Debian testing security team

From bc285bcc978f61251e02162e110ac8069fafce69 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Mon, 28 May 2007 16:55:51 +0000 Subject: release php4 and php5 DTSAs git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5941 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- website/DTSA/DTSA-39-1.html | 184 ++++++++++++++++++++++++++++++++++++++++++++ website/DTSA/DTSA-40-1.html | 134 ++++++++++++++++++++++++++++++++ website/list.html | 6 ++ 3 files changed, 324 insertions(+) create mode 100644 website/DTSA/DTSA-39-1.html create mode 100644 website/DTSA/DTSA-40-1.html (limited to 'website') diff --git a/website/DTSA/DTSA-39-1.html b/website/DTSA/DTSA-39-1.html new file mode 100644 index 0000000000..372d362969 --- /dev/null +++ b/website/DTSA/DTSA-39-1.html @@ -0,0 +1,184 @@ + + + Debian testing security team - Advisory + + + + +

+ + +

+ +

+
+ + + + + + + + + + + +

+	Debian testing security team - Advisory	+
+	Debian testing security team - Advisory	+ +

+ + +

DTSA-39-1

Date Reported:: May 28th, 2007
Affected Package:: php5
Vulnerability:: several vulnerabilities
Problem-Scope:: remote
Debian-specific:: No
CVE:: +CVE-2007-1286 +CVE-2007-1375 +CVE-2007-1376 +CVE-2007-1380 +CVE-2007-1453 +CVE-2007-1454 +CVE-2007-1521 +CVE-2007-1583 +CVE-2007-1700 +CVE-2007-1718 +CVE-2007-1777 +CVE-2007-1824 +CVE-2007-1887 +CVE-2007-1889 +CVE-2007-1900 +CVE-2007-2509 +CVE-2007-2510 +CVE-2007-2511 +
More information:: Several remote vulnerabilities have been discovered in PHP, a
+server-side, HTML-embedded scripting language, which may lead to the
+execution of arbitrary code. The Common Vulnerabilities and Exposures
+project identifies the following problems:
+
+CVE-2007-1286
+ Stefan Esser discovered an overflow in the object reference handling
+ code of the unserialize() function, which allows the execution of
+ arbitrary code if malformed input is passed from an application.
+
+CVE-2007-1375
+ Stefan Esser discovered that an integer overflow in the substr_compare()
+ function allows information disclosure of heap memory.
+
+CVE-2007-1376
+ Stefan Esser discovered that insufficient validation of shared memory
+ functions allows the disclosure of heap memory.
+
+CVE-2007-1380
+ Stefan Esser discovered that the session handler performs
+ insufficient validation of variable name length values, which allows
+ information disclosure through a heap information leak.
+
+CVE-2007-1453
+ Stefan Esser discovered that the filtering framework performs insufficient
+ input validation, which allows the execution of arbitrary code through a
+ buffer underflow.
+
+CVE-2007-1454
+ Stefan Esser discovered that the filtering framework can be bypassed
+ with a special whitespace character.
+
+CVE-2007-1521
+ Stefan Esser discovered a double free vulnerability in the
+ session_regenerate_id() function, which allows the execution of
+ arbitrary code.
+
+CVE-2007-1583
+ Stefan Esser discovered that a programming error in the mb_parse_str()
+ function allows the activation of "register_globals".
+
+CVE-2007-1700
+ Stefan Esser discovered that the session extension incorrectly maintains
+ the reference count of session variables, which allows the execution of
+ arbitrary code.
+
+CVE-2007-1718
+ Stefan Esser discovered that the mail() function performs
+ insufficient validation of folded mail headers, which allows mail
+ header injection.
+
+CVE-2007-1777
+ Stefan Esser discovered that the extension to handle ZIP archives
+ performs insufficient length checks, which allows the execution of
+ arbitrary code.
+
+CVE-2007-1824
+ Stefan Esser discovered an off-by-one in the filtering framework, which
+ allows the execution of arbitrary code.
+
+CVE-2007-1887
+ Stefan Esser discovered that a buffer overflow in the sqlite extension
+ allows the execution of arbitrary code.
+
+CVE-2007-1889
+ Stefan Esser discovered that the PHP memory manager performs an
+ incorrect type cast, which allows the execution of arbitrary code
+ through buffer overflows.
+
+CVE-2007-1900
+ Stefan Esser discovered that incorrect validation in the email filter
+ extension allowed the injection of mail headers.
+
+CVE-2007-2509
+ It was discovered that missing input sanitising inside the ftp
+ extension permits an attacker to execute arbitrary FTP commands.
+ This requires the attacker to already have access to the FTP
+ server.
+
+CVE-2007-2510
+ It was discovered that a buffer overflow in the SOAP extension permits
+ the execution of arbitrary code.
+
+CVE-2007-2511
+ A buffer overflow was discovered in the user_filter_factory_create.
+
For the testing distribution (lenny) this is fixed in version 5.2.0-10+lenny1
For the unstable distribution (sid) this is fixed in version 5.2.2-1
This upgrade is recommended if you use php5.
+
If you have the secure testing lines in your sources.list, you can update by running this command as root:: apt-get update && apt-get upgrade
To use the Debian testing security archive, add the following lines to your /etc/apt/sources.list:
+ +: deb http://security.debian.org/ testing/updates main contrib non-free; deb-src http://security.debian.org/ testing/updates main contrib non-free