Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> Fedora Security Update Fixes PHP Buffer Overflow and Security Bypass Issues

Title : Fedora Security Update Fixes PHP Buffer Overflow and Security Bypass Issues
VUPEN ID : VUPEN/ADV-2007-3271
CVE ID : CVE-2007-2756 - CVE-2007-2872 - CVE-2007-3799 - CVE-2007-3996 - CVE-2007-3998 - CVE-2007-4658 - CVE-2007-4670
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-09-26

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format 

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to bypass security restrictions, cause a denial of service or execute arbitrary code. These issues are caused by errors in PHP. For additional information, see : VUPEN/ADV-2007-3023

Affected Products

Fedora 7
Fedora Core 6

Solution

Upgrade the affected packages :

d3f958088df6e28e7c475038441b27b192bfe265 php-mhash-5.2.4-1.fc7.ppc64.rpm
a25cbabc315bc998a9943efa05289a94450ad374 php-bcmath-5.2.4-1.fc7.ppc64.rpm
1b3901979cf3e682554dc37326ac05982cc44e79 php-cli-5.2.4-1.fc7.ppc64.rpm
02847b0a9f5ab051f8a0b31ab269e94fa13e1ee2 php-common-5.2.4-1.fc7.ppc64.rpm
c5d73839db18de17f9e03017691086c1780e6de8 php-xmlrpc-5.2.4-1.fc7.ppc64.rpm
4bf69622e0dd8b521014413d7ac017b47b3a9ca0 php-xml-5.2.4-1.fc7.ppc64.rpm
7f49e173731ce5b4c9dfe5be3b3acd54351fecb7 php-dba-5.2.4-1.fc7.ppc64.rpm
fda92a4a54cebaadbf69426aeb5a7b7cf900090b php-pgsql-5.2.4-1.fc7.ppc64.rpm
8515878ea580b2bdad1c189765fcdee6185fa988 php-ldap-5.2.4-1.fc7.ppc64.rpm
099fdc5b87656a3e36685ecec94e9edf77446516 php-mssql-5.2.4-1.fc7.ppc64.rpm
d7922eaf0ec3006c64c67bb89f028da18b52a9c4 php-pdo-5.2.4-1.fc7.ppc64.rpm
ac731b8cd45b264d8c6cf623b4e49b7f71b87947 php-devel-5.2.4-1.fc7.ppc64.rpm
67914f1367c7df3755be47b5661550d334ce1e8c php-ncurses-5.2.4-1.fc7.ppc64.rpm
1b07ec6a7c5f7ee547ad63eadad4ceecd676a8fc php-odbc-5.2.4-1.fc7.ppc64.rpm
09bf5149149e619b311a273337514860ebe0af7e php-tidy-5.2.4-1.fc7.ppc64.rpm
a52562d06a6e51f514d9fe7521b787c5f37ffed5 php-soap-5.2.4-1.fc7.ppc64.rpm
6ac79efe263a834c42e414bc56d1f1dea7e42a50 php-mysql-5.2.4-1.fc7.ppc64.rpm
38df9555d14c352c7320c4f69c47dd002427c1e7 php-5.2.4-1.fc7.ppc64.rpm
addbe25bf0d2e58c9d2bedabf07cfcfab77da7d7 php-snmp-5.2.4-1.fc7.ppc64.rpm
8f32ea46a21679d26ce238521167a9d573da80a3 php-mbstring-5.2.4-1.fc7.ppc64.rpm
bbe3e76b444a36962fea5c80b793b80a4277622f php-gd-5.2.4-1.fc7.ppc64.rpm
1b419b451372c1261fbbe66596ad02044f8540e0 php-debuginfo-5.2.4-1.fc7.ppc64.rpm
df2e2998801e2285d5499e2a75d4514b01f4e076 php-imap-5.2.4-1.fc7.ppc64.rpm
3d7c1904bef9b6f07aff192e34933d9b18619d59 php-mcrypt-5.2.4-1.fc7.ppc64.rpm
80c83b09fcfdc7c005252b9ebeeb6ca8f5c25c9b php-xml-5.2.4-1.fc7.i386.rpm
dcf58734c86e51804618720f91291344d3923fe3 php-xmlrpc-5.2.4-1.fc7.i386.rpm
551e70d6cb226217dec4c0b8c8b804e0e267abf6 php-bcmath-5.2.4-1.fc7.i386.rpm
d8cb51aa7650fb6c87e669e58638b385dd39352f php-mbstring-5.2.4-1.fc7.i386.rpm
8656287f84b554f1c4ef6695e3aca09a94a6d462 php-odbc-5.2.4-1.fc7.i386.rpm
7460899f1b6b83e5069afd5f040f571ede97e808 php-cli-5.2.4-1.fc7.i386.rpm
2cc7df1a06e7d71f26504190150cbf89dc7b74ac php-pdo-5.2.4-1.fc7.i386.rpm
14b4d6d84e95082b12c95026058e80d0e3878045 php-devel-5.2.4-1.fc7.i386.rpm
77d6c0aa9b51927ab0e572215e8b0da427ae8794 php-ncurses-5.2.4-1.fc7.i386.rpm
dc4eb1c19e10a8385082e96d511a7ced7da7ccc7 php-mcrypt-5.2.4-1.fc7.i386.rpm
8c9e0efc8eef3dfc7dc93a6f02ea18623845c712 php-debuginfo-5.2.4-1.fc7.i386.rpm
119e59b8d2bb6d0b6076738d8ba46b39603403ee php-snmp-5.2.4-1.fc7.i386.rpm
38be3c17dd86cfe4233c97579ed34711618a03ac php-imap-5.2.4-1.fc7.i386.rpm
e0a6f0423a67a7661d0fc2da676e7cf73210292b php-tidy-5.2.4-1.fc7.i386.rpm
f3e731dffcd07139956322661d96750f0fb9fc90 php-ldap-5.2.4-1.fc7.i386.rpm
5ca8dbf6c1f0c2abd973a51de759f76b307c9c82 php-pgsql-5.2.4-1.fc7.i386.rpm
c08d6d24e5f72d91660a39066069a08d6f62b1cf php-5.2.4-1.fc7.i386.rpm
af7e8a347c097384b7aedaabb044c3b67354a55c php-mssql-5.2.4-1.fc7.i386.rpm
2eb2b1d05c3bb9941cc115c7a57ae37d625f419b php-mysql-5.2.4-1.fc7.i386.rpm
ca02acee28acacae918329d26317cfd8988a4b8a php-soap-5.2.4-1.fc7.i386.rpm
8ce14b7e974ac5c10f168a6d45c4775cfbdc6d16 php-dba-5.2.4-1.fc7.i386.rpm
4987008590ec644ce9b5d09c916a933098cfc850 php-mhash-5.2.4-1.fc7.i386.rpm
45c05ca7e03c8a998f4c8efc5deae648114d4296 php-gd-5.2.4-1.fc7.i386.rpm
c260e36f67d5d0b186c0c8437fb75d8de001e582 php-common-5.2.4-1.fc7.i386.rpm
b94cef3bee1b09e8191add78bc6f25855feba17e php-mssql-5.2.4-1.fc7.x86_64.rpm
f8f24fa8653211ac08a59775ec0373fe3fc84931 php-mcrypt-5.2.4-1.fc7.x86_64.rpm
62dc83b8c15bd9678a745b7245c13de8d419c3a0 php-xml-5.2.4-1.fc7.x86_64.rpm
729cc5541c09ab2b08071935378fe9a922a7cfdd php-mhash-5.2.4-1.fc7.x86_64.rpm
2767c1419158c2772891e6d687d788315a620ecc php-common-5.2.4-1.fc7.x86_64.rpm
db2af5defc401cb1b7cf858b74af1b61902a6956 php-pdo-5.2.4-1.fc7.x86_64.rpm
7f13e42b8cd14eb27a48e9f56925c0a7f88251de php-bcmath-5.2.4-1.fc7.x86_64.rpm
c3ee71320a65739d00c7520fdbddafc86df2fa6a php-imap-5.2.4-1.fc7.x86_64.rpm
c7ae0dd726227a48e124b1cf898f52f44329a030 php-devel-5.2.4-1.fc7.x86_64.rpm
1f910f5709a16b1660096055ddfdbe2ccbae8140 php-mysql-5.2.4-1.fc7.x86_64.rpm
5e3bc6d73f73471837553c1fc890a9b98444a7c3 php-debuginfo-5.2.4-1.fc7.x86_64.rpm
dffb5816d67c6b301c39c41abf250e67463febcb php-dba-5.2.4-1.fc7.x86_64.rpm
b748a18b8c2e5bda850cf408d5d6c53c003c0f76 php-ncurses-5.2.4-1.fc7.x86_64.rpm
c71310d585a0ec41e763a9ce576441f22fe05705 php-snmp-5.2.4-1.fc7.x86_64.rpm
fb38abcf9dfcfcef40bca82bc1c11e0da4672954 php-5.2.4-1.fc7.x86_64.rpm
c9881734a7572ab64c5d9a7c375fc8d98d4f8d52 php-cli-5.2.4-1.fc7.x86_64.rpm
99d348e9d7295f39c2c5be100d25a4519b009c85 php-tidy-5.2.4-1.fc7.x86_64.rpm
dc6e45a1ca9db37679a76b5e3ee31bd090cd122e php-mbstring-5.2.4-1.fc7.x86_64.rpm
7582faa3d069dc4fd4c6b8434386f785a7ded621 php-pgsql-5.2.4-1.fc7.x86_64.rpm
40924ef4a541b7f7cd194bcde4121ab4646c1c69 php-gd-5.2.4-1.fc7.x86_64.rpm
bdfdeb1cb345691f773a4ad56c886b20c8a28e6d php-odbc-5.2.4-1.fc7.x86_64.rpm
9509155519a01788f34b31b8e8dce0a3e93cd700 php-soap-5.2.4-1.fc7.x86_64.rpm
81e123dfcf28a342a04edd88d9727eb109319a30 php-ldap-5.2.4-1.fc7.x86_64.rpm
eb4db25d27f4afbc15f9b40604d77e04a3e1c627 php-xmlrpc-5.2.4-1.fc7.x86_64.rpm
faef9f73443f2b96dc9b57444630b91845feac27 php-xmlrpc-5.2.4-1.fc7.ppc.rpm
1f335637e61c93ce833fa96a9f6a4da48fd66b04 php-ncurses-5.2.4-1.fc7.ppc.rpm
7f2e965cd6a0e6542e819d9f70a343217463bcfe php-mssql-5.2.4-1.fc7.ppc.rpm
6548c17ecd7595b800272b46eb4d4544bb0951e7 php-debuginfo-5.2.4-1.fc7.ppc.rpm
b2e8ccb40ac03b8a5f8d2a6855e0b9553b1328bc php-mysql-5.2.4-1.fc7.ppc.rpm
fb2513962bf6af862397454a42dce95f3b443944 php-dba-5.2.4-1.fc7.ppc.rpm
fa22bb380783e4d2a788e3feecb5fdb245a66ebc php-pdo-5.2.4-1.fc7.ppc.rpm
9ed6ac0fa235a1990d998998f442fff7e368bdd9 php-soap-5.2.4-1.fc7.ppc.rpm
b575c4fbfdba833001772e7a911945576de540e1 php-snmp-5.2.4-1.fc7.ppc.rpm
067ae67d291dc9eb5c3a3653f1d6e342519b5775 php-xml-5.2.4-1.fc7.ppc.rpm
3f48a21c719f785fa47f956640bc0e0b91d5d193 php-mcrypt-5.2.4-1.fc7.ppc.rpm
42cbd89a26313cba7f380eee0cf7072445cd5e63 php-mhash-5.2.4-1.fc7.ppc.rpm
fe8863ee6c6bc42bab55ec15cf310a847b31225a php-imap-5.2.4-1.fc7.ppc.rpm
2735bc8bbcb75e29144f153ce1beb578f0f4f3c1 php-odbc-5.2.4-1.fc7.ppc.rpm
098d13c772c898e15de744a4e46c9c56baafab41 php-cli-5.2.4-1.fc7.ppc.rpm
f7f6bb9d1d96026c32dcb8535080f28cb0049570 php-5.2.4-1.fc7.ppc.rpm
262e2a9528474f9db722b9316817942ba4cd8adb php-devel-5.2.4-1.fc7.ppc.rpm
a59d1a18ef44ab99af3b2f883efbe155805f2fc1 php-tidy-5.2.4-1.fc7.ppc.rpm
257ed22fea9615748d29b8257612ed1f5dffb2ff php-ldap-5.2.4-1.fc7.ppc.rpm
6e36505857178f6a089d81a40accb16d832c7b54 php-mbstring-5.2.4-1.fc7.ppc.rpm
1c34b6390011f4ba9a9c2a2fb5afde14d36fc6d6 php-pgsql-5.2.4-1.fc7.ppc.rpm
b7af9531fa54b7c571b7dc89ced87fd669680f24 php-gd-5.2.4-1.fc7.ppc.rpm
182c52762ef541615f000b9a66bae6f5f9dae811 php-bcmath-5.2.4-1.fc7.ppc.rpm
eb5e06ca7fbcee11437fca69d00427a333151377 php-common-5.2.4-1.fc7.ppc.rpm
9daa847965805bbf24f019fa4e3ced8463a8e237 php-5.2.4-1.fc7.src.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

40617402ea17756914cc16cff8761708f4c84c8a SRPMS/php-5.1.6-3.7.fc6.src.rpm
40617402ea17756914cc16cff8761708f4c84c8a noarch/php-5.1.6-3.7.fc6.src.rpm
156a661d38364742764006f44e56c9db5a05a99c ppc/php-soap-5.1.6-3.7.fc6.ppc.rpm
c6b3a2282c55e53ce402f389fb9d67ac0803abe4 ppc/php-common-5.1.6-3.7.fc6.ppc.rpm
3b26a05eb9ef1df3144b096957270b93e201c74a ppc/php-mysql-5.1.6-3.7.fc6.ppc.rpm
1f66d45592fc6bbe44c44cd4352e92366d5504d0 ppc/php-xml-5.1.6-3.7.fc6.ppc.rpm
8bfa0fee16749a42cc181ad0c68f66ff5e08974c ppc/php-bcmath-5.1.6-3.7.fc6.ppc.rpm
f6f7f8e99e028fb007cc3566620a00dd68f33731 ppc/php-odbc-5.1.6-3.7.fc6.ppc.rpm
87e606c35c72878af5625e884a57b44d0b731446 ppc/php-imap-5.1.6-3.7.fc6.ppc.rpm
3265cb00d4f29a37e6ea50cc8676fd4e5f75226d ppc/php-mbstring-5.1.6-3.7.fc6.ppc.rpm
2da81f62336b2b3c241bc0fa424caeaa47a2d15a ppc/php-pdo-5.1.6-3.7.fc6.ppc.rpm
4066cee3f7a00a4cd59225210d9e4cfae6d2d1cd ppc/php-ldap-5.1.6-3.7.fc6.ppc.rpm
dcef339b4b7b21e58fbe65c79046e7d1b7c62739 ppc/php-cli-5.1.6-3.7.fc6.ppc.rpm
b8d1be39ee2913152baa65a79c3bb0927a0a91bc ppc/debug/php-debuginfo-5.1.6-3.7.fc6.ppc.rpm
68d3da614e1e0bae323fc0f0a0ec053366f16b44 ppc/php-5.1.6-3.7.fc6.ppc.rpm
e4ed88cee8ca8ba54d10b01a3640e6281475b9ad ppc/php-pgsql-5.1.6-3.7.fc6.ppc.rpm
ea20e1498063bc81abd19a96b8132ca7977b4762 ppc/php-dba-5.1.6-3.7.fc6.ppc.rpm
3869a097c54388ff5141b54a0ce00b8d452b1550 ppc/php-ncurses-5.1.6-3.7.fc6.ppc.rpm
355f42e6b1abbf0305cd9c70717972c25d8c0892 ppc/php-gd-5.1.6-3.7.fc6.ppc.rpm
b7c5c5b4752ca070eb8156d22b62cac5da4861bb ppc/php-xmlrpc-5.1.6-3.7.fc6.ppc.rpm
c8e1a662404d18cd5a13206facc260a6069f2af4 ppc/php-devel-5.1.6-3.7.fc6.ppc.rpm
06cc862f246a47aa7c27a96b7be16244fd5bdde9 ppc/php-snmp-5.1.6-3.7.fc6.ppc.rpm
85d7ec4dfdb1b3beef121e133924aa930cbffda6 x86_64/debug/php-debuginfo-5.1.6-3.7.fc6.x86_64.rpm
c67c441e4e16f650c17b50529c3d55ef6d3cca2b x86_64/php-mbstring-5.1.6-3.7.fc6.x86_64.rpm
c68cac45c3fb12cd4e0df49d92c6f1abea9874a0 x86_64/php-ncurses-5.1.6-3.7.fc6.x86_64.rpm
e42bf18d61e54ef1383072aa0dda6fd2ea9a72a3 x86_64/php-pgsql-5.1.6-3.7.fc6.x86_64.rpm
4e1fabe888a68c928c7f9a621d6a852a31b28e6a x86_64/php-soap-5.1.6-3.7.fc6.x86_64.rpm
7651ee688a52120680ce2c19af23e13c8b9ed71a x86_64/php-common-5.1.6-3.7.fc6.x86_64.rpm
b3ebec5c12f86a139ab64e1dd82e954f1f9ca17f x86_64/php-dba-5.1.6-3.7.fc6.x86_64.rpm
c4e64f31b419370aa3810c78bc48736592f16184 x86_64/php-snmp-5.1.6-3.7.fc6.x86_64.rpm
53f65efacbc81e43f6cef52abf6052a28cd45958 x86_64/php-bcmath-5.1.6-3.7.fc6.x86_64.rpm
7becddfd2c95ad56704b8296c31ffb7d54a38f38 x86_64/php-xmlrpc-5.1.6-3.7.fc6.x86_64.rpm
efc10eebadf9cb94056669bddad2c84b9e9bd011 x86_64/php-devel-5.1.6-3.7.fc6.x86_64.rpm
