From martin.pitt@canonical.com Thu Dec 16 15:10:36 2004 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.netsys.com, bugtraq@securityfocus.com Date: Thu, 16 Dec 2004 18:26:55 +0100 Subject: [USN-40-1] PHP vulnerabilities =========================================================== Ubuntu Security Notice USN-40-1 December 16, 2004 php4 vulnerabilities CAN-2004-1019, CAN-2004-1065 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: libapache2-mod-php4 php4 php4-cgi The problem can be corrected by upgrading the affected package to version 4:4.3.8-3ubuntu7.1. After performing a standard system upgrade you need to reload the PHP module in the webserver by executing sudo /etc/init.d/apache2 reload to effect the necessary changes. Details follow: Stefan Esser reported several buffer overflows in PHP's variable unserializing handling. These could allow an attacker to execute arbitrary code on the server with the PHP interpreter's privileges by sending specially crafted input strings (form data, cookie values, and similar). Additionally, Ilia Alshanetsky discovered a buffer overflow in the exif_read_data() function. Attackers could execute arbitrary code on the server by sending a JPEG image with a very long "sectionname" value to PHP applications that support image uploads. Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.diff.gz Size/MD5: 610651 e966340847246b2191f23982664390ed http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8-3ubuntu7.1.dsc Size/MD5: 1624 659779c771610d813c1f3a4aa580abc0 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.8.orig.tar.gz Size/MD5: 4832570 dd69f8c89281f088eadf4ade3dbd39ee Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.8-3ubuntu7.1_all.deb Size/MD5: 331236 de01a589c82ee9b4ab0386287487bc20 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-pear_4.3.8-3ubuntu7.1_all.deb Size/MD5: 332374 a68bc6c786b9afde950254ede5b6e5f7 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 1687074 691eee396077c870a30fb238d9191862 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 3195360 c809b2db355a7bc84dec07f253aa10cf http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 17040 afc1817ea59b7b9ea456fc955594245b http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 40430 f75458e8cceb8ee81c89bb96f78eedd0 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 33494 a9855bcb2e9cd2af0ebcb557bb6d4380 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 21232 0698d1bc76347ba0cd982fc06f1bd0e8 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 18404 50319c698a92bc02ba400f0576d85691 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 7994 e195f98822655c7ca1cf144738502096 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 23112 d8cc467306a90d6c85cb7b07ca3a7a31 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 28324 c265f308ebdc7166189771574aef4ca4 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 7610 0044c60c1352ea2062305b9ad4e218f8 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 12968 18ef336bde0ab867e0e9ae1a9fef55b9 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 21508 1eaf9ea7357ea445a5836f2a9608560b http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 17244 b653332b01cdded019b98027e6271542 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_amd64.deb Size/MD5: 1703068 5a046adb9b630c9ffd2240b8f707399e i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 1629472 f3a06742df44f2d61525ff6ad10a2118 http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 3042316 3e47ad3d3e214cab1864c7338d999bf7 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 16596 e94769b268e370ce703a3034dca26a29 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 35556 2a0e1e904e6e94b77ff50e55519c2091 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 31072 bfcb31da78652ef4a903fea15cde2f6f http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 19474 612fc6968c909cfe4d234c3785ddfe57 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 17052 d555c32361241f8b077a2d48a7f2df75 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 7736 e976e52ee818f267b19694b394296738 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 20902 a10de406012b814358414c98c721e011 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 26062 df8df48148e63e3e77eb5559a9bf5bbc http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 7374 14304803fd0c2363ebe2dbf4effc4aeb http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 12316 4147ba0de6f7fb75cc54f94a92a9158d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 20010 ebb83d15f0dd57dfbc8c84d4714b8ef7 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 15878 4014ffe19c87776268de3446ba285e71 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_i386.deb Size/MD5: 1643914 68eea9ea59d35b35cb949a406de5c9b9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 1689302 807531344823fc9a286b5ae7511020fe http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 3202090 66d309045f186a07c886d061440d5e21 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-curl_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 18870 e8eb9726de46eb207ac41a992bf9a4c8 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-domxml_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 38284 0d3392f73734f400f1934f28f2252eaf http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-gd_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 34002 dbc5e62935b72f8fa6f7b80206ca66ae http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-ldap_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 21474 818192591970cbbfe93e5d30db622030 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mcal_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 19310 f5d749f3b0a1371d8f59e036bd9cb50d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mhash_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 9314 165fec2b86b60d646d176df101116e2c http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-mysql_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 22680 d2aebe8f3db956a56dc5d02c9821df77 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-odbc_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 28402 f4e126be6945934a6b9aa7c92b523087 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-recode_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 8994 3edf33dd1e41c0f0e438144039f009ea http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-snmp_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 14328 8d0b9fa752c930cbc77602b4869a22df http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-sybase_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 22194 df61118cb96d51d0c7ba65604a8ba92d http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4-xslt_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 18058 eecac94a928382539ee0028e6cd80434 http://security.ubuntu.com/ubuntu/pool/universe/p/php4/php4_4.3.8-3ubuntu7.1_powerpc.deb Size/MD5: 1706958 da15f0cf0899b91fea48125d08dfc912 [ Part 2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ]