logo
DATABASE RESOURCES PRICING ABOUT US

remote code execution in php4,php5

Description

Updated PHP packages fix the following security issues: - Stefan Esser found out that a bug in parse_str() could lead to activation of register_globals (CVE-2005-3389) and additionally that file uploads could overwrite $GLOBALS (CVE-2005-3390) - Bugs in the exif code could lead to a crash (CVE-2005-3353) - Missing safe_mode checks in image processing code and cURL functions allowed to bypass safe_mode and open_basedir (CVE-2005-3391) - Information leakage via the virtual() function (CVE-2005-3392) - Missing input sanitation in the mb_send_mail() function potentially allowed to inject arbitrary mail headers (CVE-2005-3883) The previous security update for php caused crashes when mod_rewrite was used. The updated packages fix that problem as well. #### Solution There is no known workaround, please install the update packages.


Affected Package


OS OS Version Package Name Package Version
openSUSE 9.2 php4-pear 4.3.8-8.19
openSUSE 9.1 php4-exif 4.3.4-43.46.8
openSUSE 9.3 php4-mbstring 4.3.10-14.16
openSUSE 9.3 php5-fastcgi 5.0.3-14.16
openSUSE 9.3 php4-mbstring 4.3.10-14.16
openSUSE 9.3 apache2-mod_php4 4.3.10-14.16
openSUSE 9.3 php5-sysvshm 5.0.3-14.16
openSUSE 9.1 php4-sysvshm 4.3.4-43.46.8
openSUSE 9.2 mod_php4-servlet 4.3.8-8.19
openSUSE 10.0 apache2-mod_php4 4.4.0-6.6
openSUSE 9.3 php4-fastcgi 4.3.10-14.16
openSUSE 9.3 apache2-mod_php4 4.3.10-14.16
openSUSE 10.0 php5-fastcgi 5.0.4-9.6
openSUSE 9.2 php4 4.3.8-8.19
openSUSE 10.0 php5-fastcgi 5.0.4-9.6
openSUSE 9.3 apache2-mod_php5 5.0.3-14.16
openSUSE 9.2 php4-fastcgi 4.3.8-8.19
openSUSE 9.3 php5-sysvmsg 5.0.3-14.16
openSUSE 9.3 php4-pear 4.3.10-14.16
openSUSE 9.0 mod_php4 4.3.3-201
openSUSE 9.3 php5-pear 5.0.3-14.16
openSUSE 10.0 php5-mbstring 5.0.4-9.6
openSUSE 9.3 apache2-mod_php5 5.0.3-14.16
openSUSE 9.1 php4-mbstring 4.3.4-43.46.8
openSUSE 9.1 apache2-mod_php4 4.3.4-43.46.8
openSUSE 9.1 php4-wddx 4.3.4-43.46.8
openSUSE 9.2 php4-session 4.3.8-8.19
openSUSE 9.1 mod_php4-servlet 4.3.4-43.46.8
openSUSE 9.0 mod_php4-core 4.3.3-201
openSUSE 10.0 apache2-mod_php5 5.0.4-9.6
openSUSE 9.1 mod_php4-core 4.3.4-43.46.8
openSUSE 9.2 php4 4.3.8-8.19
openSUSE 10.0 php5 5.0.4-9.6
openSUSE 9.0 mod_php4-core 4.3.3-201
openSUSE 9.3 php5-fastcgi 5.0.3-14.16
openSUSE 9.1 mod_php4-servlet 4.3.4-43.46.8
openSUSE 9.0 mod_php4-devel 4.3.3-201
openSUSE 10.0 php4-mbstring 4.4.0-6.6
openSUSE 9.1 php4-session 4.3.4-43.46.8
openSUSE 9.3 php5-exif 5.0.3-14.16
openSUSE 9.1 php4-wddx 4.3.4-43.46.8
openSUSE 10.0 php4-exif 4.4.0-6.6
openSUSE 9.1 php4-pear 4.3.4-43.46.8
openSUSE 10.0 apache2-mod_php5 5.0.4-9.6
openSUSE 9.0 mod_php4-aolserver 4.3.3-201
openSUSE 9.2 php4-devel 4.3.8-8.19
openSUSE 10.0 php4 4.4.0-6.6
openSUSE 9.1 php4-imap 4.3.4-43.46.8
openSUSE 9.3 php4-devel 4.3.10-14.16
openSUSE 9.3 mod_php4-servlet 4.3.10-14.16
openSUSE 9.3 php5 5.0.3-14.16
openSUSE 10.0 php5-mbstring 5.0.4-9.6
openSUSE 9.3 php5 5.0.3-14.16
openSUSE 10.0 php4-mbstring 4.4.0-6.6
openSUSE 9.1 php4-recode 4.3.4-43.46.8
openSUSE 9.3 php4-sysvshm 4.3.10-14.16