ec7541ab90abd13e2e864bfa6f20c1571aa9ae55 x86_64/php-mysql-5.1.6-3.7.fc6.x86_64.rpm
9a1992e0ee196ba9533d5a83d15b8b10a18b58ee x86_64/php-pdo-5.1.6-3.7.fc6.x86_64.rpm
1b1e3f81fd29a55021d1e2b5771ce6843d5fdd01 x86_64/php-gd-5.1.6-3.7.fc6.x86_64.rpm
a46df7dc6a38714fbd415574fbd71adc04384045 x86_64/php-ldap-5.1.6-3.7.fc6.x86_64.rpm
670f6464f884e1d54ebd2f5435161bb060912783 x86_64/php-imap-5.1.6-3.7.fc6.x86_64.rpm
476a85431df1f50ee9e1e93e7fb61c6f96c1483a x86_64/php-odbc-5.1.6-3.7.fc6.x86_64.rpm
1f72d6e4b1739c955d6a543aaac4551646339247 x86_64/php-5.1.6-3.7.fc6.x86_64.rpm
b22272c21f4cb2ffbb77c76a1e8179ff287c02cb x86_64/php-xml-5.1.6-3.7.fc6.x86_64.rpm
50d95bc2e0d5f69b14a779e74b69a1359cdbeff8 x86_64/php-cli-5.1.6-3.7.fc6.x86_64.rpm
8082b5f587e1a3b4e4430dbfe03b48da84c203a6 i386/php-snmp-5.1.6-3.7.fc6.i386.rpm
ea4786a52946c06b74100007de098297023e6cf0 i386/php-cli-5.1.6-3.7.fc6.i386.rpm
9096476c1f2c589d05b9d084433687caea0c8f3a i386/php-mysql-5.1.6-3.7.fc6.i386.rpm
c2d4bd9640548aeef84479fb67de178f929905e9 i386/php-ncurses-5.1.6-3.7.fc6.i386.rpm
78a5544aefbb098f415fdd6683cd1780038230d3 i386/php-5.1.6-3.7.fc6.i386.rpm
f820783d03577edfe99b8e978527f2b73facfc3b i386/php-ldap-5.1.6-3.7.fc6.i386.rpm
267039177c0206641343e6e57352687d1a66c897 i386/php-common-5.1.6-3.7.fc6.i386.rpm
3cfc1e8e5d933ecf3cf91a07cde8b30821ed8abb i386/php-gd-5.1.6-3.7.fc6.i386.rpm
a5eca01f44a0bcf2e600527bd3c3edb868c891ba i386/debug/php-debuginfo-5.1.6-3.7.fc6.i386.rpm
abd19d5e783596bea6790b4ccd705257948ca26c i386/php-pdo-5.1.6-3.7.fc6.i386.rpm
e49960b6f3d2298ffb8fc9c70e2d0954771473a3 i386/php-soap-5.1.6-3.7.fc6.i386.rpm
ee4062f0368332b52fcd9a4c6fd64fca294207aa i386/php-odbc-5.1.6-3.7.fc6.i386.rpm
65792f15eaa6a886813eb7c23f5e9a3fc2fc3471 i386/php-xml-5.1.6-3.7.fc6.i386.rpm
b33bcaa6f6ce51ec09985ce72d3ab3818299620e i386/php-imap-5.1.6-3.7.fc6.i386.rpm
3bb5affd1bc6c5986deaa8b48efe6e866d399459 i386/php-bcmath-5.1.6-3.7.fc6.i386.rpm
412ace8bd9bc18b2a8495d70b853c492b086d9e2 i386/php-devel-5.1.6-3.7.fc6.i386.rpm
9f89a7ac45c773d8e34ce0a3dc32316c0ff5d35e i386/php-pgsql-5.1.6-3.7.fc6.i386.rpm
9435ba4ffa9cc8d09554bbd0a58a9cba008f0492 i386/php-xmlrpc-5.1.6-3.7.fc6.i386.rpm
570069b5849458383238d3b96ab74f43e12dd1dc i386/php-mbstring-5.1.6-3.7.fc6.i386.rpm
e5c834f592f44e433a6d444d6489b0c551636a16 i386/php-dba-5.1.6-3.7.fc6.i386.rpm

References

http://www.vupen.com/english/advisories/2007/3271
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00354.html

ChangeLog

2007-09-26 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-07-06

     

  Microsoft Windows 0-Day
  Flaw Exploited in the Wild


  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy