[gentoo-announce] [ GLSA 201001-03 ] PHP: Multiple vulnerabilities - gentoo-announce

From:	Tobias Heinlein <keytoaster@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 201001-03 ] PHP: Multiple vulnerabilities
Date:	Tue, 05 Jan 2010 22:08:35
Message-Id:	`4B43AAAF.6060402@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201001-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: PHP: Multiple vulnerabilities

9

      Date: January 05, 2010

10

      Bugs: #249875, #255121, #260576, #261192, #266125, #274670,

11

#280602, #285434, #292132, #293888, #297369, #297370

12

        ID: 201001-03

13

14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

15

16

Synopsis

17

========

18

19

Multiple vulnerabilities were found in PHP, the worst of which leading

20

to the remote execution of arbitrary code.

21

22

Background

23

==========

24

25

PHP is a widely-used general-purpose scripting language that is

26

especially suited for Web development and can be embedded into HTML.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package       /  Vulnerable  /                         Unaffected

33

    -------------------------------------------------------------------

34

  1  dev-lang/php      < 5.2.12                              >= 5.2.12

35

36

Description

37

===========

38

39

Multiple vulnerabilities have been discovered in PHP. Please review the

40

CVE identifiers referenced below and the associated PHP release notes

41

for details.

42

43

Impact

44

======

45

46

A context-dependent attacker could execute arbitrary code via a

47

specially crafted string containing an HTML entity when the mbstring

48

extension is enabled. Furthermore a remote attacker could execute

49

arbitrary code via a specially crafted GD graphics file.

50

51

A remote attacker could also cause a Denial of Service via a malformed

52

string passed to the json_decode() function, via a specially crafted

53

ZIP file passed to the php_zip_make_relative_path() function, via a

54

malformed JPEG image passed to the exif_read_data() function, or via

55

temporary file exhaustion. It is also possible for an attacker to spoof

56

certificates, bypass various safe_mode and open_basedir restrictions

57

when certain criteria are met, perform Cross-site scripting attacks,

58

more easily perform SQL injection attacks, manipulate settings of other

59

virtual hosts on the same server via a malicious .htaccess entry when

60

running on Apache, disclose memory portions, and write arbitrary files

61

via a specially crafted ZIP archive. Some vulnerabilities with unknown

62

impact and attack vectors have been reported as well.

63

64

Workaround

65

==========

66

67

There is no known workaround at this time.

68

69

Resolution

70

==========

71

72

All PHP users should upgrade to the latest version. As PHP is

73

statically linked against a vulnerable version of the c-client library

74

when the imap or kolab USE flag is enabled (GLSA 200911-03), users

75

should upgrade net-libs/c-client beforehand:

76

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e"

79

    # emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.12"

80

81

References

82

==========

83

84

  [ 1 ] CVE-2008-5498

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498

86

  [ 2 ] CVE-2008-5514

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514

88

  [ 3 ] CVE-2008-5557

89

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557

90

  [ 4 ] CVE-2008-5624

91

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624

92

  [ 5 ] CVE-2008-5625

93

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625

94

  [ 6 ] CVE-2008-5658

95

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658

96

  [ 7 ] CVE-2008-5814

97

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814

98

  [ 8 ] CVE-2008-5844

99

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5844

100

  [ 9 ] CVE-2008-7002

101

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7002

102

  [ 10 ] CVE-2009-0754

103

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754

104

  [ 11 ] CVE-2009-1271

105

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271

106

  [ 12 ] CVE-2009-1272

107

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272

108

  [ 13 ] CVE-2009-2626

109

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2626

110

  [ 14 ] CVE-2009-2687

111

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687

112

  [ 15 ] CVE-2009-3291

113

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291

114

  [ 16 ] CVE-2009-3292

115

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292

116

  [ 17 ] CVE-2009-3293

117

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293

118

  [ 18 ] CVE-2009-3546

119

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546

120

  [ 19 ] CVE-2009-3557

121

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557

122

  [ 20 ] CVE-2009-3558

123

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558

124

  [ 21 ] CVE-2009-4017

125

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017

126

  [ 22 ] CVE-2009-4142

127

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142

128

  [ 23 ] CVE-2009-4143

129

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143

130

  [ 24 ] GLSA 200911-03

131

         http://www.gentoo.org/security/en/glsa/glsa-200911-03.xml

132

133

Availability

134

============

135

136

This GLSA and any updates to it are available for viewing at

137

the Gentoo Security Website:

138

139

  http://security.gentoo.org/glsa/glsa-201001-03.xml

140

141

Concerns?

142

=========

143

144

Security is a primary focus of Gentoo Linux and ensuring the

145

confidentiality and security of our users machines is of utmost

146

importance to us. Any security concerns should be addressed to

147

security@g.o or alternatively, you may file a bug at

148

https://bugs.gentoo.org.

149

150

License

151

=======

152

153

Copyright 2010 Gentoo Foundation, Inc; referenced text

154

belongs to its owner(s).