openSUSE 10.0 php5-exif 5.0.4-9.6
openSUSE 9.1 php4-fastcgi 4.3.4-43.46.8
openSUSE 10.0 php5-pear 5.0.4-9.6
openSUSE 9.1 php4-devel 4.3.4-43.46.8
openSUSE 9.1 php4-exif 4.3.4-43.46.8
openSUSE 9.1 php4-pear 4.3.4-43.46.8
openSUSE 9.1 php4 4.3.4-43.46.8
openSUSE 9.3 php4 4.3.10-14.16
openSUSE 9.3 php4-pear 4.3.10-14.16
openSUSE 9.3 php4-fastcgi 4.3.10-14.16
openSUSE 10.0 php5-exif 5.0.4-9.6
openSUSE 10.0 php4-fastcgi 4.4.0-6.6
openSUSE 9.3 php4-session 4.3.10-14.16
openSUSE 9.3 php4-exif 4.3.10-14.16
openSUSE 9.3 php4-32bit 9.3-7.7
openSUSE 9.3 php5-mbstring 5.0.3-14.16
openSUSE 9.1 php4-mbstring 4.3.4-43.46.8
openSUSE 9.2 php4-devel 4.3.8-8.19
openSUSE 10.0 apache2-mod_php5 5.0.4-9.6
openSUSE 9.1 mod_php4-core 4.3.4-43.46.8
openSUSE 10.0 php5 5.0.4-9.6
openSUSE 9.3 php5-devel 5.0.3-14.16
openSUSE 9.1 php4-servlet 4.3.4-43.46.8
openSUSE 10.0 php5-exif 5.0.4-9.6
openSUSE 9.3 php5-sysvmsg 5.0.3-14.16
openSUSE 10.0 php4-fastcgi 4.4.0-6.6
openSUSE 9.3 php4-sysvshm 4.3.10-14.16
openSUSE 9.3 php4 4.3.10-14.16
openSUSE 9.3 php5-devel 5.0.3-14.16
openSUSE 10.0 php4-servlet 4.4.0-6.6
openSUSE 10.0 php5-pear 5.0.4-9.6
openSUSE 9.3 php5-sysvshm 5.0.3-14.16
openSUSE 9.1 php4-mysql 4.3.4-43.46.8
openSUSE 9.1 php4-fastcgi 4.3.4-43.46.8
openSUSE 9.2 apache2-mod_php4 4.3.8-8.19
openSUSE 9.3 php5-mbstring 5.0.3-14.16
openSUSE 10.0 php4-32bit 4.4.0-6.6
openSUSE 9.2 php4-sysvshm 4.3.8-8.19
openSUSE 9.2 php4-exif 4.3.8-8.19
openSUSE 9.3 php5-pear 5.0.3-14.16
openSUSE 9.0 mod_php4-servlet 4.3.3-201
openSUSE 9.1 php4-imap 4.3.4-43.46.8
openSUSE 10.0 php4 4.4.0-6.6
openSUSE 9.3 php4-exif 4.3.10-14.16
openSUSE 9.1 php4-sysvshm 4.3.4-43.46.8
openSUSE 10.0 php5-pear 5.0.4-9.6
openSUSE 9.0 mod_php4-aolserver 4.3.3-201
openSUSE 10.0 php4-mbstring 4.4.0-6.6
openSUSE 9.1 php4 4.3.4-43.46.8
openSUSE 9.0 mod_php4-servlet 4.3.3-201
openSUSE 9.2 php4-32bit 9.2-200512120135
openSUSE 9.1 php4-session 4.3.4-43.46.8
openSUSE 10.0 php4-fastcgi 4.4.0-6.6
openSUSE 9.2 php4-exif 4.3.8-8.19
openSUSE 10.0 php4-exif 4.4.0-6.6
openSUSE 9.0 mod_php4-devel 4.3.3-201
openSUSE 9.0 apache2-mod_php4 4.3.3-201
openSUSE 10.0 apache2-mod_php4 4.4.0-6.6
openSUSE 9.2 php4-fastcgi 4.3.8-8.19
openSUSE 9.2 php4-pear 4.3.8-8.19
openSUSE 9.3 php5-exif 5.0.3-14.16
openSUSE 9.0 mod_php4 4.3.3-201
openSUSE 9.2 php4-mbstring 4.3.8-8.19
openSUSE 9.0 apache2-mod_php4 4.3.3-201
openSUSE 9.2 apache2-mod_php4 4.3.8-8.19
openSUSE 9.2 mod_php4-servlet 4.3.8-8.19
openSUSE 10.0 php5 5.0.4-9.6
openSUSE 9.3 php4-devel 4.3.10-14.16
openSUSE 9.1 apache2-mod_php4 4.3.4-43.46.8
openSUSE 9.2 php4-session 4.3.8-8.19
openSUSE 10.0 php5-mbstring 5.0.4-9.6
openSUSE 9.1 php4-recode 4.3.4-43.46.8
openSUSE 9.2 php4-mbstring 4.3.8-8.19
openSUSE 10.0 php4 4.4.0-6.6
openSUSE 10.0 php4-servlet 4.4.0-6.6
openSUSE 10.0 apache2-mod_php4 4.4.0-6.6
openSUSE 9.2 php4-sysvshm 4.3.8-8.19
openSUSE 10.0 php5-fastcgi 5.0.4-9.6
openSUSE 9.1 php4-devel 4.3.4-43.46.8
openSUSE 9.3 mod_php4-servlet 4.3.10-14.16
openSUSE 9.1 php4-mysql 4.3.4-43.46.8
openSUSE 9.1 php4-servlet 4.3.4-43.46.8
openSUSE 9.3 php4-session 4.3.10-14.16
openSUSE 10.0 php4-exif 4.4.0-6.6

Related