0a 
      Size/MD5:   218722 5c3bc75d5873441488fd0c8f65c2b53f 
      Size/MD5:    23598 a04e61affc316a84891bad58ee0eddbd 
      Size/MD5:   355044 94e2c641392ac5ae29e237c5132382f7 
      Size/MD5:    33490 0afcb138e970ca9d10dc1d754470494e 
      Size/MD5:    17970 b0258ea33e7642deb82aaead60a0e978 
      Size/MD5:     5194 49596e1453c3131e06af3e045a623977 
      Size/MD5:    65216 80135f11d58a1c872d4d60989baedf48 
      Size/MD5:    34432 29f2821eafc5fbf46a6e8ca4feec1970 
      Size/MD5:    51304 e66d6510daaaa6b4a6d4b64a5f7a0a60 
      Size/MD5:     8700 a594aa7f95afa110e83e529b97aa2f40 
      Size/MD5:     4774 5a766568c97f65f2be95c60f4a57bda9 
      Size/MD5:    11562 a663a6acf219a33af357f78c70c6b89d 
      Size/MD5:    34496 ab97a8b5c2b87c89517c6372907e4223 
      Size/MD5:    18134 9b97f35dd2cf631b8d4d407b802e09ba 
      Size/MD5:    16348 061fc0d3060ab441b7319608d7968ac6 
      Size/MD5:    37722 9d9eba9fd632f8d473ed095e17ad6d57 
      Size/MD5:    12402 355d6a8d187b53704d169ac2527b51a3

  powerpc architecture (Apple Macintosh G3/G4/G5): 
      Size/MD5:  2742574 b90d20abf4b71b58d67902f0904e3f54 
      Size/MD5:  5270574 67c8541045c90489d495ce234f6e1ffb 
      Size/MD5:  2654246 f27259c7b3841e50bf3c86dc782b20f0 
      Size/MD5:   225816 31458de4e7c9177f0138973fc0d5b25b 
      Size/MD5:    28060 86f7e5fad55a12472c985c32f743f015 
      Size/MD5:   355080 fecb9665cbde35a8518b600cdf205fb4 
      Size/MD5:    39110 adc0322de702ada2e0b80e490e417685 
      Size/MD5:    21724 edc5f9999abac743ecc66592cecf3767 
      Size/MD5:     7640 6377891afce3ee5b592c32cc95b42f95 
      Size/MD5:    78026 47fd399637c816e4a4206f76cd9d8afc 
      Size/MD5:    40974 641321c2fb3f5b8de7d772f3eeba46bc 
      Size/MD5:    59574 58b072639918acd35515d8eceb76971d 
      Size/MD5:    11248 4e667071c4471a24ecae795485aa3655 
      Size/MD5:     7172 1d98c91eafdf94442f8e4efddcbc0946 
      Size/MD5:    14118 6fc7790c62b8a7ae231a974271ce40f5 
      Size/MD5:    42674 53a718dcd9cebd06054ca7bcba4b31c6 
      Size/MD5:    21860 b210d78bfc0a04fa53f45b901ad3158e 
      Size/MD5:    20138 a5b73e99fe5320576a0ade3b9aca0cd4 
      Size/MD5:    43136 29eb3af8e346b10ae0c150406e16b996 
      Size/MD5:    15466 e1e046bc8e77d9237038abce92763c74

  sparc architecture (Sun SPARC/UltraSPARC): 
      Size/MD5:  2576838 4eb1b61129d7191fa5f9a8186a3eb545 
      Size/MD5:  5020902 a74c4167bd3c9072b62c8e8d4ac40eb9 
      Size/MD5:  2529358 790f9b28adf0a84e1f5fe8421fb9c5c6 
      Size/MD5:   218684 d3becd4261e09cdecbcdb17a2c28df2d 
      Size/MD5:    24486 c0eb7ca78a301b561175403f8a72f1a5 
      Size/MD5:   355090 4aba6b1a9c1cbe55e43ba0cd2e281740 
      Size/MD5:    34328 d002fe95e04fa7d471a401d29d18521f 
      Size/MD5:    17966 74f9b87291910eccdd06138619c27dc8 
      Size/MD5:     5070 cf33fa098810fe83e872c6156933b410 
      Size/MD5:    64752 c92758c6d14df97dfcb57d7aa2d6c243 
      Size/MD5:    32858 23ff82df0be4350ae39a0602e41bfe3e 
      Size/MD5:    50136 10970c45c6d1f679d478c781881d4adb 
      Size/MD5:     8620 899ac45be91a8ffa5630c99bf91fe059 
      Size/MD5:     4754 101ac244742ef3c43d95ab1ccd5a0262 
      Size/MD5:    11428 d8d1fb1c1a8e1b0f60fafc06a0e2ab07 
      Size/MD5:    33264 b5fe644c2419e3336f23ba47301174cb 
      Size/MD5:    17918 895e4b8d78babe51b656e5c3536542b0 
      Size/MD5:    16494 18f96996d94c777cf35150ebb7799653 
      Size/MD5:    36576 fe16a39635b929178778d1df340e8250 
      Size/MD5:    11958 98ceda91197ea9d786f66f43d2fd4c4f

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH