1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2195-1] php5 security update

    From Raphael Geissert@1:229/2 to All on Sun Mar 20 01:10:01 2011
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2195-1 [email protected] http://www.debian.org/security/ Raphael Geissert
    March 19, 2011 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    Vulnerability : several
    Problem type : local/remote
    Debian-specific: yes/no
    CVE ID : CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870
    CVE-2010-4150

    Stephane Chazelas discovered that the cronjob of the PHP 5 package in
    Debian suffers from a race condition which might be used to remove
    arbitrary files from a system (CVE-2011-0441).

    When upgrading your php5-common package take special care to _accept_
    the changes to the /etc/cron.d/php5 file. Ignoring them would leave the
    system vulnerable.

    For the oldstable distribution (lenny), this problem has been fixed in
    version 5.2.6.dfsg.1-1+lenny10.

    For the stable distribution (squeeze), this problem has been fixed in
    version 5.3.3-7+squeeze1.

    For the unstable distribution (sid), this problem has been fixed in
    version 5.3.6-1.

    Additionally, the following vulnerabilities have also been fixed in the oldstable distribution (lenny):

    CVE-2010-3709

    Maksymilian Arciemowicz discovered that the ZipArchive class
    may dereference a NULL pointer when extracting comments from a zip
    archive, leading to application crash and possible denial of
    service.

    CVE-2010-3710

    Stefan Neufeind discovered that the FILTER_VALIDATE_EMAIL filter
    does not correctly handle long, to be validated, strings. Such
    crafted strings may lead to denial of service because of high memory
    consumption and application crash.

    CVE-2010-3870

    It was discovered that PHP does not correctly handle certain UTF-8
    sequences and may be used to bypass XSS protections.

    CVE-2010-4150

    Mateusz Kocielski discovered that the imap extension may try to
    free already freed memory when processing user credentials, leading
    to application crash and possibly arbitrary code execution.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.11 (GNU/Linux)

    iEYEARECAAYFAk2FQSEACgkQYy49rUbZzlqRlgCfXkCAKI9NMfxJKGG0wembelXl f2gAn1e3qpSbHJ/4BnRII0MZyRSJSZMD
    =pm92
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Martin Gleadow@1:229/2 to Raphael Geissert on Wed Mar 30 11:10:01 2011
    XPost: linux.debian.security
    From: [email protected]

    We should evaluate this.

    MG.

    On 19 March 2011 23:49, Raphael Geissert <[email protected]> wrote:
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2195-1                   [email protected]
    http://www.debian.org/security/                          Raphael Geissert
    March 19, 2011                         http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : php5
    Vulnerability  : several
    Problem type   : local/remote
    Debian-specific: yes/no
    CVE ID         : CVE-2011-0441 CVE-2010-3709 CVE-2010-3710 CVE-2010-3870                 CVE-2010-4150

    Stephane Chazelas discovered that the cronjob of the PHP 5 package in
    Debian suffers from a race condition which might be used to remove
    arbitrary files from a system (CVE-2011-0441).

    When upgrading your php5-common package take special care to _accept_
    the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.

    For the oldstable distribution (lenny), this problem has been fixed in version 5.2.6.dfsg.1-1+lenny10.

    For the stable distribution (squeeze), this problem has been fixed in
    version 5.3.3-7+squeeze1.

    For the unstable distribution (sid), this problem has been fixed in
    version 5.3.6-1.

    Additionally, the following vulnerabilities have also been fixed in the oldstable distribution (lenny):

    CVE-2010-3709

       Maksymilian Arciemowicz discovered that the ZipArchive class
       may dereference a NULL pointer when extracting comments from a zip
       archive, leading to application crash and possible denial of
       service.

    CVE-2010-3710

       Stefan Neufeind discovered that the FILTER_VALIDATE_EMAIL filter
       does not correctly handle long, to be validated, strings. Such
       crafted strings may lead to denial of service because of high memory
       consumption and application crash.

    CVE-2010-3870

       It was discovered that PHP does not correctly handle certain UTF-8
       sequences and may be used to bypass XSS protections.

    CVE-2010-4150

       Mateusz Kocielski discovered that the imap extension may try to
       free already freed memory when processing user credentials, leading
       to application crash and possibly arbitrary code execution.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.11 (GNU/Linux)

    iEYEARECAAYFAk2FQSEACgkQYy49rUbZzlqRlgCfXkCAKI9NMfxJKGG0wembelXl f2gAn1e3qpSbHJ/4BnRII0MZyRSJSZMD
    =pm92
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]





    --

    Martin Gleadow - Systems Manager
    Technophobia Limited
    The Workstation
    15 Paternoster Row
    SHEFFIELD
    England
    S1 2BX
    t: +44 (0)114 221 2123
    f: +44 (0)114 221 2124
    e: [email protected]
    w: http://www.technophobia.com/
    twitter.com/WeTechnophobia

    Registered in England and Wales Company No. 3063669
    VAT registration No. 598 7858 42
    ISO 9001:2000 Accredited Company No. 21227
    ISO 14001:2004 Accredited Company No. E997
    ISO 27001:2005 (BS7799) Accredited Company No. IS 508906
    Investor in People Certified No. 101507

    The contents of this email are confidential to the addressee
    and are intended solely for the recipients use. If you are not
    the addressee, you have received this email in error.
    Any disclosure, copying, distribution or action taken in
    reliance on it is prohibited and may be unlawful.

    Any opinions expressed in this email are those of the author
    personally and not Technophobia Limited who do not accept
    responsibility for the contents of the message.

    All email