remote code execution in php4, php5

2008-01-2914:18:48

lists.opensuse.org

0.258 Low

EPSS

Percentile

96.7%

JSON

php5 was updated to version 5.2.5 to fix several security vulnerabilities. For php4 on SLES9 the patches were backported. - php4 on SLES9 and php5 on SLES10/10.1 contained a copy of the pcre library which was vulnerable to several security issues. On SLES9 the included library was patched. SLES10/10.1 now uses the system pcre library. 10.2 and 10.3 already used the system pcre library before. (CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228) - flaws in processing multi byte sequences in htmlentities/htmlspecialchars (CVE-2007-5898) - overly long arguments to the dl() function could crash php (CVE-2007-4825) - overy long arguments to the glob() function could crash php (CVE-2007-4782) - overly long arguments to some iconv functions could crash php (CVE-2007-4840) - overy long arguments to the setlocale() function could crash php (CVE-2007-4784) - the wordwrap-function could cause a floating point exception (CVE-2007-3998) - overy long arguments to the fnmatch() function could crash php (CVE-2007-4782) - incorrect size calculation in the chunk_split function could lead to a buffer overflow (CVE-2007-4661) - flaws in the GD extension could lead to integer overflows (CVE-2007-3996) - the money_format function contained format string flaws (CVE-2007-4658)

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Server10.1x86_64php5-sysvshm< 5.1.2-29.50php5-sysvshm-5.1.2-29.50.x86_64.rpm
SUSE Linux Enterprise Server10.1ppcphp5-curl< 5.1.2-29.50php5-curl-5.1.2-29.50.ppc.rpm
SUSE Linux Enterprise Software Development Kit10.1ia64php5-curl< 5.1.2-29.50php5-curl-5.1.2-29.50.ia64.rpm
openSUSE10.2ppcphp5-snmp< 5.2.5-18.1php5-snmp-5.2.5-18.1.ppc.rpm
openSUSE10.1x86_64php5-curl< 5.1.2-29.50php5-curl-5.1.2-29.50.x86_64.rpm
SUSE Linux Enterprise Server10.1ppcphp5-mbstring< 5.1.2-29.50php5-mbstring-5.1.2-29.50.ppc.rpm
openSUSE10.2x86_64php5< 5.2.5-18.1php5-5.2.5-18.1.x86_64.rpm
SUSE Linux Enterprise Server10.1i586php5-dom< 5.1.2-29.50php5-dom-5.1.2-29.50.i586.rpm
openSUSE10.3ppcphp5-gmp< 5.2.5-8.1php5-gmp-5.2.5-8.1.ppc.rpm
SUSE Linux Enterprise Software Development Kit10.1s390xphp5-ldap< 5.1.2-29.50php5-ldap-5.1.2-29.50.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Server	10.1	x86_64	php5-sysvshm	< 5.1.2-29.50	php5-sysvshm-5.1.2-29.50.x86_64.rpm
SUSE Linux Enterprise Server	10.1	ppc	php5-curl	< 5.1.2-29.50	php5-curl-5.1.2-29.50.ppc.rpm
SUSE Linux Enterprise Software Development Kit	10.1	ia64	php5-curl	< 5.1.2-29.50	php5-curl-5.1.2-29.50.ia64.rpm
openSUSE	10.2	ppc	php5-snmp	< 5.2.5-18.1	php5-snmp-5.2.5-18.1.ppc.rpm
openSUSE	10.1	x86_64	php5-curl	< 5.1.2-29.50	php5-curl-5.1.2-29.50.x86_64.rpm
SUSE Linux Enterprise Server	10.1	ppc	php5-mbstring	< 5.1.2-29.50	php5-mbstring-5.1.2-29.50.ppc.rpm
openSUSE	10.2	x86_64	php5	< 5.2.5-18.1	php5-5.2.5-18.1.x86_64.rpm
SUSE Linux Enterprise Server	10.1	i586	php5-dom	< 5.1.2-29.50	php5-dom-5.1.2-29.50.i586.rpm
openSUSE	10.3	ppc	php5-gmp	< 5.2.5-8.1	php5-gmp-5.2.5-8.1.ppc.rpm
SUSE Linux Enterprise Software Development Kit	10.1	s390x	php5-ldap	< 5.1.2-29.50	php5-ldap-5.1.2-29.50.s390x.rpm