php-5.1.6-24.5.1.AXS3

エラータID: AXSA:2010-78:01

Release date: 
Thursday, January 28, 2010 - 14:19
Subject: 
php-5.1.6-24.5.1.AXS3
Affected Channels: 
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity: 
High
Description: 

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module which adds support for the PHP language to Apache HTTP Server.
Security issues fixed with this release:
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to 'missing sanity checks around exif processing.'
CVE-2009-3546
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
CVE-2009-4142
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

Solution: 

Update packages.

CVEs: 
CVE-2009-4142
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.
CVE-2009-4017
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
CVE-2009-3546
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.
CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."
CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.




Additional Info: 

N/A

Download: 

SRPMS
  1. php-5.1.6-24.5.1.AXS3.src.rpm
    MD5: d6ce09e981a5cfa2b10c0ac8588d8715
    SHA-256: bab23d1cd1a07f02a3f64e8878c5af2429299ea09cd9f7b4b5379d60ed6982ee
    Size: 7.97 MB

Asianux Server 3 for x86
  1. php-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 69e69ca11d5933bab437bd5f06c83fa6
    SHA-256: 286958c547e1ed6cf7ad8e767fd57048b13e8bc94ba4dc129f07b89fe3c27061
    Size: 1.15 MB
  2. php-bcmath-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 1343c4f21775d5f945f310d1821bd2d1
    SHA-256: e061543a0bc86369c38fb3395fbfee6349ec00b00a62ab5ffec859ea680ae2c4
    Size: 34.47 kB
  3. php-cli-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: aa394ec79825e2cca7b85e494b3b2dd9
    SHA-256: c9845ade7fe2caa34d05d74c32059a1c1be29e8db9aafe9079e56f6c18f52533
    Size: 2.10 MB
  4. php-common-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 46ba803375b61119fc65ccdeaecdd495
    SHA-256: 6c483df8eb8d9cfe7a5d35ee95ee31bfb53cf25e12f51cbb76ac338b49499ff6
    Size: 153.45 kB
  5. php-dba-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 46ad9331d1f5eff5be76d2b0b08529d4
    SHA-256: 55d92381a206416dfeaa41fff4f447707b137ea28ad6bada4f9f70152f166b65
    Size: 41.46 kB
  6. php-devel-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: c1358cb2cf02e290270ab52e09f47cce
    SHA-256: 050d74ed02b7da74350e016f7eadbbbd752f8fb7d28f8730783767836ef65d4a
    Size: 509.70 kB
  7. php-gd-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 253eb7f1ba27c2c778cd6effd93a66cd
    SHA-256: c581df8ccd3a2eeead43d366eed99a14e38b2c23768e4b8b2b6c098e4312f833
    Size: 117.35 kB
  8. php-imap-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 0d3e4d20a12e0c5123100f672607b8d8
    SHA-256: 19e5d7990f44b0fb35d2991789cf8ab0b0b60caf1660955b0f240ffd25939223
    Size: 54.39 kB
  9. php-ldap-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 98798d22fe4dd833226577970e5a1c73
    SHA-256: b71065bc19552f330f0b448a3e86b69d4a28ab5152c333d91788c88cf691f890
    Size: 36.85 kB
  10. php-mbstring-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 67d4fa0f81c7112f19a0028aac889e21
    SHA-256: 9ed3b509a66fb690e617a2e0feec7be9b9f3e9a8782ecb8ce0ffc05a17e10e0b
    Size: 1.06 MB
  11. php-mysql-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 84587edb312197525a884a00c2757b7e
    SHA-256: abc90e5421b9f406cb128c4ab30c5a3496505f47c27259fdbfce3db7e5275a4d
    Size: 86.07 kB
  12. php-ncurses-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: f21e439a36a88ab487c7ffdcd707c7b5
    SHA-256: a51eba14bf3f735b64b7f1c4a3610acaf04a7eec77ced052b6a8a82bac3ab699
    Size: 41.79 kB
  13. php-oci8-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 4325e43263670bf3cbb858d552a080a8
    SHA-256: b1ecbb8b66bea65e0e4406a12fbc3aaca82018c8d14ecd0febeace7c819722a4
    Size: 73.00 kB
  14. php-odbc-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 844cdf40e2ca1f7e6c01520633c48bc8
    SHA-256: 67eba9bd6c991c6195d25be7de23ca4f9d985c4474161cafc360615714e60b2c
    Size: 53.37 kB
  15. php-pdo-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 6931addf2fce9be51a7b4684b3955b87
    SHA-256: 3827fc03910f5ce762de1fd1e9a34bf1ce32ec2cba2d813d39a79c89a5e0a55e
    Size: 64.94 kB
  16. php-pgsql-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: b37df3246322f65271abaab3eedf2d95
    SHA-256: 6c5e05b2ad91e18c35f2e61f7381e916aa8f7496a98911f4b0ad9558567dc6bb
    Size: 68.07 kB
  17. php-snmp-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 1b59e6c03089679a1513c8c768c54d48
    SHA-256: c69c038d03c4d20b1814625cd3eb26eb705e87ab802f81b2bce3ea2fd4d2ce6d
    Size: 29.95 kB
  18. php-soap-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 41ce791cdb47fca78cd37033a7589883
    SHA-256: b4912c84f20ca72eccec042e5021cc7bbb9eceaa0f37eecececdf6b2b59a2870
    Size: 136.66 kB
  19. php-xml-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 758ff95a840f5275754ea019fea7956d
    SHA-256: fead31379e2aeb07e3edb22e3ca3e76383ceeeac23e6a068cdba79df18c4e7b3
    Size: 96.88 kB
  20. php-xmlrpc-5.1.6-24.5.1.AXS3.i386.rpm
    MD5: 5d9100fdc07cba996b8c97fd7dfecfcc
    SHA-256: 79b692726b0d8abe97b6cc11aebe7beacb79b3ca703dfcda8ac23731e7474b54
    Size: 57.46 kB

