Home Security

Advisories, February 21. 2007

By

February 22, 2007

Fedora Core

Fedora Update Notification
FEDORA-2007-261
2007-02-20

Product : Fedora Core 6
Name : php
Version : 5.1.6
Release : 3.4.fc6
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)

Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the
PHP language to Apache HTTP Server.

Update Information:

This update fixes a number of security issues in PHP.

A number of buffer overflow flaws were found in the PHP session
extension, the str_replace() function, and the imap_mail_compose()
function. If very long strings under the control of an attacker are
passed to the str_replace() function then an integer overflow could
occur in memory allocation. If a script uses the
imap_mail_compose() function to create a new MIME message based on
an input body from an untrusted source, it could result in a heap
overflow. An attacker who is able to access a PHP application
affected by any these issues could trigger these flaws and possibly
execute arbitrary code as the ‘apache’ user. (CVE-2007-0906)

If unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function can be forced to enter an infinite loop,
consuming CPU resources for a limited length of time, until the
script timeout alarm aborts execution of the script.
(CVE-2007-0988)

If the wddx extension is used to import WDDX data from an
untrusted source, certain WDDX input packets may allow a random
portion of heap memory to be exposed. (CVE-2007-0908)

If the odbc_result_all() function is used to display data from a
database, and the contents of the database table are under the
control of an attacker, a format string vulnerability is possible
which could lead to the execution of arbitrary code.
(CVE-2007-0909)

A one byte memory read will always occur before the beginning of
a buffer, which could be triggered for example by any use of the
header() function in a script. However it is unlikely that this
would have any effect. (CVE-2007-0907)

Several flaws in PHP could allows attackers to “clobber” certain
super-global variables via unspecified vectors. (CVE-2007-0910)

The Fedora Project would like to thank Stefan Esser for his help
diagnosing these issues.

Fri Feb 16 2007 Joe Orton <jorton@redhat.com> 5.1.6-3.4.fc6
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988
  (#228011)
  - package /usr/share/php and append to default include_path
    (#225434)
  - add php(api), php(zend-abi) provides (#221302)
  - fix magic file used by mime-magic (Kir Kolyshkin, #177926)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

7b9b09babaa380dc8d587a63dd8079abca2c1f47
SRPMS/php-5.1.6-3.4.fc6.src.rpm
7b9b09babaa380dc8d587a63dd8079abca2c1f47
noarch/php-5.1.6-3.4.fc6.src.rpm
9b8c93b07ce55cf46269eed4f14be2117502fa35
ppc/php-dba-5.1.6-3.4.fc6.ppc.rpm
0d3276247300e32005e63733dac8e9d8abfebf2a
ppc/php-cli-5.1.6-3.4.fc6.ppc.rpm
27c273659f4876bec4a764d6c9dabd3a6d8ce47e
ppc/php-common-5.1.6-3.4.fc6.ppc.rpm
f8bf63002e18b2204335f0f699b21844d10ed692
ppc/php-snmp-5.1.6-3.4.fc6.ppc.rpm
d2f76a00d4146beb9931bfa62a0d9133a0631725
ppc/php-pgsql-5.1.6-3.4.fc6.ppc.rpm
a12fe3a9f9a21a66d773d00f01f967070dbe1db4
ppc/php-ncurses-5.1.6-3.4.fc6.ppc.rpm
406c4930f71b5ee7598972bbd5a0fad108595d87
ppc/php-odbc-5.1.6-3.4.fc6.ppc.rpm
b1e3a2eccc1e004713897100964fc23ab6034332
ppc/php-soap-5.1.6-3.4.fc6.ppc.rpm
c61eff9975e3759b50a2c01f9e43484bbd570673
ppc/php-devel-5.1.6-3.4.fc6.ppc.rpm
662b8cd81d18d41647fd17967ebfbf97c9e47733
ppc/php-pdo-5.1.6-3.4.fc6.ppc.rpm
06c697a807bae46bff25d19640295aa5ac6af363
ppc/php-xmlrpc-5.1.6-3.4.fc6.ppc.rpm
f97ccc141d638bcb0d6ab9dc330098dd92c357aa
ppc/php-5.1.6-3.4.fc6.ppc.rpm
025dc3700043b40dac0cd2ea74da2427183e2829
ppc/php-gd-5.1.6-3.4.fc6.ppc.rpm
d70740454c0779318d375d4c75fa1008184adbfd
ppc/php-mysql-5.1.6-3.4.fc6.ppc.rpm
7f1b6cffb8136eae282e18920a592ad0599a46b6
ppc/php-ldap-5.1.6-3.4.fc6.ppc.rpm
67bb7febc969014df3f8beb3b1ecc231c86c9067
ppc/php-xml-5.1.6-3.4.fc6.ppc.rpm
a223d6c4a9bc29b9732538f0d321a1c8489c7197
ppc/php-imap-5.1.6-3.4.fc6.ppc.rpm
192b26bc0e30825d39c638065a763f452ad2c054
ppc/php-bcmath-5.1.6-3.4.fc6.ppc.rpm
4b09d78251135ddeadbba06801429cce1816aaa3
ppc/php-mbstring-5.1.6-3.4.fc6.ppc.rpm
435a2d2dec67e406b47f861a1c7e75389bb4f0ec
ppc/debug/php-debuginfo-5.1.6-3.4.fc6.ppc.rpm
04f7c9846d98e2e8d1d8f4679ea6c66e140d37f3
x86_64/php-cli-5.1.6-3.4.fc6.x86_64.rpm
c91d9cb9463d33703e94a0dcef8199b6df6955aa
x86_64/php-dba-5.1.6-3.4.fc6.x86_64.rpm
711ca7310f0080b2cdf6d9c0c18225c090a56bf0
x86_64/debug/php-debuginfo-5.1.6-3.4.fc6.x86_64.rpm
8f823d70a331464c66b4d36158252251f4bb188b
x86_64/php-xml-5.1.6-3.4.fc6.x86_64.rpm
74d5a0f5f52bbc1279ebf57335697a18b633e4bf
x86_64/php-5.1.6-3.4.fc6.x86_64.rpm
2193a252d2aba8579de10edfe18b2e7c9dcea2d3
x86_64/php-snmp-5.1.6-3.4.fc6.x86_64.rpm
a51a85403e132dd45a4b4154872f9f6bfab94140
x86_64/php-pgsql-5.1.6-3.4.fc6.x86_64.rpm
f825093b1b80729d490e27a92add197ee177b623
x86_64/php-bcmath-5.1.6-3.4.fc6.x86_64.rpm
9eb9abb190d8409ce729fdf9b6c2b813fdbb50fb
x86_64/php-common-5.1.6-3.4.fc6.x86_64.rpm
3dbb57bab24e6763524dd934cdfbc92998c28f20
x86_64/php-xmlrpc-5.1.6-3.4.fc6.x86_64.rpm
8142a27894e25cd408aeb354d136081af7980d28
x86_64/php-mysql-5.1.6-3.4.fc6.x86_64.rpm
e98fbc0d4dba2f264084bb59a38fc608d9583a54
x86_64/php-ncurses-5.1.6-3.4.fc6.x86_64.rpm
7968041fe2dd3900a66e7efbd0bfe3258779ecb5
x86_64/php-ldap-5.1.6-3.4.fc6.x86_64.rpm
3639702a352af9bf361a037932232a6aa2723262
x86_64/php-pdo-5.1.6-3.4.fc6.x86_64.rpm
4baf7cb8263d29ebad74f82e7dec5e82c4a944c6
x86_64/php-soap-5.1.6-3.4.fc6.x86_64.rpm
02e78ef41299b7b453c41370054ff32a19ab45b9
x86_64/php-odbc-5.1.6-3.4.fc6.x86_64.rpm
10d43aa4413a91a50af466a93827523151e82c1b
x86_64/php-mbstring-5.1.6-3.4.fc6.x86_64.rpm
d89d395cb04877824d0013bf0052dc4fcc02851a
x86_64/php-devel-5.1.6-3.4.fc6.x86_64.rpm
46b355db5d40d8cb1d2b37a97ff73826ad8f9b9a
x86_64/php-imap-5.1.6-3.4.fc6.x86_64.rpm
e4d3af22b8216172c1e6869c84560237af000a48
x86_64/php-gd-5.1.6-3.4.fc6.x86_64.rpm
8854dbd2cdac7b8c5e1b2c0df66e1a240ec94374
i386/php-ldap-5.1.6-3.4.fc6.i386.rpm
83806c3c738000dde90ad071ef099accc7bdea87
i386/php-devel-5.1.6-3.4.fc6.i386.rpm
29131458541011f152e5dd4f8fc17e0a2bb65dfe
i386/php-ncurses-5.1.6-3.4.fc6.i386.rpm
c7db44fc3b662517f5adc08f1abb8b6dbb2de969
i386/php-soap-5.1.6-3.4.fc6.i386.rpm
afc792f641459062889556e7ddc6f58d49cddcbb
i386/php-gd-5.1.6-3.4.fc6.i386.rpm
3f32c58eeffeae2d00dea03646b850c79300ff4c
i386/php-mbstring-5.1.6-3.4.fc6.i386.rpm
2e40e27b0c8f4ea8ecd98263865d52d9165674cd
i386/php-xml-5.1.6-3.4.fc6.i386.rpm
25994dd791746536ec68513c61093869f57869d6
i386/php-xmlrpc-5.1.6-3.4.fc6.i386.rpm
fe3321e73d118822b7e96eefbcbbafef7dfab48b
i386/php-common-5.1.6-3.4.fc6.i386.rpm
7166241a4dc4494a51f88ed569ff045ea43c5cff
i386/debug/php-debuginfo-5.1.6-3.4.fc6.i386.rpm
f867ebd1e07dbc90fe94aecff36be2d9c283af90
i386/php-odbc-5.1.6-3.4.fc6.i386.rpm
2d61834a838c8b61c41aedcfd063e8fc6083cdb0
i386/php-dba-5.1.6-3.4.fc6.i386.rpm
a06e00e158acebb953808198d608da92cde271e0
i386/php-bcmath-5.1.6-3.4.fc6.i386.rpm
c778f92d0d3e3ed148d57b18febe46230362aec7
i386/php-pgsql-5.1.6-3.4.fc6.i386.rpm
87c95b809a0e77dbc0400709e197ebfcb676ac97
i386/php-snmp-5.1.6-3.4.fc6.i386.rpm
60a45e08a036090767b07a174d291db30f8fc57e
i386/php-5.1.6-3.4.fc6.i386.rpm
ae7c85a6d029868aa83d272b1f44fa5fc2774df5
i386/php-cli-5.1.6-3.4.fc6.i386.rpm
1b25d339e8416be01e93799b01f85a3b3c165591
i386/php-mysql-5.1.6-3.4.fc6.i386.rpm
66d4277e2ae840ee87a7a8940112abc30e88206d
i386/php-imap-5.1.6-3.4.fc6.i386.rpm
4808d76752ae8866198512026fdbf8debb66b7d9
i386/php-pdo-5.1.6-3.4.fc6.i386.rpm

