From security@tinysofa.org Wed Jul 14 18:14:51 2004 From: tinysofa Security Team To: bugtraq@securityfocus.com Date: Thu, 15 Jul 2004 03:26:14 +1000 Subject: TSSA-2004-013 - php =========================================================================== _ |_ . _ _ _ (_ _ |_ | | ) \/ _) (_) | (_| / Security Advisory #2004-013 Package name: php Summary: Multiple Security Fixes Advisory ID: TSSA-2004-013 Date: 2004-07-14 Affected versions: tinysofa enterprise server 1.0 tinysofa enterprise server 2.0-pre[1-3] =========================================================================== Security Fixes ============== Description ----------- php: * PHP [0] is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. [Issue #1] During a reaudit of the memory_limit problem it was discovered that it is possible for a remote attacker to trigger the memory_limit request termination in places where an interruption is unsafe. This can be abused to execute arbitrary code on remote PHP servers. This problem has been assigned the name CAN-2004-0594 [1] by the Common Vulnerabilities and Exposures (CVE) project, and was first reported by Stefan Esser [2] of e-matters GmbH. [Issue #2] During an audit of the PHP source code a binary safety problem in the handling of allowed tags within PHP's strip_tags() function was discovered. This problem may allow injection of malicious Javascript in the Internet Explorer and Safari browsers. This problem has been assigned the name CAN-2004-0595 [3] by the Common Vulnerabilities and Exposures (CVE) project, and was first reported by Stefan Esser [4] of e-matters GmbH. References ---------- [0] http://www.php.org/ [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 [2] http://security.e-matters.de/advisories/112004.html [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 [4] http://security.e-matters.de/advisories/122004.html Recommended Action ================== We recommend that all systems with these packages installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location ======== All tinysofa updates are available from Automatic Updates ================= Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Users of the APT tool may use the 'apt-get update' command, followed by an 'apt-get upgrade' command. Questions? ========== Check out our mailing lists: Verification ============ This advisory is signed with the tinysofa security sign key. This key is available from: All tinysofa packages are signed with the tinysofa stable sign key. This key is available from: The advisory is available from the tinysofa errata database at or directly at MD5sums Of The Packages ======================= [server-1.0] e1ffce3acc558c7e5269fd637b38d085 mod_php4-4.3.8-1ts.i586.rpm c02a8166b6d89269fa2c8d02589b3690 mod_php4-cli-4.3.8-1ts.i586.rpm 909156cf09c5489c7e0042d5c21d0bf7 mod_php4-devel-4.3.8-1ts.i586.rpm e7c08ddfb7137d7aeb30290f24675d50 mod_php4-domxml-4.3.8-1ts.i586.rpm ee1c25883b22f549b6a8e0996d3be18c mod_php4-exif-4.3.8-1ts.i586.rpm 2c5e9012c4d9868f041049269009485c mod_php4-gd-4.3.8-1ts.i586.rpm 348a60d1b953c62eadfb7d866697f18e mod_php4-imap-4.3.8-1ts.i586.rpm 6e950a881ec0e15f6ceedf0250cbc820 mod_php4-ldap-4.3.8-1ts.i586.rpm 89ce47c168e4de0be68ad1b59ce6df33 mod_php4-mysql-4.3.8-1ts.i586.rpm e982347926de5e427af28a97b6659a72 mod_php4-pgsql-4.3.8-1ts.i586.rpm 69f18f4ee8639f422c02e3db0c77796b mod_php4-sysv-4.3.8-1ts.i586.rpm 6484043213a52fe8dd26ef0ab9868ade mod_php4-test-4.3.8-1ts.i586.rpm [server-2.0] 26f4138ba3d6b5f4f23290be8643a6df php-4.3.8-1ts.i386.rpm a6e96cda8777dac2a1f536ece6cf0c85 php-devel-4.3.8-1ts.i386.rpm 10859240ea4aae5b79317d0eb4db6d2e php-domxml-4.3.8-1ts.i386.rpm 853644f7e40e3b71b2ed2f78c591d653 php-gd-4.3.8-1ts.i386.rpm 7e54e37375696909678e10c152b459e2 php-imap-4.3.8-1ts.i386.rpm ac80ece11dfea8e9cae08d8cbf6c4fb6 php-ldap-4.3.8-1ts.i386.rpm aee6a93771032b191d7e9369db6d45cd php-mbstring-4.3.8-1ts.i386.rpm f7d361ea347b3d2e8b1723ec8e051614 php-mssql-4.3.8-1ts.i386.rpm ad23fa72f9ca067b7e033e782c4913cb php-mysql-4.3.8-1ts.i386.rpm 70afbec8a0969160f22dd5847f54f2dc php-ncurses-4.3.8-1ts.i386.rpm 4ab163aa1df09619936f8a8930b7973c php-odbc-4.3.8-1ts.i386.rpm a6196a1d96643ae90b00e0c27255dbbf php-openssl-4.3.8-1ts.i386.rpm a88dab2943a986b0b44683ff8bb15750 php-pear-4.3.8-1ts.i386.rpm 78c60456204e51183cb58511861a0268 php-pgsql-4.3.8-1ts.i386.rpm f5d1edd1859eba41fe9bd735b8fee856 php-snmp-4.3.8-1ts.i386.rpm 1a0a1039daa8b21d28bc398c8167ed59 php-xmlrpc-4.3.8-1ts.i386.rpm -- tinysofa Security Team [ Part 2, Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ]