Forum: >>> Magnum BBS <<<

[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities

From Raphael Geissert@1:229/2 to All on Fri Feb 19 16:00:01 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2001-1 [email protected] http://www.debian.org/security/ Raphael Geissert February 19, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : php5
Vulnerability : multiple
Problem type : remote(local)
Debian-specific: no
CVE Id(s) : CVE-2009-4142 CVE-2009-4143

Several remote vulnerabilities have been discovered in PHP 5, an
hypertext preprocessor. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-4142

The htmlspecialchars function does not properly handle invalid
multi-byte sequences.

CVE-2009-4143

Memory corruption via session interruption.

In the stable distribution (lenny), this update also includes bug fixes
(bug #529278, #556459, #565387, #523073) that were to be included in a
stable point release as version 5.2.6.dfsg.1-1+lenny5.

For the stable distribution (lenny), these problems have been fixed in
version 5.2.6.dfsg.1-1+lenny6.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 5.2.12.dfsg.1-1.

We recommend that you upgrade your php5 packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny (stable)
- -----------------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6.dsc
Size/MD5 checksum: 2529 b430570eb120ee6f86f34cbc8e3ad758
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6.diff.gz
Size/MD5 checksum: 175148 331934dafbcf953a41f68d2b7013e120

Architecture independent packages:

http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny6_all.deb
Size/MD5 checksum: 334526 dd04f9f87db2b2416a90f788e290903c
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny6_all.deb
Size/MD5 checksum: 1078 cfd4ceaa7ad5290c75366f4ce40f7bcb

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 19678 b269cad260c4bc83ef73d42e7bd09239
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 71712 20168caa306266bd10e31c01c74b9731
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 37164 cc09a9a669f46699128bbe8aa1d0a09a
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 5074 c93fe33b0ab96df53e4560973cc1e9a2
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 13796 63f962eda65e8164b3586bd1d388fa1b
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 14054 366ef18b6991463b83cf3aaba6825cfe
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 37520 f5a709c71ae7372d35c40aea2224e1ed
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 12328 03313d1a719edd3f4b56d7f5a55c3384
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 41626 89ef523fc9886e03f8ed3d620c92a784
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 8924 0f8127801e0a41983f403a6ac4d09341
http://security.debian.org/pool/updates/main/p/php5/php5-gmp_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 15824 f121eb87aa4db48d7ba435b952a86c23
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 5412 690deda132cee27d2a9a7a3f516e61e9
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 2673598 0ea144b38d510e1f1f8bfdd2b7afdfd7
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 19514918 f7cfab2b6dcac0430cac45d85d43994d
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 25000 822a36b66eb8b8bf573849e30a5f36ff
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 17666 f7e0ae38816c0194b333cb5a944c672b
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 2674704 d21e3a7e432e8b1e8f84a5ad16678e58
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 5164664 ec3943b82e4728d0bcf2f47fd43007dd
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 39394 23339b818b6f8b506ee4b02abd78e8dc
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 369834 2afc8de2aa5ad2f911db33b781eac12a
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny6_alpha.deb
Size/MD5 checksum: 362780 a851412b6f5a04dfe1a20d55e60a28e4
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny6_alpha.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	145:09:54
Calls:	12,089
Calls today:	2
Files:	15,000
Messages:	6,517,496

[SECURITY] [DSA-2001-1] New php5 packages fix multiple vulnerabilities

Who's Online

Recent Visitors

System Info