OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 03-Dec-2005 19:21:40
Branch: HEAD Handle: 2005120318213900
Added files:
openpkg-web/security OpenPKG-SA-2005.027-php.txt
Log:
release OpenPKG Security Advisory 2005.027 (php)
Summary:
Revision Changes Path
1.1 +90 -0 openpkg-web/security/OpenPKG-SA-2005.027-php.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2005.027-php.txt
============================================================================
$ cvs diff -u -r0 -r1.1 OpenPKG-SA-2005.027-php.txt
--- /dev/null 2005-12-03 19:21:35 +0100
+++ OpenPKG-SA-2005.027-php.txt 2005-12-03 19:21:39 +0100
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+________________________________________________________________________
+
+OpenPKG Security Advisory The OpenPKG Project
+http://www.openpkg.org/security.html http://www.openpkg.org
[EMAIL PROTECTED] [EMAIL PROTECTED]
+OpenPKG-SA-2005.027 03-Dec-2005
+________________________________________________________________________
+
+Package: php
+Vulnerability: multiple ones
+OpenPKG Specific: no
+
+Affected Releases: Affected Packages: Corrected Packages:
+OpenPKG CURRENT <= php-4.4.0-20051004 >= php-4.4.1-20051031
+OpenPKG 2.5 <= php-4.4.0-2.5.1 >= php-4.4.0-2.5.2
+ <= apache-1.3.33-2.5.3 >= apache-1.3.33-2.5.4
+OpenPKG 2.4 <= php-4.3.11-2.4.1 >= php-4.3.11-2.4.2
+ <= apache-1.3.33-2.4.3 >= apache-1.3.33-2.4.4
+OpenPKG 2.3 <= php-4.3.10-2.3.3 >= php-4.3.10-2.3.4
+ <= apache-1.3.33-2.3.5 >= apache-1.3.33-2.3.6
+
+Description:
+ Multiple vulnerabilities were recently found in the PHP [1] web
+ scripting language:
+
+ 1. The "exif_read_data" function in the EXIF module in PHP before
+ 4.4.1 allows remote attackers to cause a Denial of Service (DoS)
+ through an infinite recursion via a malformed JPEG image. The
+ Common Vulnerabilities and Exposures (CVE) project assigned the id
+ CVE-2005-3353 [2] to the problem.
+
+ 2. A Cross-Site Scripting (XSS) vulnerability in the "phpinfo"
+ function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote
+ attackers to inject arbitrary web script or HTML via a crafted URL
+ with a "stacked array assignment". The Common Vulnerabilities and
+ Exposures (CVE) project assigned the id CVE-2005-3388 [3] to the
+ problem.
+
+ 3. The "parse_str" function in PHP 4.x up to 4.4.0 and 5.x up to
+ 5.0.5, when called with only one parameter, allows remote attackers
+ to enable the "register_globals" directive via inputs that cause a
+ request to be terminated due to the "memory_limit" setting, which
+ causes PHP to set an internal flag that enables "register_globals" and
+ allows attackers to exploit vulnerabilities in PHP applications that
+ would otherwise be protected. The Common Vulnerabilities and Exposures
+ (CVE) project assigned the id CVE-2005-3389 [4] to the problem.
+
+ 4. The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up
+ to 5.0.5, when "register_globals" is enabled, allows remote attackers
+ to modify the "GLOBALS" array and bypass security protections of PHP
+ applications via a "multipart/form-data" POST request with a "GLOBALS"
+ "fileupload" field. The Common Vulnerabilities and Exposures (CVE)
+ project assigned the id CVE-2005-3390 [5] to the problem.
+
+ 5. Multiple vulnerabilities in PHP before 4.4.1 allow remote
+ attackers to bypass "safe_mode" and "open_basedir" restrictions
+ via unknown attack vectors in the "curl" and "gd" extensions. The
+ Common Vulnerabilities and Exposures (CVE) project assigned the id
+ CVE-2005-3391 [6] to the problem.
+
+ 6. The additionally discovered issue CVE-2005-3392 doesn't affect PHP
+ under the OpenPKG platforms.
+________________________________________________________________________
+
+References:
+ [1] http://www.php.net/
+ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
+ [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
+ [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
+ [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390
+ [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
+________________________________________________________________________
+
+For security reasons, this advisory was digitally signed with the
+OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) of the
+OpenPKG project which you can retrieve from http://pgp.openpkg.org and
+hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org/
+for details on how to verify the integrity of this advisory.
+________________________________________________________________________
+
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFDkeIjgHWT4GPEy58RAr0kAKDI3vR3w7KhCg2iQ5h9au1LiYv2ogCdF4c7
+IgeVMyxYVnQdAh6vmLP1kJE=
+=hdmj
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
