NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q3

[sec-adv] Mandrake update for PHP

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Mon Aug 04 2003 - 06:48:13 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Mandrake update for PHP

READ ONLINE:
http://www.secunia.com/advisories/9430/

CRITICAL:
Moderately critical

IMPACT:
Cross Site Scripting, System access

WHERE:
From remote

OPERATING SYSTEM:
Mandrake Linux 8.x
Mandrake Linux 9.x
Mandrake Multi Network Firewall 8.x
Mandrake Corporate Server 2.x

DESCRIPTION:
MandrakeSoft has issued updated packages for PHP. These fix a
vulnerability, which can be exploited by a malicious person to
conduct Cross-Site Scripting attacks against other people.

NOTE: Two older vulnerabilities in the "mail()" function in Mandrake
Linux 8.2 have also been fixed. These can be exploited to bypass safe
mode restrictions and possibly arbitrary code execution.

For more information:
http://www.secunia.com/advisories/8947/

SOLUTION:
Upgrade automatically using MandrakeUpdate or manually by downloading
the updated packages from one of MandrakeSoft's FTP server mirrors:

http://www.mandrakesecure.net/en/ftp.php

Updated Packages:

-- Corporate Server 2.1 --

758b1a556caf000d93413eb8c15753c4
corporate/2.1/RPMS/php-4.2.3-4.1mdk.i586.rpm
e1d95a181a57c88856f48171fd0d9cff
corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.i586.rpm
60e292858ee79c53e429a141253fa388
corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm
5a1f0075209cb38b3fdba3eeaf785e25
corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm
e509b58e93bf56cac67ccc698db40f51
corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm

x86_64:
5d16fe6239287e468dd75852cb43e6d3
x86_64/corporate/2.1/RPMS/php-4.2.3-4.1mdk.x86_64.rpm
d712ce373cd416f7e523dba8b0171ccc
x86_64/corporate/2.1/RPMS/php-common-4.2.3-4.1mdk.x86_64.rpm
51bd73c0704e20fac62d98e2380edb3e
x86_64/corporate/2.1/RPMS/php-devel-4.2.3-4.1mdk.x86_64.rpm
06ef571267aaa0a2e614873d888dbb63
x86_64/corporate/2.1/RPMS/php-pear-4.2.3-4.1mdk.x86_64.rpm
e509b58e93bf56cac67ccc698db40f51
x86_64/corporate/2.1/SRPMS/php-4.2.3-4.1mdk.src.rpm

-- Mandrake Linux 8.2 --

a7ba8429a705ba764be5be5baa5d8f92 8.2/RPMS/php-4.1.2-1.1mdk.i586.rpm
848bd3bb74b2fa3b24d9a1f05ca651c2
8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm
3b94f6e3e8ba24fa5b71fa93e3d2eb25
8.2/RPMS/php-devel-4.1.2-1.1mdk.i586.rpm
465bdb929c9df6bb156b2910a2a21b98 8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

PPC:
10fd0c4e0d65516654bee858d40b66af
ppc/8.2/RPMS/php-4.1.2-1.1mdk.ppc.rpm
d3f047831dc4b093eb30b8e343256207
ppc/8.2/RPMS/php-common-4.1.2-1.1mdk.ppc.rpm
96c4e2196b61066b6a57c013265ff612
ppc/8.2/RPMS/php-devel-4.1.2-1.1mdk.ppc.rpm
465bdb929c9df6bb156b2910a2a21b98
ppc/8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

-- Mandrake Linux 9.0 --

758b1a556caf000d93413eb8c15753c4 9.0/RPMS/php-4.2.3-4.1mdk.i586.rpm
e1d95a181a57c88856f48171fd0d9cff
9.0/RPMS/php-common-4.2.3-4.1mdk.i586.rpm
60e292858ee79c53e429a141253fa388
9.0/RPMS/php-devel-4.2.3-4.1mdk.i586.rpm
5a1f0075209cb38b3fdba3eeaf785e25
9.0/RPMS/php-pear-4.2.3-4.1mdk.i586.rpm
e509b58e93bf56cac67ccc698db40f51 9.0/SRPMS/php-4.2.3-4.1mdk.src.rpm

-- Mandrake Linux 9.1 --

6b619580c7746d6fb7de30e18ccbc8eb
9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm
2257ab6cab4132c3cb3d7194b24f385f
9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm
eefa69b71480d00a111e7ad05f74576a
9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm
a60a59d10f0450b324f2b1b5562da780
9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm
e5e4397440f44a88bec02fc10328c745 9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm

PPC:
6b619580c7746d6fb7de30e18ccbc8eb
ppc/9.1/RPMS/libphp_common430-430-11.1mdk.i586.rpm
2257ab6cab4132c3cb3d7194b24f385f
ppc/9.1/RPMS/php-cgi-4.3.1-11.1mdk.i586.rpm
eefa69b71480d00a111e7ad05f74576a
ppc/9.1/RPMS/php-cli-4.3.1-11.1mdk.i586.rpm
a60a59d10f0450b324f2b1b5562da780
ppc/9.1/RPMS/php430-devel-430-11.1mdk.i586.rpm
e5e4397440f44a88bec02fc10328c745
ppc/9.1/SRPMS/php-4.3.1-11.1mdk.src.rpm

-- Multi Network Firewall 8.2 --

848bd3bb74b2fa3b24d9a1f05ca651c2
mnf8.2/RPMS/php-common-4.1.2-1.1mdk.i586.rpm
465bdb929c9df6bb156b2910a2a21b98
mnf8.2/SRPMS/php-4.1.2-1.1mdk.src.rpm

ORIGINAL ADVISORY:
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:082

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]