This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.

Fedora Update Notification
FEDORA-2007-263
2007-02-20

Product : Fedora Core 6
Name : ekiga
Version : 2.0.5
Release : 2.fc6
Summary : A Gnome based SIP/H323 teleconferencing application

Description :
Ekiga is a tool to communicate with video and audio over the
internet. It uses the standard SIP and H323 protocols.

Update Information:

A format string flaw was found in the way Ekiga processes
certain messages. If a user is running Ekiga, a remote attacker who
can connect to Ekiga could trigger this flaw and potentially
execute arbitrary code with the privileges of the user.

Tue Feb 20 2007 Soren Sandmann <sandmann@redhat.com> – 2.0.5-2
- vRebuild
Wed Feb 14 2007 Daniel Veillard <veillard@redhat.com>
- 2.0.5-1
- Upgrade to ekiga-2.0.5

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

23acbbb335fc1a73a82c20efa7cb66801c27a76e
SRPMS/ekiga-2.0.5-2.fc6.src.rpm
23acbbb335fc1a73a82c20efa7cb66801c27a76e
noarch/ekiga-2.0.5-2.fc6.src.rpm
9720ded77206ba0acf5425960246ba7770eeb287
ppc/ekiga-2.0.5-2.fc6.ppc.rpm
ec1572fee4f7095219228e7dacd81e19aec4d955
ppc/debug/ekiga-debuginfo-2.0.5-2.fc6.ppc.rpm
98235b8f8d43f29d85870e3481473c79d70e2f64
x86_64/ekiga-2.0.5-2.fc6.x86_64.rpm
7d7891e4d51261ffaa7ac67bf83cd94eb95187dd
x86_64/debug/ekiga-debuginfo-2.0.5-2.fc6.x86_64.rpm
dc8f603e6a8860081c9af6b2c40faa23f4e6905f
i386/ekiga-2.0.5-2.fc6.i386.rpm
bd36603e8c1592cab061d01aec92fd599201a48d
i386/debug/ekiga-debuginfo-2.0.5-2.fc6.i386.rpm

This update can be installed with the ‘yum’ update program. Use
‘yum update package-name’ at the command line. For more
information, refer to ‘Managing Software with yum,’ available at
http://fedora.redhat.com/docs/yum/.

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2007:044
http://www.mandriva.com/security/

Package : ekiga
Date : February 21, 2007
Affected: 2007.0

Problem Description:

A format string flaw was discovered in how ekiga processes
certain messages, which could permit a remote attacker that can
connect to ekiga to potentially execute arbitrary code with the
privileges of the user running ekiga.

Updated package have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006

Updated Packages:

Mandriva Linux 2007.0:
949ddb13d6ec406dda15989adfa6a8a6
2007.0/i586/ekiga-2.0.3-1.1mdv2007.0.i586.rpm
301e55e46ec28ec2f6bb3371e4954f71
2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
206cffc2e041ffa98edcfa982fd42c14
2007.0/x86_64/ekiga-2.0.3-1.1mdv2007.0.x86_64.rpm
301e55e46ec28ec2f6bb3371e4954f71
2007.0/SRPMS/ekiga-2.0.3-1.1mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:045
http://www.mandriva.com/security/

Package : gnomemeeting
Date : February 21, 2007
Affected: Corporate 3.0

Problem Description:

A format string flaw was discovered in how GnomeMeeting
processes certain messages, which could permit a remote attacker
that can connect to GnomeMeeting to potentially execute arbitrary
code with the privileges of the user running GnomeMeeting.

Updated package have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1007

Updated Packages:

Corporate 3.0:
15e2472f2e41ab47d507cfb491d7a28d
corporate/3.0/i586/gnomemeeting-0.98.5-5.1.C30mdk.i586.rpm
0e1008ad8663cf490f7fe9bffddcf05c
corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
dfb6e715109f6134a3a8497de10fa75e
corporate/3.0/x86_64/gnomemeeting-0.98.5-5.1.C30mdk.x86_64.rpm
0e1008ad8663cf490f7fe9bffddcf05c
corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:046
http://www.mandriva.com/security/

Package : gnucash
Date : February 21, 2007
Affected: 2007.0

Problem Description:

Gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary files via a symlink attack on the (1) gnucash.trace, (2)
qof.trace, and (3) qof.trace.[PID] temporary files.

Updated package have been patched to correct this issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0007

Updated Packages:

Mandriva Linux 2007.0:
a8b619c62b08ffe1a0a94123450c9182
2007.0/i586/gnucash-2.0.1-1.1mdv2007.0.i586.rpm
4670eabd1f6b6ac60d6c0fa6bbf86fae
2007.0/i586/gnucash-hbci-2.0.1-1.1mdv2007.0.i586.rpm
071c5a28526cc29b99d47485d95b5115
2007.0/i586/gnucash-ofx-2.0.1-1.1mdv2007.0.i586.rpm
fa58ac7785e11552ad48bc35427ee689
2007.0/i586/gnucash-sql-2.0.1-1.1mdv2007.0.i586.rpm
3f8f689dd645e73822bd5baa6ba4db1f
2007.0/i586/libgnucash0-2.0.1-1.1mdv2007.0.i586.rpm
336f63153412b508077cc655d6ce9e76
2007.0/i586/libgnucash0-devel-2.0.1-1.1mdv2007.0.i586.rpm
ae715153145554dab009d40e68148ce7
2007.0/SRPMS/gnucash-2.0.1-1.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
5e30146412acbec8657a8f4590146279
2007.0/x86_64/gnucash-2.0.1-1.1mdv2007.0.x86_64.rpm
725b0c74c9335e4698e634ebc34788da
2007.0/x86_64/gnucash-hbci-2.0.1-1.1mdv2007.0.x86_64.rpm
15c729b3a02cef72a3b1e019a2a17415
2007.0/x86_64/gnucash-ofx-2.0.1-1.1mdv2007.0.x86_64.rpm
00724c0891a6e67973c6c9bce8dc25a3
2007.0/x86_64/gnucash-sql-2.0.1-1.1mdv2007.0.x86_64.rpm
db2b23ba27b6651b0452cfa7463b8e4e
2007.0/x86_64/lib64gnucash0-2.0.1-1.1mdv2007.0.x86_64.rpm
c97bf9c1d352b89f59572c1762fd5930
2007.0/x86_64/lib64gnucash0-devel-2.0.1-1.1mdv2007.0.x86_64.rpm
ae715153145554dab009d40e68148ce7
2007.0/SRPMS/gnucash-2.0.1-1.1mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2007:047
http://www.mandriva.com/security/

Package : kernel
Date : February 21, 2007
Affected: 2007.0

Problem Description:

Some vulnerabilities were discovered and corrected in the Linux
2.6 kernel:

A double free vulnerability in the squashfs module could allow a
local user to cause a Denial of Service by mounting a crafted
squashfs filesystem (CVE-2006-5701).

The zlib_inflate function allows local users to cause a crash
via a malformed filesystem that uses zlib compression that triggers
memory corruption (CVE-2006-5823).

The key serial number collision avoidance code in the
key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows
local users to cause a crash via vectors thatr trigger a null
dereference (CVE-2007-0006).

