From 8fdc304bf32a4991436abaebf93274bf69bfcde2 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Thu, 24 May 2007 19:54:49 +0000 Subject: php4 adv; remove never released kdelibs adv git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5915 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/DTSA/advs/39-qemu.adv | 2 +- data/DTSA/advs/40-php4.adv | 58 +++++++++++++++++++++++++++++++++++++++++++ data/DTSA/advs/44-kdelibs.adv | 15 ----------- 3 files changed, 59 insertions(+), 16 deletions(-) create mode 100644 data/DTSA/advs/40-php4.adv delete mode 100644 data/DTSA/advs/44-kdelibs.adv (limited to 'data/DTSA/advs') diff --git a/data/DTSA/advs/39-qemu.adv b/data/DTSA/advs/39-qemu.adv index 8e349cc2fb..75f07af4be 100644 --- a/data/DTSA/advs/39-qemu.adv +++ b/data/DTSA/advs/39-qemu.adv @@ -1,4 +1,4 @@ -source: samba +source: qemu date: May 24th, 2007 author: Stefan Fritsch vuln-type: several vulnerabilities diff --git a/data/DTSA/advs/40-php4.adv b/data/DTSA/advs/40-php4.adv new file mode 100644 index 0000000000..1a269346ab --- /dev/null +++ b/data/DTSA/advs/40-php4.adv @@ -0,0 +1,58 @@ +source: php4 +date: May 24th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1718 CVE-2007-1777 CVE-2007-2509 +vendor-advisory: +testing-fix: 6:4.4.4-9lenny1 +sid-fix: 6:4.4.6-2 +upgrade: apt-get upgrade + +IMPORTANT NOTE: + php4 will be removed from testing (lenny); thus you are strongly + advised to migrate to php5. If you cannot upgrade, you should + consider using the stable distribution (etch) instead. + +Several remote vulnerabilities have been discovered in PHP, a +server-side, HTML-embedded scripting language, which may lead to the +execution of arbitrary code. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2007-1286 + Stefan Esser discovered an overflow in the object reference handling + code of the unserialize() function, which allows the execution of + arbitrary code if malformed input is passed from an application. + +CVE-2007-1380 + Stefan Esser discovered that the session handler performs + insufficient validation of variable name length values, which allows + information disclosure through a heap information leak. + +CVE-2007-1521 + Stefan Esser discovered a double free vulnerability in the + session_regenerate_id() function, which allows the execution of + arbitrary code. + +CVE-2007-1538 + Stefan Esser discovered that the mb_parse_str function sets the internal + register_globals flag and does not disable it in certain cases when a script + terminates, which allows remote attackers to invoke available PHP scripts with + register_globals functionality that is not detectable by these scripts + +CVE-2007-1718 + Stefan Esser discovered that the mail() function performs + insufficient validation of folded mail headers, which allows mail + header injection. + +CVE-2007-1777 + Stefan Esser discovered that the extension to handle ZIP archives + performs insufficient length checks, which allows the execution of + arbitrary code. + +CVE-2007-2509 + It was discovered that the ftp extension of PHP, a server-side, + HTML-embedded scripting language performs insufficient input sanitising, + which permits an attacker to execute arbitrary FTP commands. This + requires the attacker to already have access to the FTP server. diff --git a/data/DTSA/advs/44-kdelibs.adv b/data/DTSA/advs/44-kdelibs.adv deleted file mode 100644 index e3fd2d3b7d..0000000000 --- a/data/DTSA/advs/44-kdelibs.adv +++ /dev/null @@ -1,15 +0,0 @@ -source: kdelibs -date: September 13th, 2005 -author: Moritz Muehlenhoff -vuln-type: insecure default permissions -problem-scope: local -debian-specifc: no -cve: CVE-2005-1920 -vendor-advisory: -testing-fix: 4:3.3.2-6.1etch1 -sid-fix: 4:3.4.2-1 -upgrade: apt-get install kdelibs4 - -kate always created backup files for edited files with default permissions, -even if the original permissions were stricter. This could lead to information -disclosure. \ No newline at end of file -- cgit v1.2.3