Säkerhetsbulletin från Debian

DSA-1283-1 php5 -- flera sårbarheter

Rapporterat den:

2007-04-29

Berörda paket:

Sårbara:

Referenser i säkerhetsdatabaser:

I Mitres CVE-förteckning: CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1453, CVE-2007-1454, CVE-2007-1521, CVE-2007-1583, CVE-2007-1700, CVE-2007-1711, CVE-2007-1718, CVE-2007-1777, CVE-2007-1824, CVE-2007-1887, CVE-2007-1889, CVE-2007-1900.

Ytterligare information:

Flera utifrån nåbara sårbarheter har upptäckts i PHP, ett serversides, HTML-inbyggt skriptspråk, vilket kunde leda till exekvering av godtycklig kod. Projektet Common Vulnerabilities and Exposures identifierar följande problem:

CVE-2007-1286
Stefan Esser upptäckte ett spill i objektreferenshanteringskoden i funktionen unserialize(), vilket gjorde det möjligt att exekvera godtycklig kod om felformat indata sändes från ett program.
CVE-2007-1375
Stefan Esser upptäckte att ett heltalsspill i funktionen substr_compare() möjliggjorde en informationsläcka av heapdata.
CVE-2007-1376
Stefan Esser upptäckte att otillräckliga kontroller i funktioner för delat minne möjliggjorde en informationsläcka av heapdata.
CVE-2007-1380
Stefan Esser upptäckte att sessionshanteraren inte utförde tillräcklig kontroll av längdvärden på variabelnamn, vilket möjliggjorde en informationsläcka av heapdata.
CVE-2007-1453
Stefan Esser upptäckte att filtreringsramverket inte utförde tillräcklig kontroll av indata, vilket möjliggjorde exekvering av godtycklig kod genom att underspilla en buffert.
CVE-2007-1454
Stefan Esser upptäckte att filtreringsramverke kan förbigås genom att använda ett speciell blanktecken.
CVE-2007-1521
Stefan Esser upptäckte en sårbar dubbel frigörning i funktionen session_regenerate_id(), vilket möjliggjorde exekvering av godtycklig kod.
CVE-2007-1583
Stefan Esser upptäckte att ett programmeringsfel i funktionen mb_parse_str() gjorde det möjligt att aktivera register_globals.
CVE-2007-1700
Stefan Esser upptäckte att sessionsutökningen hanterar referensräkningen av sessionsvariabler felaktigt, vilket möjliggjorde exekvering av godtycklig kod.
CVE-2007-1711
Stefan Esser discovered en sårbar dubbel frigörning i sessionshanteringskoden, vilket möjliggjorde exekvering av godtycklig kod.
CVE-2007-1718
Stefan Esser upptäckte att funktionen mail() inte utförde tillräcklig kontroll av delade e-posthuvuden, vilket gjorde det möjligt att injicera e-posthuvuden.
CVE-2007-1777
Stefan Esser upptäckte att utökningen för att hantera ZIP-arkiv inte utför tillräckliga längdkontroller, vilket möjliggjorde exekvering av godtycklig kod.
CVE-2007-1824
Stefan Esser upptäckte ett stegfel i filtreringsramverket, vilket möjliggjorde exekvering av godtycklig kod.
CVE-2007-1887
Stefan Esser upptäckte att ett buffertspill i sqlite-utökningen möjliggjorde exekvering av godtycklig kod.
CVE-2007-1889
Stefan Esser upptäckte att PHP-minneshanteraren utför en felaktig typomvandling, vilket möjliggjorde exekvering av godtycklig kod via ett buffertspill.
CVE-2007-1900
Stefan Esser upptäckte att felaktig kontroll i e-postfilterutökningen gjorde det möjligt att injicera e-posthuvuden.

Den gamla stabila utgåvan (Sarge) innehåller inte php5.

För den stabila utgåvan (Etch) har dessa problem rättats i version 5.2.0-8+etch3.

För den instabila utgåvan (Sid) har dessa problem rättats i version 5.2.0-11.

Vi rekommenderar att ni uppgraderar era PHP-paket. Paket för arkitekturerna arm, hppa, mips och mipsel är ännu inte tillgängliga. Dessa kommer att tillhandahållas senare.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:: http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.dsc; http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3.diff.gz; http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0.orig.tar.gz
Arkitekturoberoende komponent:: http://security.debian.org/pool/updates/main/p/php5/php-pear_5.2.0-8+etch3_all.deb; http://security.debian.org/pool/updates/main/p/php5/php5_5.2.0-8+etch3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_alpha.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_amd64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_amd64.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-interbase_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_i386.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_ia64.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_ia64.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_powerpc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_s390.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cgi_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-cli_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-common_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-curl_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-dev_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-gd_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-imap_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-ldap_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mcrypt_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mhash_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-mysql_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-odbc_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pgsql_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-pspell_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-recode_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-snmp_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sqlite_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-sybase_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-tidy_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_sparc.deb; http://security.debian.org/pool/updates/main/p/php5/php5-xsl_5.2.0-8+etch3_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.