=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN062
_____________________________________________________________________

DATE                      : 08/02/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running php.

======================================================================

  _______________________________________________________________________

  Mandriva Linux Security Advisory                         MDKSA-2006:035
  http://www.mandriva.com/security/
  _______________________________________________________________________

  Package : php
  Date    : February 7, 2006
  Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
  _______________________________________________________________________

  Problem Description:

  A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
  a remote attacker to bypass safe_mode and open_basedir restrictions via
  unknown attack vectors.

  The updated packages have been patched to correct this issue.
  _______________________________________________________________________

  References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
  _______________________________________________________________________

  Updated Packages:

  Mandriva Linux 10.1:
  73fb60b80de60eac15425466e59dca39  10.1/RPMS/libphp_common432-4.3.8-3.8.101mdk.i586.rpm
  b28919e0310bf29bf5866dae1ee16d98  10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.i586.rpm
  d83eaac3668f09924156f177cd15f201  10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.i586.rpm
  143fc214304a1c289fca9706a2a1c3a8  10.1/RPMS/php-cli-4.3.8-3.8.101mdk.i586.rpm
  78c983eccc5b8423c97ef382438b2e65  10.1/RPMS/php-gd-4.3.8-2.1.101mdk.i586.rpm
  677522c6ed558432f3dbf15616083610  10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
  aac1a54955e947f6c15c8b8059ae4181  10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

  Mandriva Linux 10.1/X86_64:
  106d6d5ca6b8f39c392bd13ec1dc42d4  x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.8.101mdk.x86_64.rpm
  b4c808eec06082b85642bb130f8415dc  x86_64/10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.x86_64.rpm
  471cb69b308907e438d462c99980dea0  x86_64/10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.x86_64.rpm
  553db3e91f87e7a515ac135e8d7f15f0  x86_64/10.1/RPMS/php-cli-4.3.8-3.8.101mdk.x86_64.rpm
  ec747cf48a3dad42141f27e44325033e  x86_64/10.1/RPMS/php-gd-4.3.8-2.1.101mdk.x86_64.rpm
  677522c6ed558432f3dbf15616083610  x86_64/10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
  aac1a54955e947f6c15c8b8059ae4181  x86_64/10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

  Mandriva Linux 10.2:
  13cf3adeda0a0cd1d0ccde575cbe63ec  10.2/RPMS/libphp_common432-4.3.10-7.6.102mdk.i586.rpm
  18302ef915b8f1b2245b9c0f79d574aa  10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.i586.rpm
  c58efdb3973bb63914463628936cf2db  10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.i586.rpm
  401059a0058df93d7b8567813b082b7e  10.2/RPMS/php-cli-4.3.10-7.6.102mdk.i586.rpm
  887e86064d91d133d3c98245b39335b3  10.2/RPMS/php-gd-4.3.10-5.1.102mdk.i586.rpm
  b677b123040f0279e39a047aa706a853  10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
  393e9bde7b571bc6aee17cf48929e0d5  10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

  Mandriva Linux 10.2/X86_64:
  b457eff82dcedc940afda2b137dc9058  x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.6.102mdk.x86_64.rpm
  6075916423066e4a026814cd38332528  x86_64/10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.x86_64.rpm
  4e1c918a571c85e3e4ce065edd249576  x86_64/10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.x86_64.rpm
  a222ddab3ffff21bcd82420fce7951da  x86_64/10.2/RPMS/php-cli-4.3.10-7.6.102mdk.x86_64.rpm
  ccf2d23979006f1f7bbc9d2a1efd6043  x86_64/10.2/RPMS/php-gd-4.3.10-5.1.102mdk.x86_64.rpm
  b677b123040f0279e39a047aa706a853  x86_64/10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
  393e9bde7b571bc6aee17cf48929e0d5  x86_64/10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

  Corporate 3.0:
  1980e0259fe7747380a824f8d22e6547  corporate/3.0/RPMS/libphp_common432-4.3.4-4.10.C30mdk.i586.rpm
  390c85972981566b353b594fe22197dc  corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.i586.rpm
  d9a49155ce3a80cdbc277f2412a13518  corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.i586.rpm
  d0cbbd7fb891a7541929c67aa0343df6  corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.i586.rpm
  238811f03e72ceecb0b91be525380cb9  corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.i586.rpm
  d54f4e12d35cedbef0f718170620ace4  corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
  c1a3d05a9501024102944e6820bc5501  corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

  Corporate 3.0/X86_64:
  a8dce337033e676378664c0db6b469f7  x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.10.C30mdk.x86_64.rpm
  c7b1cfd80cd506eff43f22b80aa75de6  x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.x86_64.rpm
  1c5e085cb86ad4f7af6a0da6d05a1d62  x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.x86_64.rpm
  9eec60e7a700c07da18b4f787ad3f58c  x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.x86_64.rpm
  500eedf63f7cbccb7920a94e7959e7ac  x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.x86_64.rpm
  d54f4e12d35cedbef0f718170620ace4  x86_64/corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
  c1a3d05a9501024102944e6820bc5501  x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

  Multi Network Firewall 2.0:
  505744d67c4a0d9d438eb59635a1b854  mnf/2.0/RPMS/libphp_common432-4.3.4-4.10.M20mdk.i586.rpm
  415fb09281493e6b5e262b8a919b2eb9  mnf/2.0/RPMS/php432-devel-4.3.4-4.10.M20mdk.i586.rpm
  71f1a80d1bf23652a8001a7e48fe139c  mnf/2.0/RPMS/php-cgi-4.3.4-4.10.M20mdk.i586.rpm
  5ad32b1fb9e6b12be629ea44168d5138  mnf/2.0/RPMS/php-cli-4.3.4-4.10.M20mdk.i586.rpm
  0b23cfbdff6ccd70f06cd3ab13813cb5  mnf/2.0/RPMS/php-gd-4.3.4-1.1.M20mdk.i586.rpm
  27c29e02d28e0aea1dadd7d149636b83  mnf/2.0/SRPMS/php-4.3.4-4.10.M20mdk.src.rpm
  ca1601d0a1fa257c8916715582a1df41  mnf/2.0/SRPMS/php-gd-4.3.4-1.1.M20mdk.src.rpm
  _______________________________________________________________________

  To upgrade automatically use MandrivaUpdate or urpmi.  The verification
  of md5 checksums and GPG signatures is performed automatically for you.

  All packages are signed by Mandriva for security.  You can obtain the
  GPG public key of the Mandriva Security Team by executing:

   gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

  You can view other update advisories for Mandriva Linux at:

   http://www.mandriva.com/security/advisories

  If you want to report vulnerabilities, please contact

   security_(at)_mandriva.com
  _______________________________________________________________________

  Type Bits/KeyID     Date       User ID
  pub  1024D/22458A98 2000-07-10 Mandriva Security Team
   <security*mandriva.com>

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================