Gentoo Archives: gentoo-announce

From: Thierry Carrez <koon@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200504-15 ] PHP: Multiple vulnerabilities
Date: Mon, 18 Apr 2005 11:15:01
Message-Id: 426396B2.50807@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200504-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: PHP: Multiple vulnerabilities
9 Date: April 18, 2005
10 Bugs: #87517
11 ID: 200504-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Several vulnerabilities were found and fixed in PHP image handling
19 functions, potentially resulting in Denial of Service conditions or
20 the remote execution of arbitrary code.
21
22 Background
23 ==========
24
25 PHP is a general-purpose scripting language widely used to develop
26 web-based applications. It can run inside a web server using the
27 mod_php module or the CGI version of PHP, or can run stand-alone in a
28 CLI.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 dev-php/php < 4.3.11 >= 4.3.11
37 2 dev-php/mod_php < 4.3.11 >= 4.3.11
38 3 dev-php/php-cgi < 4.3.11 >= 4.3.11
39 -------------------------------------------------------------------
40 3 affected packages on all of their supported architectures.
41 -------------------------------------------------------------------
42
43 Description
44 ===========
45
46 An integer overflow and an unbound recursion were discovered in the
47 processing of Image File Directory tags in PHP's EXIF module
48 (CAN-2005-1042, CAN-2005-1043). Furthermore, two infinite loops have
49 been discovered in the getimagesize() function when processing IFF or
50 JPEG images (CAN-2005-0524, CAN-2005-0525).
51
52 Impact
53 ======
54
55 A remote attacker could craft an image file with a malicious EXIF IFD
56 tag, a large IFD nesting level or invalid size parameters and send it
57 to a web application that would process this user-provided image using
58 one of the affected functions. This could result in denying service on
59 the attacked server and potentially executing arbitrary code with the
60 rights of the web server.
61
62 Workaround
63 ==========
64
65 There is no known workaround at this time.
66
67 Resolution
68 ==========
69
70 All PHP users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=dev-php/php-4.3.11"
74
75 All mod_php users should upgrade to the latest version:
76
77 # emerge --sync
78 # emerge --ask --oneshot --verbose ">=dev-php/mod_php-4.3.11"
79
80 All php-cgi users should upgrade to the latest version:
81
82 # emerge --sync
83 # emerge --ask --oneshot --verbose ">=dev-php/php-cgi-4.3.11"
84
85 References
86 ==========
87
88 [ 1 ] PHP 4.3.11 Release Announcement
89 http://www.php.net/release_4_3_11.php
90 [ 2 ] CAN-2005-0524
91 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524
92 [ 3 ] CAN-2005-0525
93 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525
94 [ 4 ] CAN-2005-1042
95 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042
96 [ 5 ] CAN-2005-1043
97 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043
98
99 Availability
100 ============
101
102 This GLSA and any updates to it are available for viewing at
103 the Gentoo Security Website:
104
105 http://security.gentoo.org/glsa/glsa-200504-15.xml
106
107 Concerns?
108 =========
109
110 Security is a primary focus of Gentoo Linux and ensuring the
111 confidentiality and security of our users machines is of utmost
112 importance to us. Any security concerns should be addressed to
113 security@g.o or alternatively, you may file a bug at
114 http://bugs.gentoo.org.
115
116 License
117 =======
118
119 Copyright 2005 Gentoo Foundation, Inc; referenced text
120 belongs to its owner(s).
121
122 The contents of this document are licensed under the
123 Creative Commons - Attribution / Share Alike license.
124
125 http://creativecommons.org/licenses/by-sa/2.0

Attachments

File name MIME type
signature.asc application/pgp-signature