[php-maint] php4/php5 updates for oldstable/stable

sean finney seanius at debian.org
Thu Sep 20 20:58:01 UTC 2007 

hey guys... it's that time again.  php packages fixing the latest batch of 
(mostly minor) security issues are prep'd, built, and uploaded to 
security-master.  here's a list of the CVE's that they fix:

==============================
(php4/sarge, php4/etch, php5/etch)

    - CVE-2007-3799

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 
5.2.3 allows remote attackers to insert arbitrary attributes into the session 
cookie via special characters in a cookie that is obtained from (1) 
PATH_INFO, (2) the session_id function, and (3) the session_start function, 
which are not encoded or filtered when the new session cookie is generated.

    - CVE-2007-4657

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, 
allow remote attackers to obtain sensitive information (memory contents) or 
cause a denial of service (thread crash) via a large len value to the (1) 
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: 
this affects different product versions than CVE-2007-3996.

(php5/etch only)

    - CVE-2007-3998

The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not 
properly use the breakcharlen variable, which allows remote attackers to 
cause a denial of service (divide-by-zero error and application crash, or 
infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' 
argument set.

    - CVE-2007-4658

The money_format function in PHP before 5.2.4 permits multiple (1) %i and 
(2) %n tokens, which has unknown impact and attack vectors, possibly related 
to a format string vulnerability.

    - CVE-2007-4659

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle 
an interruption to the flow of execution triggered by a memory_limit 
violation, which has unknown impact and attack vectors.

    - CVE-2007-4660

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has 
unknown impact and attack vectors, related to an incorrect size calculation.
(fixed with the strcspn patch above)

    - CVE-2007-4662

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has 
unknown impact and attack vectors.

=====================================


let me know if you need anything else from me!



	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070920/3e73ed66/attachment.pgp

More information about the pkg-php-maint mailing list