===================================================================== CERT-Renater Note d'Information No. 2006/VULN135 _____________________________________________________________________ DATE : 04/04/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running php. ====================================================================== _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:063 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : April 2, 2006 Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc. Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability "out of the box" but users are encourages to upgrade regardless. Once the upgraded packages have been installed, users will need to issue a "service httpd restart" in order for the fixed packages to be properly loaded. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490 _______________________________________________________________________ Updated Packages: Mandriva Linux 10.2: ef3fa2a2d14fb8be4f3febaf83bbffa9 10.2/RPMS/libphp_common432-4.3.10-7.8.102mdk.i586.rpm 4a883be9e264869febfdfc5cdf529a49 10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.i586.rpm 2c1627712cca538956c5f851f616d5ce 10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.i586.rpm 8c6727cf7e6eb10dabc18eab21bfb2e4 10.2/RPMS/php-cli-4.3.10-7.8.102mdk.i586.rpm 42d36049ac84a54b170d64fb1e4bdbfc 10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 0bc53707143b53de67d92e09c3f681ce x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.8.102mdk.x86_64.rpm aa2afe3688d5467753f3b65f977cdfe2 x86_64/10.2/RPMS/php432-devel-4.3.10-7.8.102mdk.x86_64.rpm b69f7d7333fd59fc53f2c3cb775cb92d x86_64/10.2/RPMS/php-cgi-4.3.10-7.8.102mdk.x86_64.rpm 9efe4691fa443904d12e05628ec32d1f x86_64/10.2/RPMS/php-cli-4.3.10-7.8.102mdk.x86_64.rpm 42d36049ac84a54b170d64fb1e4bdbfc x86_64/10.2/SRPMS/php-4.3.10-7.8.102mdk.src.rpm Mandriva Linux 2006.0: 2a7b4c48f38f0ca7ca1bfc6ee017e27b 2006.0/RPMS/libphp5_common5-5.0.4-9.4.20060mdk.i586.rpm 2b0fe0ae0adfcea994618097ccd8f43e 2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.i586.rpm 6495845826ffc3963ea5fa7602413d99 2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.i586.rpm 67e7e6ac6ffd75ebb3cfb067e16a6e90 2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.i586.rpm a07dfb39972947e39fc464895703e54f 2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.i586.rpm c71f42f38e21d547bc3121df180a1f9d 2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: c8d248402a14d3395df39d8460b2d09e x86_64/2006.0/RPMS/lib64php5_common5-5.0.4-9.4.20060mdk.x86_64.rpm 48903c848a6b6e95e602c9167f21140b x86_64/2006.0/RPMS/php-cgi-5.0.4-9.4.20060mdk.x86_64.rpm cf2c3ef8f5dd6a399026777f225e61c2 x86_64/2006.0/RPMS/php-cli-5.0.4-9.4.20060mdk.x86_64.rpm 78f44b12e62d382cdde698eddb98de7d x86_64/2006.0/RPMS/php-devel-5.0.4-9.4.20060mdk.x86_64.rpm e6f2546f0ad6786b235ff9d3a5037f18 x86_64/2006.0/RPMS/php-fcgi-5.0.4-9.4.20060mdk.x86_64.rpm c71f42f38e21d547bc3121df180a1f9d x86_64/2006.0/SRPMS/php-5.0.4-9.4.20060mdk.src.rpm Corporate 3.0: bfe7ada522d7d8c94d145d1345ea1cd2 corporate/3.0/RPMS/libphp_common432-4.3.4-4.12.C30mdk.i586.rpm d6e143fb483b0b491712b1f19d89d343 corporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.i586.rpm bbc4009f6a6ae8c1c57dd19d4d835a76 corporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.i586.rpm 30559d249370d48b6620f836857d4a03 corporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.i586.rpm c2a531e21b0337d6e2e189922de96444 corporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm Corporate 3.0/X86_64: 775eb72e9367dfa3f58fbf58baecbbef x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.12.C30mdk.x86_64.rpm acb65ffa3867a095ec685f3c8964dc79 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.12.C30mdk.x86_64.rpm 7ab648313c53a521b42c5fbe861ebefe x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.12.C30mdk.x86_64.rpm 56821179db1b9e456894a58c816f3766 x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.12.C30mdk.x86_64.rpm c2a531e21b0337d6e2e189922de96444 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.12.C30mdk.src.rpm Multi Network Firewall 2.0: e58ffa871474e313deb349926b22cc7e mnf/2.0/RPMS/libphp_common432-4.3.4-4.12.M20mdk.i586.rpm 0f58a032dcdb3bc45b37b67f2ce3f6bc mnf/2.0/RPMS/php432-devel-4.3.4-4.12.M20mdk.i586.rpm 7dd0f603a0870b896c9396357dcd9efc mnf/2.0/RPMS/php-cgi-4.3.4-4.12.M20mdk.i586.rpm a594814232b0dfa9bdbdf2db8d9089fd mnf/2.0/RPMS/php-cli-4.3.4-4.12.M20mdk.i586.rpm 650755a113c483af227369551a1431a3 mnf/2.0/SRPMS/php-4.3.4-4.12.M20mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================