---------------------------------------------------------------------
Red Hat, Inc. Red Hat Security Advisory
Synopsis: Updated PHP packages are available
Advisory ID: RHSA-2002:035-13
Issue date: 2002-02-27
Updated on: 2002-02-27
Product: Red Hat Linux
Keywords: PHP remote exploit mulitpart MIME
Cross references:
Obsoletes: RHSA-2000:088 RHSA-2000:136
---------------------------------------------------------------------
1. Topic:
Updated PHP packages are available to fix vulnerabilities in the functions
that parse multipart MIME data, which are used when uploading files
through forms.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - alpha, i386, sparc
Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64, s390
3. Problem description:
PHP is an HTML-embeddable scripting language. A number of flaws have been
found in the way PHP handles multipart/form-data POST requests. Each of
these flaws could allow an attacker to execute arbitrary code on the remote
system.
PHP 3.10-3.18 contains a broken boundary check (hard to exploit) and an
arbitrary heap overflow (easy to exploit). These versions of PHP were
shipped with Red Hat Linux 6.2.
PHP 4.0.1-4.0.3pl1 contains a broken boundary check (hard to exploit) and a
heap-off-by-one (easy to exploit). These versions of PHP were shipped with
Red Hat Linux 7.0.
PHP 4.0.2-4.0.5 contains two broken boundary checks (one very easy and one
hard to exploit). These versions of PHP were shipped with Red Hat Linux
7.1 and as erratas to 7.0.
PHP 4.0.6-4.0.7RC2 contains a broken boundary check (very easy to exploit).
These versions of PHP were shipped with Red Hat Linux 7.2
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0081 to this issue.
If you are running PHP 4.0.3 or above, one way to work around these bugs is
to disable the fileupload support within your php.ini file (by setting
file_uploads = Off).
All users of PHP are advised to immediately upgrade to these errata
packages which close these vulnerabilities.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
After applying these updates you will need to restart your web server if it
was running before the update was applied.
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
6. RPMs required:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/php-3.0.18-8.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/php-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/php-4.0.6-9.7.0.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/php-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-devel-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-imap-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-ldap-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-manual-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-mysql-4.0.6-9.7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-pgsql-4.0.6-9.7.0.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/php-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-devel-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-imap-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-ldap-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-manual-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-mysql-4.0.6-9.7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-pgsql-4.0.6-9.7.0.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/php-4.0.6-9.7.1.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/php-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-devel-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-imap-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-ldap-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-manual-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-mysql-4.0.6-9.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-pgsql-4.0.6-9.7.1.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/php-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-devel-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-imap-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-ldap-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-manual-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-mysql-4.0.6-9.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-pgsql-4.0.6-9.7.1.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/php-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-devel-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-imap-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-ldap-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-manual-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-mysql-4.0.6-9.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-pgsql-4.0.6-9.7.1.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/php-4.0.6-12.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/php-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-devel-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-imap-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-ldap-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-manual-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-mysql-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-odbc-4.0.6-12.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-pgsql-4.0.6-12.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/php-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-devel-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-imap-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-ldap-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-manual-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-mysql-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-odbc-4.0.6-12.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-pgsql-4.0.6-12.ia64.rpm
7. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
f07b6317aee9ade09625a8166641edc7 6.2/en/os/SRPMS/php-3.0.18-8.src.rpm
c56a2c896756ce982e14b329ee122c97 6.2/en/os/alpha/php-3.0.18-8.alpha.rpm
1a14f54cf642e41b6474f7bd8d89b4b7 6.2/en/os/alpha/php-imap-3.0.18-8.alpha.rpm
90244d18f76ce2f254e946edcb28e4b9 6.2/en/os/alpha/php-ldap-3.0.18-8.alpha.rpm
7b05bacc07896a17866cbe73b9c37eba 6.2/en/os/alpha/php-manual-3.0.18-8.alpha.rpm
1266ab137b0fb24e7447683e9100c501 6.2/en/os/alpha/php-pgsql-3.0.18-8.alpha.rpm
f4219464571e14737e1e5e3d414ae5d2 6.2/en/os/i386/php-3.0.18-8.i386.rpm
9e4250f304c8832a0d0e99d98109f59c 6.2/en/os/i386/php-imap-3.0.18-8.i386.rpm
31630b40f901d1617cfe0fce4a2e14df 6.2/en/os/i386/php-ldap-3.0.18-8.i386.rpm
78ade58fa6517548264f21996bf799a3 6.2/en/os/i386/php-manual-3.0.18-8.i386.rpm
c4985d7263824fd4c837f997605afff2 6.2/en/os/i386/php-pgsql-3.0.18-8.i386.rpm
08e4722c97645d8bde860ff0b9dbb48c 6.2/en/os/sparc/php-3.0.18-8.sparc.rpm
17d9aaac1927e3dd631dfd26fd75e25e 6.2/en/os/sparc/php-imap-3.0.18-8.sparc.rpm
4f9a316f188315dddc6d2d7b3f643abc 6.2/en/os/sparc/php-ldap-3.0.18-8.sparc.rpm
f7783e877972c2cd4a8c91574fef4655 6.2/en/os/sparc/php-manual-3.0.18-8.sparc.rpm
b2ac8533b51b8a63db12cee2e334bc70 6.2/en/os/sparc/php-pgsql-3.0.18-8.sparc.rpm
984cf05e255e5dba84756f43089ad41d 7.0/en/os/SRPMS/php-4.0.6-9.7.0.src.rpm
23f5e948527d86906c1c0b5c14394443 7.0/en/os/alpha/php-4.0.6-9.7.0.alpha.rpm
27046892357d213bb07af47462dbb2e8 7.0/en/os/alpha/php-devel-4.0.6-9.7.0.alpha.rpm
60059adcebffe32f7aa42f40ded0ccd6 7.0/en/os/alpha/php-imap-4.0.6-9.7.0.alpha.rpm
66a9241666dfac55076483446a46c656 7.0/en/os/alpha/php-ldap-4.0.6-9.7.0.alpha.rpm
efd1b02def9b37c003111b32fd951c47 7.0/en/os/alpha/php-manual-4.0.6-9.7.0.alpha.rpm
5cedcc04933ef82c06de866591bb14b9 7.0/en/os/alpha/php-mysql-4.0.6-9.7.0.alpha.rpm
6d41072e5482e5c4ecd72dc20a380608 7.0/en/os/alpha/php-pgsql-4.0.6-9.7.0.alpha.rpm
c51cae878dbd0ddb59f293bb2b74576a 7.0/en/os/i386/php-4.0.6-9.7.0.i386.rpm
ece39ce64f13090908e1e724e8ac20c2 7.0/en/os/i386/php-devel-4.0.6-9.7.0.i386.rpm
ddf79ef25cef397db6b375e55ec72461 7.0/en/os/i386/php-imap-4.0.6-9.7.0.i386.rpm
aa7f45c1bdd74ba24cc478227d1231ef 7.0/en/os/i386/php-ldap-4.0.6-9.7.0.i386.rpm
a09113571cdf2b494587cdf5d0e3b94e 7.0/en/os/i386/php-manual-4.0.6-9.7.0.i386.rpm
184160c5c02313d3b00ccb35f440308b 7.0/en/os/i386/php-mysql-4.0.6-9.7.0.i386.rpm
a26becd661ccc40b073133205494ed31 7.0/en/os/i386/php-pgsql-4.0.6-9.7.0.i386.rpm
13e044d5838ca92e87a6c75422f1dcfa 7.1/en/os/SRPMS/php-4.0.6-9.7.1.src.rpm
bf4fd0046038fdf77d73be0569a04c1a 7.1/en/os/alpha/php-4.0.6-9.7.1.alpha.rpm
8aee7e333ab227ca9d8e03ecfea81b12 7.1/en/os/alpha/php-devel-4.0.6-9.7.1.alpha.rpm
80b146826658d08d84ae5d6fb8653f0a 7.1/en/os/alpha/php-imap-4.0.6-9.7.1.alpha.rpm
77224698038db01686f2e078332db3df 7.1/en/os/alpha/php-ldap-4.0.6-9.7.1.alpha.rpm
5b70392e70416ca43699e082bc080606 7.1/en/os/alpha/php-manual-4.0.6-9.7.1.alpha.rpm
a318eecc9ee831d76b2565dd029ab544 7.1/en/os/alpha/php-mysql-4.0.6-9.7.1.alpha.rpm
a0aceadd726fb8e4003b8e82488c6460 7.1/en/os/alpha/php-pgsql-4.0.6-9.7.1.alpha.rpm
a3886ccade78602bc997513289f3ea48 7.1/en/os/i386/php-4.0.6-9.7.1.i386.rpm
32e7d5a1b44a5b1f41d2f392dce873ab 7.1/en/os/i386/php-devel-4.0.6-9.7.1.i386.rpm
0cebe302673d264ba98ca5eb5a336386 7.1/en/os/i386/php-imap-4.0.6-9.7.1.i386.rpm
108a196736b34d28f4cee176da65c326 7.1/en/os/i386/php-ldap-4.0.6-9.7.1.i386.rpm
fabc969a08a7f268f74e18d1dfca87a1 7.1/en/os/i386/php-manual-4.0.6-9.7.1.i386.rpm
8ebdf9dcfa1677667c5e9846df68708c 7.1/en/os/i386/php-mysql-4.0.6-9.7.1.i386.rpm
90793e84d6689d25d3a242d0e75f5b67 7.1/en/os/i386/php-pgsql-4.0.6-9.7.1.i386.rpm
467c5b32df73a82a3b4a5e69dac14a3d 7.1/en/os/ia64/php-4.0.6-9.7.1.ia64.rpm
1e4fbc2380f0f68b5384b8523c524a46 7.1/en/os/ia64/php-devel-4.0.6-9.7.1.ia64.rpm
82c5fc25016e739099689267369172e4 7.1/en/os/ia64/php-imap-4.0.6-9.7.1.ia64.rpm
5d5d488f11e431fa18782c69f0f7a143 7.1/en/os/ia64/php-ldap-4.0.6-9.7.1.ia64.rpm
3abf84cd5f344cf8b14226b47474bc2e 7.1/en/os/ia64/php-manual-4.0.6-9.7.1.ia64.rpm
9c502c398208c15b6b9d9c5467b4a620 7.1/en/os/ia64/php-mysql-4.0.6-9.7.1.ia64.rpm
5ad2b0aa07efaff0d2f93c38e238cbe2 7.1/en/os/ia64/php-pgsql-4.0.6-9.7.1.ia64.rpm
0115ad07854838a15cfea42e5cef3002 7.2/en/os/SRPMS/php-4.0.6-12.src.rpm
54fa818f60d7dd918ae05c598a6c9308 7.2/en/os/i386/php-4.0.6-12.i386.rpm
b7332d143c4cab1dc69eecdb7796e1c0 7.2/en/os/i386/php-devel-4.0.6-12.i386.rpm
ed11518798bdecd13996e5e7a04a1b78 7.2/en/os/i386/php-imap-4.0.6-12.i386.rpm
ec94a9b7770d43dc698dc3298aee8d02 7.2/en/os/i386/php-ldap-4.0.6-12.i386.rpm
b8a4de8035343527c545c8823c39ff2e 7.2/en/os/i386/php-manual-4.0.6-12.i386.rpm
72c68100743a945adfb2b8486dafca65 7.2/en/os/i386/php-mysql-4.0.6-12.i386.rpm
daf507853a3a894a9e558b5559d3d27b 7.2/en/os/i386/php-odbc-4.0.6-12.i386.rpm
179026b54d77cc23a79e3e708db0648b 7.2/en/os/i386/php-pgsql-4.0.6-12.i386.rpm
b4b5d57a278022c02842feffb29e939e 7.2/en/os/ia64/php-4.0.6-12.ia64.rpm
5ce8d950d8fc280077f1843a61f248f9 7.2/en/os/ia64/php-devel-4.0.6-12.ia64.rpm
2aeb47f34004bc84b401306f50326e99 7.2/en/os/ia64/php-imap-4.0.6-12.ia64.rpm
955fe4bfde4021e792bd7c69d9e89482 7.2/en/os/ia64/php-ldap-4.0.6-12.ia64.rpm
4a995a96fdadc689c4ea9849900e12e0 7.2/en/os/ia64/php-manual-4.0.6-12.ia64.rpm
7015803c8d5b7d0d9327186c50b8263b 7.2/en/os/ia64/php-mysql-4.0.6-12.ia64.rpm
9867768b827a91939e5d426b15637861 7.2/en/os/ia64/php-odbc-4.0.6-12.ia64.rpm
fc602be9288f8d743525698fa839b766 7.2/en/os/ia64/php-pgsql-4.0.6-12.ia64.rpm
These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:
http://www.redhat.com/about/contact/pgpkey.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
8. References:
http://security.e-matters.de/advisories/012002.html
http://www.kb.cert.org/vuls/id/297363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0081
Copyright(c) 2000, 2001 Red Hat, Inc.
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 23:52:32 PST