Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200509-19 ] PHP: Vulnerabilities in included PCRE and XML-RPC libraries
Date: Tue, 27 Sep 2005 20:42:25
Message-Id: 4339AAB7.7030700@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200509-19
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: PHP: Vulnerabilities in included PCRE and XML-RPC libraries
9 Date: September 27, 2005
10 Bugs: #102373
11 ID: 200509-19
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 PHP makes use of an affected PCRE library and ships with an affected
19 XML-RPC library and is therefore potentially vulnerable to remote
20 execution of arbitrary code.
21
22 Background
23 ==========
24
25 PHP is a general-purpose scripting language widely used to develop
26 web-based applications. It can run inside a web server using the
27 mod_php module or the CGI version of PHP, or can run stand-alone in a
28 CLI.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 dev-php/php < 4.4.0-r1 *>= 4.3.11-r1
37 >= 4.4.0-r1
38 2 dev-php/mod_php < 4.4.0-r2 *>= 4.3.11-r1
39 >= 4.4.0-r2
40 3 dev-php/php-cgi < 4.4.0-r2 *>= 4.3.11-r2
41 >= 4.4.0-r2
42 -------------------------------------------------------------------
43 3 affected packages on all of their supported architectures.
44 -------------------------------------------------------------------
45
46 Description
47 ===========
48
49 PHP makes use of a private copy of libpcre which is subject to an
50 integer overflow leading to a heap overflow (see GLSA 200508-17). It
51 also ships with an XML-RPC library affected by a script injection
52 vulnerability (see GLSA 200508-13).
53
54 Impact
55 ======
56
57 An attacker could target a PHP-based web application that would use
58 untrusted data as regular expressions, potentially resulting in the
59 execution of arbitrary code. If web applications make use of the
60 XML-RPC library shipped with PHP, they are also vulnerable to remote
61 execution of arbitrary PHP code.
62
63 Workaround
64 ==========
65
66 There is no known workaround at this time.
67
68 Resolution
69 ==========
70
71 All PHP users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge --ask --oneshot --verbose dev-php/php
75
76 All mod_php users should upgrade to the latest version:
77
78 # emerge --sync
79 # emerge --ask --oneshot --verbose dev-php/mod_php
80
81 All php-cgi users should upgrade to the latest version:
82
83 # emerge --sync
84 # emerge --ask --oneshot --verbose dev-php/php-cgi
85
86 References
87 ==========
88
89 [ 1 ] CAN-2005-2491
90 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
91 [ 2 ] CAN-2005-2498
92 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
93 [ 3 ] GLSA 200508-13
94 http://www.gentoo.org/security/en/glsa/glsa-200508-13.xml
95 [ 4 ] GLSA 200508-17
96 http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml
97
98 Availability
99 ============
100
101 This GLSA and any updates to it are available for viewing at
102 the Gentoo Security Website:
103
104 http://security.gentoo.org/glsa/glsa-200509-19.xml
105
106 Concerns?
107 =========
108
109 Security is a primary focus of Gentoo Linux and ensuring the
110 confidentiality and security of our users machines is of utmost
111 importance to us. Any security concerns should be addressed to
112 security@g.o or alternatively, you may file a bug at
113 http://bugs.gentoo.org.
114
115 License
116 =======
117
118 Copyright 2005 Gentoo Foundation, Inc; referenced text
119 belongs to its owner(s).
120
121 The contents of this document are licensed under the
122 Creative Commons - Attribution / Share Alike license.
123
124 http://creativecommons.org/licenses/by-sa/2.0

Attachments

File name MIME type
signature.asc application/pgp-signature