From debian-security-announce@LISTS.DEBIAN.ORG Mon Oct 16 08:04:46 2000 From: debian-security-announce@LISTS.DEBIAN.ORG To: BUGTRAQ@SECURITYFOCUS.COM Date: Sat, 14 Oct 2000 00:47:48 -0700 Reply-To: security@debian.org Subject: [BUGTRAQ] [SECURITY] New version of Debian php4 packages released (updated) -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------- Debian Security Advisory security@debian.org http://www.debian.org/security/ Daniel Jacobowitz October 14, 2000 - ---------------------------------------------------------------------------- Package: php4 Vulnerability: possible remote exploit Debian-specific: no Vulnerable: yes [Updated version: corrected URLs] In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code as the user running PHP scripts on the web server. This problem is fixed in versions 4.0.3-0potato1 for Debian 2.2 (potato) and 4.0.3-1 for Debian Unstable (woody). This is a bug fix release and we recommend all users of php4 upgrade to it; potato users should note that this is an upgrade from 4.0b3, but no incompatibilities are expected. Debian GNU/Linux 2.1 alias slink - -------------------------------- Slink does not contain any php4 packages, and is therefore not affected. Debian GNU/Linux 2.2 (stable) alias potato - ------------------------------------------ Fixes are currently available for the Alpha, Intel ia32, Motorola 680x0, PowerPC and Sun SPARC architectures, and will be included in 2.2r1. Source archives: http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz MD5 checksum: a4a9ce00f9b85966521fccf91c20b1fe http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc MD5 checksum: 26e0cc7624981b4872e104b62151c4b1 http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz MD5 checksum: e80223ed44a445bbf202cd9a41a8fbbb Architecture indendent archives: http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb MD5 checksum: 04b2040609b61c7c2ad391a23450ec66 Alpha architecture: http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb MD5 checksum: d3fe7fef73c4b598a81fa2190d0c9eb5 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb MD5 checksum: 1231668e5b49c44ec5aa1cf6260537ba http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb MD5 checksum: 7cbe170c8dc9d1692b5e3a59f225dc35 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb MD5 checksum: d41ac1166ace253daa79da899b60f1d2 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb MD5 checksum: 7ce535f98712a5b925e0e0c939623395 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb MD5 checksum: 49fa22bbd37e6da2b42f2988c34f062f http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb MD5 checksum: 3c8ae9b6caff94e3cfe9396929678ea8 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb MD5 checksum: b6b109a24e81a346cae7ede4acb7b8d6 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb MD5 checksum: f9dfaf4d72f9fd72684a6c1ef70e88f0 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb MD5 checksum: d738d12da802f8335c367c9c74f84702 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb MD5 checksum: 93171ea93342cd4818cc2e470bf755dd http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb MD5 checksum: a566dcef79feaa5835bac1fdf25447c9 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb MD5 checksum: 10bbe8213e8016321c1c39dfa4c71d00 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb MD5 checksum: 82eaa050345ebb04183ba54cb91d1dd3 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb MD5 checksum: 7756b53bd8889e76bb53ee200efa762a http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb MD5 checksum: 8768e4ac8a49fcd8fb93a39565ba9f6b http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb MD5 checksum: 1766704f4c160d70bbc8ceabbacb0485 http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb MD5 checksum: ab46675a4746fb9c6d98d41f69d6c39d Intel ia32 architecture: http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb MD5 checksum: 950b8d77cabb51fa3fee93f542923b22 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb MD5 checksum: 4a1b39e86058ddef899ea7e30c165997 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb MD5 checksum: f7ff7751166164afee9f213f088fd293 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb MD5 checksum: 353afa5861d49ccc6c2d2fd3dafad21d http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb MD5 checksum: 3d1336623f1e32d42efbb32097e50517 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb MD5 checksum: fcb4d91a0400a4a9f7e9f97b95a82efd http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb MD5 checksum: d9c7aecfa1f2976f416936333d263323 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb MD5 checksum: fdf4a7f0a185a9ca340378e6dbb982f7 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb MD5 checksum: 5050b7fc859f50621a0d54922832c2f1 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb MD5 checksum: 10c0fa0f35e0527f3e2cd1b5b6602ab6 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb MD5 checksum: b411fb51803d7a96ad5eec056de9a41f http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb MD5 checksum: 341d2bebc353f2ac4948a41d8b3fdb8c http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb MD5 checksum: f6d0465fc1c25d4deecd15dd5e60927b http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb MD5 checksum: a521a0332ee5c2ff325789c21c9bcc60 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb MD5 checksum: 979ffc72564dcd02dae7bb2d97f73bbc http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb MD5 checksum: 3a174bf266dec089aba50049090fc518 http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb MD5 checksum: 94ac2a5dbb47e4cf86c95579cff37320 http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb MD5 checksum: ac2b7d167760365d1143caa0483ca9d8 Motorola 680x0 architecture: http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb MD5 checksum: cf953a514fc74d16330a5fd61ca6f1d2 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb MD5 checksum: 54a1330b08760e2105a297652262b5f0 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb MD5 checksum: 3e589a6b10fd4c5b8cf0bcc823e1c136 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb MD5 checksum: 0bee1f3abd78718cd2ccc48862cd62d3 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb MD5 checksum: 8dc08d54bed91db40dce3d66f3ec4515 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb MD5 checksum: 1b61adc8cf8f0a9782057d622aedcedf http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb MD5 checksum: 0ba4613f858af4679d28bac799d9381d http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb MD5 checksum: 60047aecb794b0988e6834ad51991e6c http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb MD5 checksum: c50c7ea097c5ba876de023f519582c3b http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb MD5 checksum: 5fd8393cd6d3bb17c5a0cb91846c3c4e http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb MD5 checksum: 1f1fc4b0822bebf7fc1c8832066cce2d http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb MD5 checksum: de194dfccf9acbe7acf674949bd306c9 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb MD5 checksum: 2329a5ee7ad19c0a791923fddb8a35c1 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb MD5 checksum: 9a9ada8c95f121ab1ae7b9137990e54b http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb MD5 checksum: a2b7f9d325021b55c3f33e8744b91793 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb MD5 checksum: 3892fc2afd953838847d38a1787dd289 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb MD5 checksum: 94fa954c37a23af00976b231bf1fd4f6 http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb MD5 checksum: ca8ff47ba9b93365b9d05ba397b02608 PowerPC architecture: http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb MD5 checksum: 77f491b502259bba05cbe3a0ee1366f3 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb MD5 checksum: 920705ee0db58017de6a45e3343e9903 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb MD5 checksum: 89a30a1bdba82ab3b97c4a15d592b9e0 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb MD5 checksum: dea22760f061bea67e95336b145965f6 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb MD5 checksum: a62c51d74bf005ac33aef5f20976a26c http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb MD5 checksum: e8594ffbda40270ce33510307cd2b8c9 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb MD5 checksum: 5f463d50289c4d73085a1c06317b2d0c http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb MD5 checksum: 67a88882315b6a80e52066b15a5430f1 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb MD5 checksum: 562d0f98df13c64446b5f9157b164890 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb MD5 checksum: 5cd5a5c626174e945804a9eeb78b357b http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb MD5 checksum: b79798b045e33f1633948b3f9187fd17 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb MD5 checksum: 46d1767444a584cc5857fcf4ad69c1d7 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb MD5 checksum: c885eb618264bbd7ed40182176c9a627 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb MD5 checksum: 4761cb89398d57b0faffd8266775c008 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb MD5 checksum: 5caecc8f2ab14ea88f18be1e28158113 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb MD5 checksum: 644c612dc6311f8fb1eaa7a7e5292341 http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb MD5 checksum: f8de34081f2cd5a7373eb441b797d3df http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb MD5 checksum: eb844ebce5c2674c0981295d0992d9ff Sun Sparc architecture: http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb MD5 checksum: d467f114370d358e0a02ea1de2495b4e http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb MD5 checksum: fb9d8131160fd7915bd1e2c700662323 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb MD5 checksum: 9eed208d160ba83cab07a99d83448800 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb MD5 checksum: a90eb840733313cc4daf1e57f3cddf63 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb MD5 checksum: ee479f23bad040b9fa4fc960bb0998b8 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb MD5 checksum: 6339a967c077b4eae3cf32974657759c http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb MD5 checksum: 2cda52b681eb985958135434edeb5ae6 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb MD5 checksum: 756fa42bf5d0af442291efa6ad719b38 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb MD5 checksum: f4dbb48a2c0c904d3180e4699426f20a http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb MD5 checksum: 90f994f67c2a0a902a16aeb2acac9556 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb MD5 checksum: 17997e09572e612f4fc3d0aad8b74fe8 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb MD5 checksum: a9985cd2954c5d44d6e7a57d717c0097 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb MD5 checksum: 49aa1c86cb9ec06c17bc2d727b75e1b0 http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb MD5 checksum: bac338543482d242d1c5cd936690eb1f http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb MD5 checksum: 5f8ff8caf9086525012db9234a94ff8c http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb MD5 checksum: 5d20c6b5fce5bbeb04a422a7ee3cbadd http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb MD5 checksum: e0360986406d5f566356f0389bd338dc http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb MD5 checksum: c25c1000ce84068fb5ae3b0c36a2c154 Debian GNU/Linux Unstable alias woody - ------------------------------------- This version of Debian is not yet released. Fixes are currently available for Alpha and Intel ia32 in the Debian archives; fixes for other architectures will be made available shortly. - ---------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBOegPQT5fjwqn/34JAQG/swP/U9c643vSqyVQxs9zYV2qY/ZH54HCCDUe Eos4KO051AZtH6kxG/V9qI8QF159VNsxHsPPSG8Ag7fHd5cu0faIf44Eiy8PRlLv IC5Rw1GqCkKaWiYPvnfWm5SStYPX63bK7byvd/hytiNz2rw/pwbDinPkDKsUEx33 FbIpv6UMo9c= =b5x8 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org