[security] Warning on php

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[security] Warning on php

DaNiMoTh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------
Arch Linux Security Warning        ALSW 2007-#5
- ------------------------------------------------------------

Name:      php
Date:      2007-02-12
Severity:  Severe
Warning #: 2007-#5

- ------------------------------------------------------------

Product Background
===================
A high-level scripting language


Problem Background
===================

PHP 5.2.0 allows local users to bypass safe_mode and open_basedir
restrictions via a malicious path and a null byte before a ";" in a
session_save_path argument, followed by an allowed path, which causes
a parsing inconsistency in which PHP validates the allowed path but
sets session.save_path to the malicious path. (CVE-2006-6383)

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD
Graphics Library 2.0.33 and earlier allows remote attackers to cause a
denial of service (application crash) and possibly execute arbitrary
code via a crafted string with a JIS encoded font. PHP uses an
embedded copy of GD and may be susceptible to the same issue.
(CVE-2007-0455)

Problem Packages
===================
- ------------------------------------------------------------------
Package       |   Repo    |   Group    |   Unsafe   |    Safe    |
- ------------------------------------------------------------------
  php            current      devel      < 5.2.0      >= 5.2.1

Package Fix
===================
Upgrade to php 5.2.1.
Source:
http://www.php.net/distributions/php-5.2.1.tar.gz
md5sum:
604eaee2b834bb037d2c83e53e300d3f

Users must restart Apache for the changes to take effect.

Reference(s)
===================

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6383

Contact
===================
JJDaNiMoTh (jjdanimoth AT gmail DOT com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFF0NIMcJj0HNhER0MRAgbRAKCOG2PS/tFPHfIJx7mBzk5yJtzC5gCeK2Gw
3CrQGypdH5HU64pWnWtR63A=
=VClZ
-----END PGP SIGNATURE-----


_______________________________________________
arch mailing list
[hidden email]
http://www.archlinux.org/mailman/listinfo/arch