Asianux Server 3 for x86_64
  1. php-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 60c187756a4894d21e17fb50567ce67f
    SHA-256: 09081e659c198c8091476942c1bafe34820ced75266d078b4cb1ab96b5cf6cc7
    Size: 1.17 MB
  2. php-bcmath-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 7e13cd4e42fb2e4dbca2bb1a33780569
    SHA-256: a3212963d14c76f5e3e5ff34e4793d7a19bacf795ea0320060ea19a99dbbb127
    Size: 34.79 kB
  3. php-cli-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: f8e75ec1718405f75a45dbb4528c7b27
    SHA-256: e4e68befe2412467a508a7d1a54c6074ca27aa8759a9de7bf5beb6d923df5fa8
    Size: 2.17 MB
  4. php-common-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: a1b505966c82a1fff021392f2b1a4bee
    SHA-256: 4935d91cd2e7e634655f906707ff351ca4d7c40795bde17e74438ce57fa2f793
    Size: 153.84 kB
  5. php-dba-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 462887ce8a2fc9689cb59cb8b6b09cca
    SHA-256: 5bf063db3a8f9f14087366025ea902a2f900584ea5b8fd8a5001fc1f1650f681
    Size: 41.40 kB
  6. php-devel-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 90dae65f677ab4a9928cc9b2f50001bc
    SHA-256: eac1c9900e87c83c4ca0244e3108ade020d713f7dca41d9f8c559e35f6e1ebe3
    Size: 509.64 kB
  7. php-gd-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 9328ef0c2189a8c1641160cd7581d656
    SHA-256: 1e97f91ea9114f899eac775d7d54c99aad3a2edbede306081870c5a0dbd195aa
    Size: 117.54 kB
  8. php-imap-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 10f170342631310e6134798a08c3bfb8
    SHA-256: 0631ae17c3b97d41f1ccea69244b080a8ac1a4c77612d651dff96bc402cf4c90
    Size: 54.81 kB
  9. php-ldap-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 341e9c78c5e770d42609e2f3cb69acb8
    SHA-256: 0bd7a9c443fe3fea28988263caa88c2adca9bdf5011f08e3aaaa7a3bb6f7980d
    Size: 37.84 kB
  10. php-mbstring-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: dd9a245a01a0805fccd6d18fdc991cfd
    SHA-256: 8a783e6a8cb73c336fdc6945bf8b97156c3080553e579dd9ad91aadb3aeb99e0
    Size: 1.07 MB
  11. php-mysql-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: f535492a79007d22a99620217db52adb
    SHA-256: 44099d1a6f011212dbd0a584e915e3249e34dbd4c3d2c4e861e29fd430bc1402
    Size: 89.55 kB
  12. php-ncurses-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 5df3cef80d76f5986b4f66bf3eac499d
    SHA-256: 53d134295e9bbd471600af35c261ae21386801bb52a8d5aca4e42fb1d0f265ce
    Size: 43.04 kB
  13. php-oci8-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 9ce2fc58d0111f4cfe2c77cad1312df7
    SHA-256: 414812b0f28d3e994a543ec012af6dcbd867f6a7e5fcbfdc7db0b3757f985c5a
    Size: 71.97 kB
  14. php-odbc-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: ea4fbe00fd14b7c36b3a99c1c1389797
    SHA-256: 9fbc984e618ccaca1f6ede25c261ea26b47350dd962916ac0ec0ed2c223d9b8f
    Size: 54.35 kB
  15. php-pdo-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: db9b9bb0c4688980c163b3318931ef9d
    SHA-256: 08f2a240e66f7cb6c1cd7e7c26a89ba08eea1d14c7641cf7b6e850f97f3e85bb
    Size: 65.93 kB
  16. php-pgsql-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: bb4f3eec3acbe10484c26d9cdac6ad89
    SHA-256: 3beb5a2c9defc5605da273d4a3e56aefaaead77811f42d963dee609d8b9f19d0
    Size: 70.05 kB
  17. php-snmp-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: e47510d2f831804f8bce8747e532b3af
    SHA-256: 45e404b62b2c9a793c94fff2d4eaee8572d5df43b87ccc84566e42d3fa51564e
    Size: 30.29 kB
  18. php-soap-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: f8c08dbac1090f5b0399dc4aff21374e
    SHA-256: 0543007570f565bf120a7787544a6765aabba5e88fa47901bb27eb11f38fe7a7
    Size: 136.46 kB
  19. php-xml-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: d70093828e8a6ac2ed97f8dd9220bc63
    SHA-256: e80b7caf161c79cdef3871df24e16912debd359bc743edcdf19a579fdf4b64d0
    Size: 101.81 kB
  20. php-xmlrpc-5.1.6-24.5.1.AXS3.x86_64.rpm
    MD5: 45a0f0b85cdefef954ff76383fa34ae2
    SHA-256: 1c3fe7e54da945a66b44479d9a882d2d70c3b8f26f9bcacacf9a280cba72cf28
    Size: 57.29 kB