The provided packages are patched to fix these vulnerabilities.
All users are encouraged to upgrade to these updated kernels
immediately and reboot to effect the fixes.

In addition to these security fixes, other fixes have been
included such as:

New drivers: nozomi, UVC
Fixed SiS SATA support for chips on 966/968 bridges
Fixed issues in squashfs by updating to 3.2 (#27008)
Added support for SiS968 bridgest to the sis190 bridge
Fixed JMicron cable detection
Added /proc/config.gz support and enabled kexec on x86_64
Other minor fixes

To update your kernel, please follow the directions located
at:

http://www.mandriva.com/en/security/kernelupdate

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5701

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006

Updated Packages:

Mandriva Linux 2007.0:
07df9cceca48092bca1fd65cadf91e69
2007.0/i586/kernel-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
a1dbf1afa75579198166a3f4a74f45d5
2007.0/i586/kernel-doc-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
da3d2669e324068dd7563a29356a6221
2007.0/i586/kernel-enterprise-2.6.17.11mdv-1-1mdv2007.0.i586.rpm

1e1508188ec35415a880978c3c90c7ce
2007.0/i586/kernel-legacy-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
2d0f1e67c091bd9c62cb4f63b9ef7356
2007.0/i586/kernel-source-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
d76607bf4889d5a6d0a3633a84475684
2007.0/i586/kernel-source-stripped-2.6.17.11mdv-1-1mdv2007.0.i586.rpm

d6d3e09457c438b71cb03d3622867019
2007.0/i586/kernel-xen0-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
241b7b83709ec8811fb8b2969ae5bfda
2007.0/i586/kernel-xenU-2.6.17.11mdv-1-1mdv2007.0.i586.rpm
b971ee2fe8d6ddc83765cb2705671e35
2007.0/SRPMS/kernel-2.6.17.11mdv-1-1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7293720ba20f54c1522263b0d1e58577
2007.0/x86_64/kernel-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm
7a32b034b1452b1d102fed6fca411aa2
2007.0/x86_64/kernel-doc-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm
db02f60611db9824215440969b52d2ac
2007.0/x86_64/kernel-source-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm

4751c8e5fb383bf08f29f172bc1c11f2
2007.0/x86_64/kernel-source-stripped-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm

e467c45bdab2bfc663b0b0a0ab135d84
2007.0/x86_64/kernel-xen0-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm
9c00e25c5f5ea6be9d96c4a2139836a6
2007.0/x86_64/kernel-xenU-2.6.17.11mdv-1-1mdv2007.0.x86_64.rpm
b971ee2fe8d6ddc83765cb2705671e35
2007.0/SRPMS/kernel-2.6.17.11mdv-1-1mdv2007.0.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Important: spamassassin security update
Advisory ID: RHSA-2007:0074-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0074.html

Issue date: 2007-02-21
Updated on: 2007-02-21
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0451

1. Summary:

Updated spamassassin packages that fix a security issue are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

SpamAssassin provides a way to reduce unsolicited commercial
email (spam) from incoming email.

A flaw was found in the way SpamAssassin processes HTML email
containing URIs. A carefully crafted mail message could cause
SpamAssassin to consume significant resources. If a number of these
messages are sent, this could lead to a denial of service,
potentially delaying or preventing the delivery of email.
(CVE-2007-0451)

Users of SpamAssassin should upgrade to these updated packages
which contain version 3.1.8 which is not vulnerable to these
issues.

This is an upgrade from SpamAssassin version 3.0.6 to 3.1.8,
which contains many bug fixes and spam detection enhancements.
Further details are available in the SpamAssassin 3.1 changelog and
upgrade guide.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

228586 – CVE-2007-0451 Spamassassin DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/spamassassin-3.1.8-2.el4.src.rpm

57202e94f86776ca7ac6e262b252c75a
spamassassin-3.1.8-2.el4.src.rpm

i386:
96fe40f8db5b09d9c26cd81ec5443b0b
spamassassin-3.1.8-2.el4.i386.rpm
2f2cb0c33b2f0f2d24207578416dd187
spamassassin-debuginfo-3.1.8-2.el4.i386.rpm

ia64:
8d3424dad7b608dd8e93faf6d4605c19
spamassassin-3.1.8-2.el4.ia64.rpm
debd3351b802cf9a8ef5b7513b74a69d
spamassassin-debuginfo-3.1.8-2.el4.ia64.rpm

ppc:
ac4f13c18fc9ac8dd0233429e772faaa
spamassassin-3.1.8-2.el4.ppc.rpm
327c922ee04cd02f9262cb065c75a3ed
spamassassin-debuginfo-3.1.8-2.el4.ppc.rpm

s390:
575418188b8636bd3c3d92d6b2da0b72
spamassassin-3.1.8-2.el4.s390.rpm
1cb1b745ef0f4984743ea9a2aff8d1ea
spamassassin-debuginfo-3.1.8-2.el4.s390.rpm

s390x:
811672c5407382dc56f44075474a92c5
spamassassin-3.1.8-2.el4.s390x.rpm
e0813b2a4ed92138dbc50e448a26ac39
spamassassin-debuginfo-3.1.8-2.el4.s390x.rpm

x86_64:
8fb1ac7609deaaf4f5df2eb281813d06
spamassassin-3.1.8-2.el4.x86_64.rpm
acf37fb745b593306ea8928dbe65da66
spamassassin-debuginfo-3.1.8-2.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/spamassassin-3.1.8-2.el4.src.rpm

57202e94f86776ca7ac6e262b252c75a
spamassassin-3.1.8-2.el4.src.rpm

i386:
96fe40f8db5b09d9c26cd81ec5443b0b
spamassassin-3.1.8-2.el4.i386.rpm
2f2cb0c33b2f0f2d24207578416dd187
spamassassin-debuginfo-3.1.8-2.el4.i386.rpm

x86_64:
8fb1ac7609deaaf4f5df2eb281813d06
spamassassin-3.1.8-2.el4.x86_64.rpm
acf37fb745b593306ea8928dbe65da66
spamassassin-debuginfo-3.1.8-2.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/spamassassin-3.1.8-2.el4.src.rpm

57202e94f86776ca7ac6e262b252c75a
spamassassin-3.1.8-2.el4.src.rpm

i386:
96fe40f8db5b09d9c26cd81ec5443b0b
spamassassin-3.1.8-2.el4.i386.rpm
2f2cb0c33b2f0f2d24207578416dd187
spamassassin-debuginfo-3.1.8-2.el4.i386.rpm

ia64:
8d3424dad7b608dd8e93faf6d4605c19
spamassassin-3.1.8-2.el4.ia64.rpm
debd3351b802cf9a8ef5b7513b74a69d
spamassassin-debuginfo-3.1.8-2.el4.ia64.rpm

x86_64:
8fb1ac7609deaaf4f5df2eb281813d06
spamassassin-3.1.8-2.el4.x86_64.rpm
acf37fb745b593306ea8928dbe65da66
spamassassin-debuginfo-3.1.8-2.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/spamassassin-3.1.8-2.el4.src.rpm

57202e94f86776ca7ac6e262b252c75a
spamassassin-3.1.8-2.el4.src.rpm

i386:
96fe40f8db5b09d9c26cd81ec5443b0b
spamassassin-3.1.8-2.el4.i386.rpm
2f2cb0c33b2f0f2d24207578416dd187
spamassassin-debuginfo-3.1.8-2.el4.i386.rpm

ia64:
8d3424dad7b608dd8e93faf6d4605c19
spamassassin-3.1.8-2.el4.ia64.rpm
debd3351b802cf9a8ef5b7513b74a69d
spamassassin-debuginfo-3.1.8-2.el4.ia64.rpm

x86_64:
8fb1ac7609deaaf4f5df2eb281813d06
spamassassin-3.1.8-2.el4.x86_64.rpm
acf37fb745b593306ea8928dbe65da66
spamassassin-debuginfo-3.1.8-2.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451

http://svn.apache.org/repos/asf/spamassassin/branches/3.1/UPGRADE

http://svn.apache.org/repos/asf/spamassassin/branches/3.1/Changes

http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Red Hat Security Advisory

Synopsis: Important: php security update
Advisory ID: RHSA-2007:0081-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0081.html

Issue date: 2007-02-21
Updated on: 2007-02-21
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909
CVE-2007-0910 CVE-2007-0988

1. Summary:

Updated PHP packages that fix several security issues are now
available for Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 –
i386, ia64
Red Hat Linux Advanced Workstation 2.1 – ia64
Red Hat Enterprise Linux ES version 2.1 – i386
Red Hat Enterprise Linux WS version 2.1 – i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with
the Apache HTTP Web server.

