Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes PHP Buffer Overflow and Security Bypass Vulnerabilities

Title : Fedora Security Update Fixes PHP Buffer Overflow and Security Bypass Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-0683
CVE ID : CVE-2007-0906 - CVE-2007-0907 - CVE-2007-0908 - CVE-2007-0909 - CVE-2007-0910 - CVE-2007-0988
Rated as : High Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-21

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Fedora has released security updates to address multiple vulnerabilities identified in PHP. These issues could be exploited by attackers to bypass security restrictions or execute arbitrary commands. For additional information, see : VUPEN/ADV-2007-0546

Affected Products

Fedora Core 6
Fedora Core 5

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

7b9b09babaa380dc8d587a63dd8079abca2c1f47 SRPMS/php-5.1.6-3.4.fc6.src.rpm
7b9b09babaa380dc8d587a63dd8079abca2c1f47 noarch/php-5.1.6-3.4.fc6.src.rpm
9b8c93b07ce55cf46269eed4f14be2117502fa35 ppc/php-dba-5.1.6-3.4.fc6.ppc.rpm
0d3276247300e32005e63733dac8e9d8abfebf2a ppc/php-cli-5.1.6-3.4.fc6.ppc.rpm
27c273659f4876bec4a764d6c9dabd3a6d8ce47e ppc/php-common-5.1.6-3.4.fc6.ppc.rpm
f8bf63002e18b2204335f0f699b21844d10ed692 ppc/php-snmp-5.1.6-3.4.fc6.ppc.rpm
d2f76a00d4146beb9931bfa62a0d9133a0631725 ppc/php-pgsql-5.1.6-3.4.fc6.ppc.rpm
a12fe3a9f9a21a66d773d00f01f967070dbe1db4 ppc/php-ncurses-5.1.6-3.4.fc6.ppc.rpm
406c4930f71b5ee7598972bbd5a0fad108595d87 ppc/php-odbc-5.1.6-3.4.fc6.ppc.rpm
b1e3a2eccc1e004713897100964fc23ab6034332 ppc/php-soap-5.1.6-3.4.fc6.ppc.rpm
c61eff9975e3759b50a2c01f9e43484bbd570673 ppc/php-devel-5.1.6-3.4.fc6.ppc.rpm
662b8cd81d18d41647fd17967ebfbf97c9e47733 ppc/php-pdo-5.1.6-3.4.fc6.ppc.rpm
06c697a807bae46bff25d19640295aa5ac6af363 ppc/php-xmlrpc-5.1.6-3.4.fc6.ppc.rpm
f97ccc141d638bcb0d6ab9dc330098dd92c357aa ppc/php-5.1.6-3.4.fc6.ppc.rpm
025dc3700043b40dac0cd2ea74da2427183e2829 ppc/php-gd-5.1.6-3.4.fc6.ppc.rpm
d70740454c0779318d375d4c75fa1008184adbfd ppc/php-mysql-5.1.6-3.4.fc6.ppc.rpm
7f1b6cffb8136eae282e18920a592ad0599a46b6 ppc/php-ldap-5.1.6-3.4.fc6.ppc.rpm
67bb7febc969014df3f8beb3b1ecc231c86c9067 ppc/php-xml-5.1.6-3.4.fc6.ppc.rpm
a223d6c4a9bc29b9732538f0d321a1c8489c7197 ppc/php-imap-5.1.6-3.4.fc6.ppc.rpm
192b26bc0e30825d39c638065a763f452ad2c054 ppc/php-bcmath-5.1.6-3.4.fc6.ppc.rpm
4b09d78251135ddeadbba06801429cce1816aaa3 ppc/php-mbstring-5.1.6-3.4.fc6.ppc.rpm
435a2d2dec67e406b47f861a1c7e75389bb4f0ec ppc/debug/php-debuginfo-5.1.6-3.4.fc6.ppc.rpm
04f7c9846d98e2e8d1d8f4679ea6c66e140d37f3 x86_64/php-cli-5.1.6-3.4.fc6.x86_64.rpm
c91d9cb9463d33703e94a0dcef8199b6df6955aa x86_64/php-dba-5.1.6-3.4.fc6.x86_64.rpm
711ca7310f0080b2cdf6d9c0c18225c090a56bf0 x86_64/debug/php-debuginfo-5.1.6-3.4.fc6.x86_64.rpm
8f823d70a331464c66b4d36158252251f4bb188b x86_64/php-xml-5.1.6-3.4.fc6.x86_64.rpm
74d5a0f5f52bbc1279ebf57335697a18b633e4bf x86_64/php-5.1.6-3.4.fc6.x86_64.rpm
2193a252d2aba8579de10edfe18b2e7c9dcea2d3 x86_64/php-snmp-5.1.6-3.4.fc6.x86_64.rpm
a51a85403e132dd45a4b4154872f9f6bfab94140 x86_64/php-pgsql-5.1.6-3.4.fc6.x86_64.rpm
f825093b1b80729d490e27a92add197ee177b623 x86_64/php-bcmath-5.1.6-3.4.fc6.x86_64.rpm
9eb9abb190d8409ce729fdf9b6c2b813fdbb50fb x86_64/php-common-5.1.6-3.4.fc6.x86_64.rpm
3dbb57bab24e6763524dd934cdfbc92998c28f20 x86_64/php-xmlrpc-5.1.6-3.4.fc6.x86_64.rpm
8142a27894e25cd408aeb354d136081af7980d28 x86_64/php-mysql-5.1.6-3.4.fc6.x86_64.rpm
e98fbc0d4dba2f264084bb59a38fc608d9583a54 x86_64/php-ncurses-5.1.6-3.4.fc6.x86_64.rpm
7968041fe2dd3900a66e7efbd0bfe3258779ecb5 x86_64/php-ldap-5.1.6-3.4.fc6.x86_64.rpm
3639702a352af9bf361a037932232a6aa2723262 x86_64/php-pdo-5.1.6-3.4.fc6.x86_64.rpm
4baf7cb8263d29ebad74f82e7dec5e82c4a944c6 x86_64/php-soap-5.1.6-3.4.fc6.x86_64.rpm
02e78ef41299b7b453c41370054ff32a19ab45b9 x86_64/php-odbc-5.1.6-3.4.fc6.x86_64.rpm
10d43aa4413a91a50af466a93827523151e82c1b x86_64/php-mbstring-5.1.6-3.4.fc6.x86_64.rpm
d89d395cb04877824d0013bf0052dc4fcc02851a x86_64/php-devel-5.1.6-3.4.fc6.x86_64.rpm
46b355db5d40d8cb1d2b37a97ff73826ad8f9b9a x86_64/php-imap-5.1.6-3.4.fc6.x86_64.rpm
e4d3af22b8216172c1e6869c84560237af000a48 x86_64/php-gd-5.1.6-3.4.fc6.x86_64.rpm
8854dbd2cdac7b8c5e1b2c0df66e1a240ec94374 i386/php-ldap-5.1.6-3.4.fc6.i386.rpm
83806c3c738000dde90ad071ef099accc7bdea87 i386/php-devel-5.1.6-3.4.fc6.i386.rpm
29131458541011f152e5dd4f8fc17e0a2bb65dfe i386/php-ncurses-5.1.6-3.4.fc6.i386.rpm
c7db44fc3b662517f5adc08f1abb8b6dbb2de969 i386/php-soap-5.1.6-3.4.fc6.i386.rpm
afc792f641459062889556e7ddc6f58d49cddcbb i386/php-gd-5.1.6-3.4.fc6.i386.rpm
3f32c58eeffeae2d00dea03646b850c79300ff4c i386/php-mbstring-5.1.6-3.4.fc6.i386.rpm
2e40e27b0c8f4ea8ecd98263865d52d9165674cd i386/php-xml-5.1.6-3.4.fc6.i386.rpm
25994dd791746536ec68513c61093869f57869d6 i386/php-xmlrpc-5.1.6-3.4.fc6.i386.rpm
fe3321e73d118822b7e96eefbcbbafef7dfab48b i386/php-common-5.1.6-3.4.fc6.i386.rpm
7166241a4dc4494a51f88ed569ff045ea43c5cff i386/debug/php-debuginfo-5.1.6-3.4.fc6.i386.rpm
f867ebd1e07dbc90fe94aecff36be2d9c283af90 i386/php-odbc-5.1.6-3.4.fc6.i386.rpm
2d61834a838c8b61c41aedcfd063e8fc6083cdb0 i386/php-dba-5.1.6-3.4.fc6.i386.rpm
a06e00e158acebb953808198d608da92cde271e0 i386/php-bcmath-5.1.6-3.4.fc6.i386.rpm
c778f92d0d3e3ed148d57b18febe46230362aec7 i386/php-pgsql-5.1.6-3.4.fc6.i386.rpm
87c95b809a0e77dbc0400709e197ebfcb676ac97 i386/php-snmp-5.1.6-3.4.fc6.i386.rpm
60a45e08a036090767b07a174d291db30f8fc57e i386/php-5.1.6-3.4.fc6.i386.rpm
ae7c85a6d029868aa83d272b1f44fa5fc2774df5 i386/php-cli-5.1.6-3.4.fc6.i386.rpm
1b25d339e8416be01e93799b01f85a3b3c165591 i386/php-mysql-5.1.6-3.4.fc6.i386.rpm
66d4277e2ae840ee87a7a8940112abc30e88206d i386/php-imap-5.1.6-3.4.fc6.i386.rpm
4808d76752ae8866198512026fdbf8debb66b7d9 i386/php-pdo-5.1.6-3.4.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3b061f65b70b34fbef62f1f65a3fa4333e41ab36 SRPMS/php-5.1.6-1.4.src.rpm
3b061f65b70b34fbef62f1f65a3fa4333e41ab36 noarch/php-5.1.6-1.4.src.rpm
5a24afb3d013455ced3218c8f523d8f84c25e0bb ppc/php-xml-5.1.6-1.4.ppc.rpm
fbac82de6d56570922fb8fa8acc5d19b8e2eaac5 ppc/php-dba-5.1.6-1.4.ppc.rpm
54d559127fec3e1768c77c72ec8fc5b7beef18e9 ppc/php-ldap-5.1.6-1.4.ppc.rpm
c8bc707f9aa2d1c306e21ac1aa22ff7bb48e1956 ppc/debug/php-debuginfo-5.1.6-1.4.ppc.rpm
26cc27f8f20800e022e4855c16fe6f7dd2b6b687 ppc/php-devel-5.1.6-1.4.ppc.rpm
f299be701a27f58a62452fca8fb8d3a8c3116049 ppc/php-gd-5.1.6-1.4.ppc.rpm
abf6d49a87cd7fa5ed94fe47b06e9b94dcbc720b ppc/php-mysql-5.1.6-1.4.ppc.rpm
edeac14484f1609e4966283556970c5d78985a35 ppc/php-imap-5.1.6-1.4.ppc.rpm
cdebab22f3df6b56801b3a6d828f0431a7840670 ppc/php-mbstring-5.1.6-1.4.ppc.rpm
ef6704adc6b52bf60acefa5a40fe8820dd260985 ppc/php-odbc-5.1.6-1.4.ppc.rpm
7913e46a19cc00212b81540872da77dd90ed93fe ppc/php-soap-5.1.6-1.4.ppc.rpm
12fae23a7b9b22d281d6de822d9bd34ec9073c1b ppc/php-bcmath-5.1.6-1.4.ppc.rpm
dabcbedca192d691affa5e1b6e8fabdcd9a09699 ppc/php-pdo-5.1.6-1.4.ppc.rpm
4d080964aae1aabab21cc771d3234d052974a03a ppc/php-snmp-5.1.6-1.4.ppc.rpm
2cbef2bc81e6b723ac3123fa19d35cb31704306f ppc/php-ncurses-5.1.6-1.4.ppc.rpm
d5831de4dd6f97dd5e50b1e35c0b5d3d94c549b3 ppc/php-xmlrpc-5.1.6-1.4.ppc.rpm
c41ae9293ff357a569f90e41f5ffdbe370e78981 ppc/php-5.1.6-1.4.ppc.rpm
25ccdd34065887149bdc76f4433609f3990bcbf2 ppc/php-pgsql-5.1.6-1.4.ppc.rpm
f7342fc8a87b31c7769341038be009453e57969e x86_64/php-xml-5.1.6-1.4.x86_64.rpm
4094d3cddd923db58e3a9d35539c38ec007c30ae x86_64/php-snmp-5.1.6-1.4.x86_64.rpm
c00a3e4d87c1903d9ace44c82952a69cf748ae3a x86_64/php-dba-5.1.6-1.4.x86_64.rpm
92cfd6eee0a9f69432ae033963071339bf41bded x86_64/debug/php-debuginfo-5.1.6-1.4.x86_64.rpm
79b95535324568f59a90cabafff598ce681cefe3 x86_64/php-odbc-5.1.6-1.4.x86_64.rpm
3f3d2724105055a14eb3e5ae84a4bd6f78d51dfb x86_64/php-mbstring-5.1.6-1.4.x86_64.rpm
583a38aa3e5eba89b750e992c837907686707b38 x86_64/php-soap-5.1.6-1.4.x86_64.rpm
23b0902bd5031e7f17f8ed49e1915ccad8e2756c x86_64/php-ncurses-5.1.6-1.4.x86_64.rpm
26589ce878963b6f01816bc80fcd233619a12531 x86_64/php-pgsql-5.1.6-1.4.x86_64.rpm
2bb6f903f4d09589195b8bfa0ea2d4b05ddff522 x86_64/php-5.1.6-1.4.x86_64.rpm
8ae38b5104656752920f26f62023959e3aaff3a2 x86_64/php-mysql-5.1.6-1.4.x86_64.rpm
2cb9256ffaa99045934bdc55a91f859c2026aea5 x86_64/php-gd-5.1.6-1.4.x86_64.rpm
dfb4127a9e9bdd09f7ea41be49299b70d9e14547 x86_64/php-xmlrpc-5.1.6-1.4.x86_64.rpm
54bcf579c5bb9d6ea0fa45546acadf2e3303a6dc x86_64/php-bcmath-5.1.6-1.4.x86_64.rpm
c92791ccc84d497821fc98f59ec40ff83acadf45 x86_64/php-imap-5.1.6-1.4.x86_64.rpm
cf32946c0300070d55dae8f46a87579da2303689 x86_64/php-pdo-5.1.6-1.4.x86_64.rpm
d40876346a93f3b9f38f8dc803bdd19b3b7f3cf5 x86_64/php-devel-5.1.6-1.4.x86_64.rpm
ca3c44aeea84297a96d42facdd31df442d06e316 x86_64/php-ldap-5.1.6-1.4.x86_64.rpm
9f0f3806b77b7936acfd4d3977a9364ee167c76a i386/php-xml-5.1.6-1.4.i386.rpm
f74abb78eae104c405cdfe158ab68ee3b52b7b9b i386/php-ldap-5.1.6-1.4.i386.rpm
cef9f63236317fad46ccb8009314054a7507369e i386/php-pdo-5.1.6-1.4.i386.rpm
2953d1aa54f7bbe01a13433742f5303747606107 i386/php-xmlrpc-5.1.6-1.4.i386.rpm
688e979d9625c287ff04ab732a7a157da8976f2a i386/php-mbstring-5.1.6-1.4.i386.rpm
86fd40c463190725748d8a0ff35a26e40cef8d40 i386/php-5.1.6-1.4.i386.rpm
6014c512fe4ef0512f0ca1f850fc8d06951b5aea i386/php-odbc-5.1.6-1.4.i386.rpm
00f9574c62f0f767762ec94b85e6ff65e991f56b i386/php-snmp-5.1.6-1.4.i386.rpm
8195b41ba6e9b60c1a0694cfa0b30e232061ee98 i386/debug/php-debuginfo-5.1.6-1.4.i386.rpm
2716cbc9275df6555673ccae4e33624e01fb50f4 i386/php-soap-5.1.6-1.4.i386.rpm
ab52b2c0e9ee2b5e9995eecfc42acb84d259b464 i386/php-dba-5.1.6-1.4.i386.rpm
aa0fbf478c12b0176693475831c41149f467f39b i386/php-devel-5.1.6-1.4.i386.rpm
de5fb54e3497c36f32517693f10c1147c291cf5a i386/php-gd-5.1.6-1.4.i386.rpm
032a7a160711274d5815447bd4e258d80eb375e3 i386/php-ncurses-5.1.6-1.4.i386.rpm
871275a31e13729362db4a83d1e4464cfcd0338f i386/php-bcmath-5.1.6-1.4.i386.rpm
4bb0aed5c2ffcc87a71d14d7609e31d60453b7e1 i386/php-pgsql-5.1.6-1.4.i386.rpm
ad9b8790b30146d5be9184f951628c22e903bd1e i386/php-mysql-5.1.6-1.4.i386.rpm
5fc2d3423da640a14cace07b14340405cb44c07e i386/php-imap-5.1.6-1.4.i386.rpm

References

http://www.vupen.com/english/advisories/2007/0683
https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00118.html
https://www.redhat.com/archives/fedora-package-announce/2007-February/msg00152.html

ChangeLog

2007-02-21 : Initial release
2007-02-26 : Updated Solution

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy