SuseSUSE-SA:2005:069remote code execution in php4,php5
0.944 High
EPSS
Percentile
99.0%
Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well.
Solution
There is no known workaround, please install the update packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.2 | x86_64 | php4-pear | < 4.3.8-8.19 | php4-pear-4.3.8-8.19.x86_64.rpm |
| openSUSE | 9.1 | i586 | php4-exif | < 4.3.4-43.46.8 | php4-exif-4.3.4-43.46.8.i586.rpm |
| openSUSE | 9.3 | x86_64 | php4-mbstring | < 4.3.10-14.16 | php4-mbstring-4.3.10-14.16.x86_64.rpm |
| openSUSE | 9.3 | i586 | php5-fastcgi | < 5.0.3-14.16 | php5-fastcgi-5.0.3-14.16.i586.rpm |
| openSUSE | 9.3 | i586 | php4-mbstring | < 4.3.10-14.16 | php4-mbstring-4.3.10-14.16.i586.rpm |
| openSUSE | 9.3 | x86_64 | apache2-mod_php4 | < 4.3.10-14.16 | apache2-mod_php4-4.3.10-14.16.x86_64.rpm |
| openSUSE | 9.3 | i586 | php5-sysvshm | < 5.0.3-14.16 | php5-sysvshm-5.0.3-14.16.i586.rpm |
| openSUSE | 9.1 | i586 | php4-sysvshm | < 4.3.4-43.46.8 | php4-sysvshm-4.3.4-43.46.8.i586.rpm |
| openSUSE | 9.2 | x86_64 | mod_php4-servlet | < 4.3.8-8.19 | mod_php4-servlet-4.3.8-8.19.x86_64.rpm |
| openSUSE | 10.0 | x86_64 | apache2-mod_php4 | < 4.4.0-6.6 | apache2-mod_php4-4.4.0-6.6.x86_64.rpm |
Related