A number of buffer overflow flaws were found in the PHP session
extension; the str_replace() function; and the imap_mail_compose()
function. If very long strings were passed to the str_replace()
function, an integer overflow could occur in memory allocation. If
a script used the imap_mail_compose() function to create a new MIME
message based on an input body from an untrusted source, it could
result in a heap overflow. An attacker with access to a PHP
application affected by any these issues could trigger the flaws
and possibly execute arbitrary code as the ‘apache’ user.
(CVE-2007-0906)

When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop,
consuming CPU resources for a limited time, until the script
timeout alarm aborted execution of the script. (CVE-2007-0988)

If the wddx extension was used to import WDDX data from an
untrusted source, certain WDDX input packets could expose a random
portion of heap memory. (CVE-2007-0908)

If the odbc_result_all() function was used to display data from
a database, and the database table contents were under an
attacker’s control, a format string vulnerability was possible
which could allow arbitrary code execution. (CVE-2007-0909)

A one byte memory read always occurs before the beginning of a
buffer. This could be triggered, for example, by any use of the
header() function in a script. However it is unlikely that this
would have any effect. (CVE-2007-0907)

Several flaws in PHP could allow attackers to “clobber” certain
super-global variables via unspecified vectors. (CVE-2007-0910)

Users of PHP should upgrade to these updated packages which
contain backported patches to correct these issues.

Red Hat would like to thank Stefan Esser for his help diagnosing
these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229332 – CVE-2007-0906 PHP security issues (CVE-2007-0907,
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.14.src.rpm

3c1babd0b650d968fb05c3fc941e1328 php-4.1.2-2.14.src.rpm

i386:
a4e8107d7d04c391924e1a489c4e8b1f php-4.1.2-2.14.i386.rpm
3eb84ba09f48aafdd82fd273847c0ab7
php-devel-4.1.2-2.14.i386.rpm
547ee3ef9a42650b7968ca5d847cb362
php-imap-4.1.2-2.14.i386.rpm
27ad3782dd0bd6c398f6759c615a7a8e
php-ldap-4.1.2-2.14.i386.rpm
8f5cb33e88ebc83c80fd69608daa943b
php-manual-4.1.2-2.14.i386.rpm
13f14591befae51d6c2072e29190510e
php-mysql-4.1.2-2.14.i386.rpm
3c5a5d6027e2f960091044d63205e00b
php-odbc-4.1.2-2.14.i386.rpm
b14c7e1d15965c39febb475897ec9602
php-pgsql-4.1.2-2.14.i386.rpm

ia64:
e62f6a7585c07440f283543af205720c php-4.1.2-2.14.ia64.rpm
ddb2e7b85468f5c222ba1f09fcfdad9c
php-devel-4.1.2-2.14.ia64.rpm
b8f556303277dc3847d24acff42d530f
php-imap-4.1.2-2.14.ia64.rpm
444ae771d27b6eb5a4b9fc20df23ee46
php-ldap-4.1.2-2.14.ia64.rpm
d95de85e804a28dfbf0e1cf2dee9b184
php-manual-4.1.2-2.14.ia64.rpm
5e8f596c3109b090b1de0b40faa3575c
php-mysql-4.1.2-2.14.ia64.rpm
b017004385456310eaf7108b5e48a1fd
php-odbc-4.1.2-2.14.ia64.rpm
2b0984f7324d18f6f605b16ab0e0bcc1
php-pgsql-4.1.2-2.14.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.14.src.rpm

3c1babd0b650d968fb05c3fc941e1328 php-4.1.2-2.14.src.rpm

ia64:
e62f6a7585c07440f283543af205720c php-4.1.2-2.14.ia64.rpm
ddb2e7b85468f5c222ba1f09fcfdad9c
php-devel-4.1.2-2.14.ia64.rpm
b8f556303277dc3847d24acff42d530f
php-imap-4.1.2-2.14.ia64.rpm
444ae771d27b6eb5a4b9fc20df23ee46
php-ldap-4.1.2-2.14.ia64.rpm
d95de85e804a28dfbf0e1cf2dee9b184
php-manual-4.1.2-2.14.ia64.rpm
5e8f596c3109b090b1de0b40faa3575c
php-mysql-4.1.2-2.14.ia64.rpm
b017004385456310eaf7108b5e48a1fd
php-odbc-4.1.2-2.14.ia64.rpm
2b0984f7324d18f6f605b16ab0e0bcc1
php-pgsql-4.1.2-2.14.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.14.src.rpm

3c1babd0b650d968fb05c3fc941e1328 php-4.1.2-2.14.src.rpm

i386:
a4e8107d7d04c391924e1a489c4e8b1f php-4.1.2-2.14.i386.rpm
3eb84ba09f48aafdd82fd273847c0ab7
php-devel-4.1.2-2.14.i386.rpm
547ee3ef9a42650b7968ca5d847cb362
php-imap-4.1.2-2.14.i386.rpm
27ad3782dd0bd6c398f6759c615a7a8e
php-ldap-4.1.2-2.14.i386.rpm
8f5cb33e88ebc83c80fd69608daa943b
php-manual-4.1.2-2.14.i386.rpm
13f14591befae51d6c2072e29190510e
php-mysql-4.1.2-2.14.i386.rpm
3c5a5d6027e2f960091044d63205e00b
php-odbc-4.1.2-2.14.i386.rpm
b14c7e1d15965c39febb475897ec9602
php-pgsql-4.1.2-2.14.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:

ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.14.src.rpm

3c1babd0b650d968fb05c3fc941e1328 php-4.1.2-2.14.src.rpm

i386:
a4e8107d7d04c391924e1a489c4e8b1f php-4.1.2-2.14.i386.rpm
3eb84ba09f48aafdd82fd273847c0ab7
php-devel-4.1.2-2.14.i386.rpm
547ee3ef9a42650b7968ca5d847cb362
php-imap-4.1.2-2.14.i386.rpm
27ad3782dd0bd6c398f6759c615a7a8e
php-ldap-4.1.2-2.14.i386.rpm
8f5cb33e88ebc83c80fd69608daa943b
php-manual-4.1.2-2.14.i386.rpm
13f14591befae51d6c2072e29190510e
php-mysql-4.1.2-2.14.i386.rpm
3c5a5d6027e2f960091044d63205e00b
php-odbc-4.1.2-2.14.i386.rpm
b14c7e1d15965c39febb475897ec9602
php-pgsql-4.1.2-2.14.i386.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988

http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Ubuntu

Ubuntu Security Notice USN-424-1 February 21, 2007
php5 vulnerabilities
CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909,
CVE-2007-0910, CVE-2007-0988

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:

libapache2-mod-php5 5.0.5-2ubuntu1.7
php5-cgi 5.0.5-2ubuntu1.7
php5-cli 5.0.5-2ubuntu1.7
php5-common 5.0.5-2ubuntu1.7
php5-odbc 5.0.5-2ubuntu1.7

Ubuntu 6.06 LTS:

libapache2-mod-php5 5.1.2-1ubuntu3.5
php5-cgi 5.1.2-1ubuntu3.5
php5-cli 5.1.2-1ubuntu3.5
php5-common 5.1.2-1ubuntu3.5
php5-odbc 5.1.2-1ubuntu3.5

Ubuntu 6.10:

libapache2-mod-php5 5.1.6-1ubuntu2.2
php5-cgi 5.1.6-1ubuntu2.2
php5-cli 5.1.6-1ubuntu2.2
php5-common 5.1.6-1ubuntu2.2
php5-odbc 5.1.6-1ubuntu2.2

After a standard system upgrade you need to restart Apache or
reboot your computer to effect the necessary changes.

Details follow:

Multiple buffer overflows have been discovered in various PHP
modules. If a PHP application processes untrusted data with
functions of the session or zip module, or various string
functions, a remote attacker could exploit this to execute
arbitrary code with the privileges of the web server.
(CVE-2007-0906)

The sapi_header_op() function had a buffer underflow that could
be exploited to crash the PHP interpreter. (CVE-2007-0907)

The wddx unserialization handler did not correctly check for
some buffer boundaries and had an uninitialized variable. By
unserializing untrusted data, this could be exploited to expose
memory regions that were not meant to be accessible. Depending on
the PHP application this could lead to disclosure of potentially
sensitive information. (CVE-2007-0908)

On 64 bit systems (the amd64 and sparc platforms), various print
functions and the odbc_result_all() were susceptible to a format
string vulnerability. A remote attacker could exploit this to
execute arbitrary code with the privileges of the web server.
(CVE-2007-0909)

Under certain circumstances it was possible to overwrite
superglobal variables (like the HTTP GET/POST arrays) with crafted
session data. (CVE-2007-0910)

When unserializing untrusted data on 64-bit platforms the
zend_hash_init() function could be forced to enter an infinite
loop, consuming CPU resources, for a limited length of time, until
the script timeout alarm aborts the script. (CVE-2007-0988)

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7.diff.gz

Size/MD5: 116000
e86f9657167213b8990f391018b28e8e
http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7.dsc

Size/MD5: 1707
4eaf5e7ccc2304836f7c55a64857c145
http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5.orig.tar.gz

Size/MD5: 6082082
ae36a2aa35cfaa58bdc5b9a525e6f451

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.0.5-2ubuntu1.7_all.deb

Size/MD5: 173668
f6caf8c382ba778c934b7c3887915f61
http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.7_all.deb

Size/MD5: 1038
7c8598ce989a1c332b46e35612c91c75

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.7_amd64.deb