php-5.1.6-27.3.0.1.AXS3
エラータID: AXSA:2010-502:05
リリース日:
2010/12/02 Thursday - 12:44
題名:
php-5.1.6-27.3.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHP の xml_utf8_decode 関数には整数オーバーフローが存在し, 長すぎるUTF-8 エンコードを用いた巧妙に細工された文字列によって, リモートの攻撃者がクロスサイトスクリプティング (XSS) や SQL インジェクション保護メカニズムを回避しやすくなる脆弱性があります。
なお, この脆弱性は CVE-2010-3870 とは異なる脆弱性です。(CVE-2009-5016)
- PHP の xmlrpc 拡張には、xmlrpc_decode_request 関数への最初の引数における不足した methodName 要素を適切に処理しないため、サービス運用妨害 (DoS) 状態となる、および詳細不明な影響を受ける脆弱性が存在します。(CVE-2010-0397)
- PHP の Linear Congruential Generator (LCG) には、期待されたエントロピーが提供されないため、値を推測される脆弱性が存在します。(CVE-2010-1128)
- PHP には、長大な文字列の処理に関して不備があるため、サービス運用妨害 (DoS) 状態となる脆弱性が存在します。(CVE-2010-1917)
- PHP の var_export 関数には、display_errors がオフの場合でも、致命的なエラーが発生した際、ユーザに出力バッファが流出してしまうため、重要な情報を取得される脆弱性が存在します。(CVE-2010-2531)
- PHP のセッションシリアライザには、PS_UNDEF_MARKER 文字を適切に処理しない不備があるため、任意のセッション変数に変更される脆弱性が存在します。(CVE-2010-3065)
- utf8_decode 関数は適切に non-shortest form UTF-8 エンコードと UTF-8 データの不正な形式のサブシークェンスを適切に扱うことができず, 巧妙に細工した文字列によって, クロスサイトスクリプティング (XSS) や SQL インジェクション保護メカニズムを回避しやすくする脆弱性があります。 (CVE-2010-3870)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-5016
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
CVE-2010-0397
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly have unspecified other impact via a crafted argument.
CVE-2010-1128
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies generated by using the uniqid function.
CVE-2010-1917
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.
CVE-2010-2531
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.
CVE-2010-3065
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name.
CVE-2010-3870
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.1.6-27.3.0.1.AXS3.src.rpm
MD5: dd2987acfaca301562a6663a1b8e7c13
SHA-256: a81b30e289d7d081b5954b37ed4484c9112aec3e72d6b47a678a5ef475b5987c
Size: 8.07 MB
Asianux Server 3 for x86
- php-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: b685900b6992344b59bb5ecd63c6c5ab
SHA-256: 32e8c34009f14a6c9c05dc9cc803d8060cde19e8a89de66dd9c2c25778346eb4
Size: 2.33 MB - php-bcmath-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 2560001db1056dd7325b86eb081264ab
SHA-256: d379f21f6842d63b343a5a349d3b2addb641882631e656174fbfaac679c3a2f4
Size: 35.46 kB - php-cli-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 0841748339402b1d8d085c2e3e0e76dd
SHA-256: 32266475d1b7df9e2c49203d8c7ee5967c2a3766dcc4a2365a595f5a759f3d7d
Size: 2.11 MB - php-common-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: de3f7f221a37e5b7eb27ffd501c9f8ef
SHA-256: 5195dd52ac8c62f9d086e26a65df245d4955a4b90126846f5c45df7b48371c43
Size: 154.43 kB - php-dba-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 4f20e0de9d66b09bebd245cc16fe5ded
SHA-256: d399855a81a7b7c58fdccc436aee763a59403bacbda3c2e83ceeef1a2ffca839
Size: 42.46 kB - php-devel-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 036d17a7734b2db8835d79998a20e3ea
SHA-256: 33b765a73b298875157e3af56808128f290074e6f1b765f42eb36ec27adf1c28
Size: 510.62 kB - php-gd-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: eb92fba8e6cc2cbde2a8f560c1df7423
