From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-2018-1
[email protected] http://www.debian.org/security/ Raphael Geissert
March 18, 2010
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : php5
Vulnerability : DoS (crash)
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2010-0397
Debian Bug : 573573
Auke van Slooten discovered that PHP 5, an hypertext preprocessor,
crashes (because of a NULL pointer dereference) when processing invalid
XML-RPC requests.
For the stable distribution (lenny), this problem has been fixed in
version 5.2.6.dfsg.1-1+lenny8.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 5.3.2-1.
We recommend that you upgrade your php5 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.diff.gz
Size/MD5 checksum: 175880 1343f7c30c8b765ae035073de648774a
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8.dsc
Size/MD5 checksum: 2529 93b23f073a18e3b0c4c50852f8615faa
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1.orig.tar.gz
Size/MD5 checksum: 12173741 b80fcee38363f031229368ceff8ced58
Architecture independent packages:
http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.6.dfsg.1-1+lenny8_all.deb
Size/MD5 checksum: 334494 612135a669d48380f2648bb8c1e30c0c
http://security.debian.org/pool/updates/main/p/php5/php5_5.2.6.dfsg.1-1+lenny8_all.deb
Size/MD5 checksum: 1082 149057986a253a51989ae5f1c307c5c9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 41624 23f7f86a2b7acc13d8ec8b2cd9e2b29c
http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 71704 98c6c8e1feca5f5adfe4de1b44ad088f
http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 14056 ca9dc8c8828822128ad002b310fdf712
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5filter_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 2673610 1a9e87634ba19217cbc25afab0edc564
http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 2674690 2f6fcc0691884db6fa10513e82173941
http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 37162 6e4eed0759bdaf07ea75aeb51ec42d80
http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 8928 6cc853320cfde468580bbca1bc12b425
http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 2598958 c6e2103129cc9e12e0beca4d5dd3ff2d
http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 17674 f2ca7c8501e14d2dd538bb44717b8326
http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 370092 07005c92ce756d36853c2560e54e38d0
http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 39398 869e5276439c32201f9fa769a842e7c4
http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 5164648 f7a5bf3d2e1926ca92f8bb6ef1d953a1
http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 57872 65c29cec7106023f8c743d1bb16878ca
http://security.debian.org/pool/updates/main/p/php5/php5-dbg_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 19514912 bd114bccc52de12fa00a1780a2363a2b
http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 37512 b25a8f416a3db6e6001de00540dc1f9a
http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 19678 6b7a6f30863b3c93baecfd315083464a
http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 13800 aae53d320604b2fc5652ee6a28e8c26f
http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 36656 c9a39626029ee8f0904e0fe6ab759504
http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 5084 c261280151d679dafbd9f6b98d5acc66
http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 28198 bf71d3111caad534f738091c165cdf91
http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 362774 67193f87d8462920107fa7c165c03336
http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 24996 e57cca00ba7e15bc97723c84416f9d1f
http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.6.dfsg.1-1+lenny8_alpha.deb
Size/MD5 checksum: 12338 1f649c0539d2eb5f303d983d131e977f
http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.6.dfsg.1-1+lenny8_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)