155

156

The contents of this document are licensed under the

157

Creative Commons - Attribution / Share Alike license.

158

159

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201001-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: PHP: Multiple vulnerabilities
9	Date: January 05, 2010
10	Bugs: #249875, #255121, #260576, #261192, #266125, #274670,
11	#280602, #285434, #292132, #293888, #297369, #297370
12	ID: 201001-03
13
14	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16	Synopsis
17	========
18
19	Multiple vulnerabilities were found in PHP, the worst of which leading
20	to the remote execution of arbitrary code.
21
22	Background
23	==========
24
25	PHP is a widely-used general-purpose scripting language that is
26	especially suited for Web development and can be embedded into HTML.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 dev-lang/php < 5.2.12 >= 5.2.12
35
36	Description
37	===========
38
39	Multiple vulnerabilities have been discovered in PHP. Please review the
40	CVE identifiers referenced below and the associated PHP release notes
41	for details.
42
43	Impact
44	======
45
46	A context-dependent attacker could execute arbitrary code via a
47	specially crafted string containing an HTML entity when the mbstring
48	extension is enabled. Furthermore a remote attacker could execute
49	arbitrary code via a specially crafted GD graphics file.
50
51	A remote attacker could also cause a Denial of Service via a malformed
52	string passed to the json_decode() function, via a specially crafted
53	ZIP file passed to the php_zip_make_relative_path() function, via a
54	malformed JPEG image passed to the exif_read_data() function, or via
55	temporary file exhaustion. It is also possible for an attacker to spoof
56	certificates, bypass various safe_mode and open_basedir restrictions
57	when certain criteria are met, perform Cross-site scripting attacks,
58	more easily perform SQL injection attacks, manipulate settings of other
59	virtual hosts on the same server via a malicious .htaccess entry when
60	running on Apache, disclose memory portions, and write arbitrary files
61	via a specially crafted ZIP archive. Some vulnerabilities with unknown
62	impact and attack vectors have been reported as well.
63
64	Workaround
65	==========
66
67	There is no known workaround at this time.
68
69	Resolution
70	==========
71
72	All PHP users should upgrade to the latest version. As PHP is
73	statically linked against a vulnerable version of the c-client library
74	when the imap or kolab USE flag is enabled (GLSA 200911-03), users
75	should upgrade net-libs/c-client beforehand:
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose ">=net-libs/c-client-2007e"
79	# emerge --ask --oneshot --verbose ">=dev-lang/php-5.2.12"
80
81	References
82	==========
83
84	[ 1 ] CVE-2008-5498
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
86	[ 2 ] CVE-2008-5514
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5514
88	[ 3 ] CVE-2008-5557
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557
90	[ 4 ] CVE-2008-5624
91	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624
92	[ 5 ] CVE-2008-5625
93	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5625
94	[ 6 ] CVE-2008-5658
95	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658
96	[ 7 ] CVE-2008-5814
97	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814
98	[ 8 ] CVE-2008-5844
99	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5844
100	[ 9 ] CVE-2008-7002
101	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7002
102	[ 10 ] CVE-2009-0754
103	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754
104	[ 11 ] CVE-2009-1271
105	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271
106	[ 12 ] CVE-2009-1272
107	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1272
108	[ 13 ] CVE-2009-2626
109	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2626
110	[ 14 ] CVE-2009-2687
111	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2687
112	[ 15 ] CVE-2009-3291
113	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3291
114	[ 16 ] CVE-2009-3292
115	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3292
116	[ 17 ] CVE-2009-3293
117	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3293
118	[ 18 ] CVE-2009-3546
119	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546
120	[ 19 ] CVE-2009-3557
121	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3557
122	[ 20 ] CVE-2009-3558
123	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3558
124	[ 21 ] CVE-2009-4017
125	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4017
126	[ 22 ] CVE-2009-4142
127	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4142
128	[ 23 ] CVE-2009-4143
129	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4143
130	[ 24 ] GLSA 200911-03
131	http://www.gentoo.org/security/en/glsa/glsa-200911-03.xml
132
133	Availability
134	============
135
136	This GLSA and any updates to it are available for viewing at
137	the Gentoo Security Website:
138
139	http://security.gentoo.org/glsa/glsa-201001-03.xml
140
141	Concerns?
142	=========
143
144	Security is a primary focus of Gentoo Linux and ensuring the
145	confidentiality and security of our users machines is of utmost
146	importance to us. Any security concerns should be addressed to
147	security@g.o or alternatively, you may file a bug at
148	https://bugs.gentoo.org.
149
150	License
151	=======
152
153	Copyright 2010 Gentoo Foundation, Inc; referenced text
154	belongs to its owner(s).
155
156	The contents of this document are licensed under the
157	Creative Commons - Attribution / Share Alike license.
158
159	http://creativecommons.org/licenses/by-sa/2.5