SHA-256: 970ec49193cdf01c9623e723f28e1c37623c913cd6875b5a0431e9eda5a06621
Size: 118.36 kB - php-imap-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 6bc3d3486b60e80a25e58b7e41e12e8c
SHA-256: 27fe82442ed6bf3adfcc3f7d9e16f35b1605d098ad1e02c09e8d3ed318f93f36
Size: 55.39 kB - php-ldap-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 0c47a19559f6c74fea08492aa0cb3b3e
SHA-256: 4e5b22a93ec7766f5c6b5372e9bf85de15259cb009bcdcce7b336d49ecc71efb
Size: 37.84 kB - php-mbstring-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 436c8a85bedae5d871a304f59b78796a
SHA-256: 69cf0ae13cba39553c5f4f232cbaf4595c9924dcffa93ec9a9c4438fb6329fff
Size: 1.06 MB - php-mysql-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 15a7f37d3fb15d33516b81e20b7267b1
SHA-256: be217c5e12b147ab804e288fc23f78d747a7506891d0d26a77b44259e4be43fc
Size: 87.07 kB - php-ncurses-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: a48d1a2894c483fb93666719947ed250
SHA-256: 4ad9b55a0e1342e2e7703a7769636b2d1b02cc43777c22a81d4103870cf6fdb0
Size: 42.79 kB - php-oci8-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: aba3089841e2cd7d6bf1ce1c5e6224a4
SHA-256: da5dd321da37ae6f6a3571ca31c0513730ce54c2a65fec4a477f07a4af690b49
Size: 76.99 kB - php-odbc-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 2fbb13e858b1d1587b8ea4ef90007b81
SHA-256: 4e0dac3a22f2a499c735a76c9939441744a09d23ffb22180db1a14be1bb7a9e9
Size: 54.34 kB - php-pdo-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 7a7e5fb7c331a3901bee15faf0cf4d03
SHA-256: bc9193fa2c6c717717c8f726e2c16dfeacdace443d8b2fff84c5aa26cb9178e6
Size: 65.91 kB - php-pgsql-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 9dee9794e778f2153e282db8fbc720e9
SHA-256: d7ef26a688997d2632383789d52552701fdc81b2999095dcaee28e3ab056ae03
Size: 69.09 kB - php-snmp-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: b2a82a05fc25ffbc0396e292c16b916f
SHA-256: b5a43a94524b81142a44afbea35913d0c125080a6bbe23d07ba8407dcc02f6e3
Size: 30.94 kB - php-soap-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 021e9ce6f74497bd22c36f301606c836
SHA-256: 6836f63f0eede32d6bd463b471346aae8ff77d78564b4d5a44d181653059ce8b
Size: 137.69 kB - php-xml-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 6c06714c64e0ff7e5c23eeaf441022dc
SHA-256: 97623dbdc0f2a5c3fa0d3a1bafb1d391d338b201ad4d10760c09a6b2f14d6f87
Size: 97.90 kB - php-xmlrpc-5.1.6-27.3.0.1.AXS3.i386.rpm
MD5: 75f6fe4e03ad38b74af92115178e9371
SHA-256: 9b9a5cf7633d776af4d7c2f5d52d9e9134d7727aef6b921dae3a8ac7469fd89e
Size: 58.48 kB
Asianux Server 3 for x86_64
- php-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: dc5a46aa28942ded252d221e439286ad
SHA-256: 6673f42351b2fbb205aff43e99a8a6c8f8118e2b923385c8ef9d0d0276b92368
Size: 2.36 MB - php-bcmath-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 4ec20ac4ba6b9c6192c383c50708e946
SHA-256: cc28b8c9c712e1ceaefc9bbace9f0db2d31b001e0d666f2e842f3bb39fbb3390
Size: 35.77 kB - php-cli-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 6c0d5c33f72952a9994b28629d1bb4d8
SHA-256: ce7a889bb92a2193b9f238d5c44c21c006d061581ff4f09048848bea1d6ca15f
Size: 2.18 MB - php-common-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 61a2b63edd747d8a67b810077c77342d
