[php-maint] new version of php4 fixes multiple vulnerabilities
sean finney
seanius at debian.org
Mon Mar 5 00:36:06 CET 2007
hey guys,
it's that time again... i've finally managed to get all relevant
combinations of php4/php5/sarge/etch in shape. for those not following
from home, these fixes are the result of the month of php bugs effort by
the folks at hardened php. the changelog should give a summary of the
situation:
php4 (4:4.3.10-19) stable-security; urgency=high
* NMU prepared for the security team by the package maintainer
* The following security issues are addressed with this update:
- CVE-2007-0906: Multiple buffer overflows in various code:
* session (addressed in patch for CVE-2007-0910 below)
* imap (CVE-2007-0906-imap.patch)
* str_replace: (CVE-2007-0906-strreplace.patch)
* the zip, sqlite, stream filters, mail, and interbase related
vulnerabilities in this CVE do not affect the debian sarge php4
source package.
- CVE-2007-0907: Buffer underflow in sapi_header_op
(CVE-2007-0907.patch)
- CVE-2007-0908: wddx module information disclosure
(CVE-2007-0908.patch)
- CVE-2007-0909: More buffer overflows:
* the odbc_result_all function (CVE-2007-0909-odbc.patch)
* various formatted print functions (CVE-2007-0909-printf.patch)
- CVE-2007-0910: Clobbering of super-global variables
(CVE-2007-0910.patch)
- CVE-2007-0988: DoS in unserialize on 64bit platforms
(CVE-2007-0988.patch) * The package maintainers would like to thank Joe
Orton from redhat and
Martin Pitt from ubuntu for their help in the preparation of this
update.
packages, and the diff.gz are available at:
http://people.debian.org/~seanius/security/php/
let me know if you need any further information.
sean
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070305/9f6c25a6/attachment.pgp
More information about the pkg-php-maint
mailing list