SHA-256: 3a1ac64e3e52ebceba0c101632c6ad24dd1135ccf1daf2757ba63946e986608b
Size: 154.83 kB - php-dba-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 787a46de0de434f7564414a34294a6e9
SHA-256: 261b912f8b89a2ddf4890e87cdf8b0a79b5962d9901cbdb71a851d7a53822d6c
Size: 42.37 kB - php-devel-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: d28b9f8f896471dc8816c21b36b71fd4
SHA-256: afbc0278d7add8407540d9f0222f9573f5b8ebe77ca4ae24b1fa89771b7a1320
Size: 510.59 kB - php-gd-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 27f3b44c80eae8f33112829ba10a696e
SHA-256: 5d43520ac01f277d1fa01b0c48083faf8a8fd186508787a41913c62136956dea
Size: 118.52 kB - php-imap-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: b4ca18384df8bf7ee3bab85b816e4c3b
SHA-256: 04296e28ff59ef94291a75e5db28f31e8c80ba8e10d9b2a7cfdbb7091e8ce4de
Size: 55.79 kB - php-ldap-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: e1f89d3f668893e75301e54be1787f3a
SHA-256: aee0adf0e2496ece903e825f97cbe2399720fe88baaaee57ee59c6add8d92028
Size: 38.81 kB - php-mbstring-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 3b59aa0188e2e3f62647d68016ec22ec
SHA-256: a54854c861050f9e608f1538ebfc00fb979c5bed8c4834b0eb3319322541e07d
Size: 1.07 MB - php-mysql-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: f34174a1da4bd13648bd4cadd1636b24
SHA-256: 30f5907f6ebd2672d94325b49e254fd4b595ee03fc88c92dc2f3026c376c71d1
Size: 90.53 kB - php-ncurses-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: c2458cbff0807e8cf5175e9afce4c1f2
SHA-256: 1eda10c48962817a884a85bae5fb54a1a6b419b3fe5c792fdfde8777eacbb8da
Size: 44.02 kB - php-oci8-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 84ebf05a2182bea222820e4d31429f36
SHA-256: f14b009e3b7ebd355877d790581fe81f494557c351d5429fe524bf5ba6443bb4
Size: 79.52 kB - php-odbc-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 198bcbfb0c0f4fc89ebe356ffee145b2
SHA-256: c0d6c5da6434ded85daa3c8ddd1b4f5aaf0b7dddff2f8d2958ee51eddd05996e
Size: 55.28 kB - php-pdo-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 9d0a112bf376f88dc12bcfaac4241ba2
SHA-256: 5fe5631b3ae9561bd501a876fd1691b2a15355f30760290c9a7c4aec40444413
Size: 66.90 kB - php-pgsql-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: a845913e6e7832bc5402b98c5ad4326d
SHA-256: 931f7f7357045ffa8718df9a26c20e2d4ecd4d131f8f47d4b4e5456bb72b61fc
Size: 71.03 kB - php-snmp-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 616a92ac2199dd0079f207616ca15f14
SHA-256: d83279af151465a1dfa53f5ad799270b9294aafd113d72303eb59431aad7f410
Size: 31.27 kB - php-soap-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 90dbc7e6bf654b5e4fe7f5fcaaad6819
SHA-256: 1e23543cd984bead8424cddbf7ee89fcd34f1f90d76e5b1d5c72efab2a74cf17
Size: 137.54 kB - php-xml-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 14bf2615e00c56ba858f7d84d2619d3c
SHA-256: 130439adc7d6e720cbe95b5323d49e75f4675eb11554829cc8ac24188681c052
Size: 102.79 kB - php-xmlrpc-5.1.6-27.3.0.1.AXS3.x86_64.rpm
MD5: 6cfaaab165841477dd45df3638746447
SHA-256: 3411cd19f008e7764f2c8ca89950a5f2fd68bc5b7172ff999ef67e03ac5c799b
Size: 58.35 kB