php-5.1.6-27.4.0.1.AXS3
エラータID: AXSA:2012-35:01
リリース日:
2012/01/20 Friday - 20:42
題名:
php-5.1.6-27.4.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。<br />
<br />
[Security Fix]<br />
- PHP の 64ビットプラットフォーム上で exif.c は誤ったキャストを実行し,巧妙に細工された Image File Directory (IFD) によって,リモートの攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2011-0708)<br />
<br />
- PHP の substr_replace 関数には開放後使用脆弱性が存在し,複数の引数に同じ変数を使用することで,攻撃者がサービス拒否 (メモリ破壊) を引き起こす詳細不明な影響のある脆弱性があります。(CVE-2011-1148)<br />
<br />
- PHP の SdnToJulian 関数には整数オーバーフロー脆弱性が存在し,cal_from_jd 関数の第一引数に大きな整数を渡すことによって,攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2011-1466)<br />
<br />
- PHP の Streams コンポーネントに 詳細不明の脆弱性が存在し,FTP ラッパーとともに HTTP プロキシを用いている際に ftp:// URL にアクセスすると,攻撃者がサービス拒否 (アプリケーションのクラッシュ) を引き起こす脆弱性があります。(CVE-2011-1469)<br />
<br />
- PHP の rfc1867_post_handler 関数には,multipart/form-data POST リクエストで適切にファイル名を制限しておらず,巧妙に細工されたアップロードリクエストによって,リモートの攻撃者が絶対パストラバーサル攻撃を行ったり,任意のファイルを作成したり上書きする可能性のある脆弱性があります。(CVE-2011-2202)<br />
<br />
- PHP の 32ビットプラットフォームの exif_process_IFD_TAG 関数には整数オーバーフローが存在し,巧妙に細工された JPEG ファイルの EXIF ヘッダの offset_val 値によって,リモートの攻撃者が任意のメモリの場所の内容を読み込むことができたり,あるいはサービス拒否を引き起こす脆弱性があります。<br />
なお,この脆弱性は CVE-2011-0708 とは異なる脆弱性です。(CVE-2011-4566)<br />
<br />
- PHP は フォームパラメータのハッシュ値を予想通りにハッシュの衝突を引き起こさないように制限しておらず,多くの細工されたパラメータを送信することによって,リモートの攻撃者がサービス拒否 (CPU の消費) を引き起こす脆弱性があります。(CVE-2011-4885)<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-0708
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.
CVE-2011-1148
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments.
CVE-2011-1466
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a large integer in the first argument to the cal_from_jd function.
CVE-2011-1469
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper.
CVE-2011-2202
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."
CVE-2011-4566
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.
CVE-2011-4885
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.1.6-27.4.0.1.AXS3.src.rpm
MD5: d34be4e9e1e73d650b61cec2d4bb28a1
SHA-256: a36b84e9519f1f999905d385d070ef363e9a1d24798d83441166946fe6b4bcec
Size: 8.08 MB
Asianux Server 3 for x86
- php-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 21c91df641aabab783ecc8fd4b92c414
SHA-256: 12178a3518146ff3fee624c86ed3b9f86d87f0af314fc37543435225954c42c4
Size: 2.33 MB - php-bcmath-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 873aa5b6b72075582f35b97fae78c75f
SHA-256: f676ad34832338d6949a48ecc8a8fdff3bec117bf0a187664450ceb1c6f0b5df
Size: 35.68 kB - php-cli-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 08c92d6047e1a9b08fc0695bd5d54fd9
SHA-256: 103ebaa18742bff46c5f807caea90fecbaca1e3ec4f3dcaa6443a5492c16892e
Size: 2.11 MB - php-common-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 5a99cfcfd1875b45d1da945328be9976
SHA-256: ea0dd09b7fe749f193532c1182161d994059f62180f7d49e02c85455f041a2e4
Size: 154.66 kB - php-dba-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: aaade3fb9b4dceece93730177f69b7c4
SHA-256: ca8a6d3504f95f7ed12d229b0f15dd867620105ea3c23320328f8b8c7de75c00
Size: 42.68 kB - php-devel-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 97b0d55a389b356bbd3e5aab688cbf5c
SHA-256: 04860613e1a63346c229df1d4593621c5c7a880fc9018174bffc692957abd036
Size: 510.94 kB - php-gd-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 4c6f28220e5081b56c3ba9dcbda4efd2
SHA-256: 41faeff15aa2e25087eb78eb70c529ae625b043578f09b8ce429e34e8b463221
Size: 118.58 kB - php-imap-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 059ab878cbfcca8de02a79609bff6c2c
SHA-256: 62fd9b306fa59f8575ddfad32f144cc109351c7f50f8ae268fc0b1ef136583a5
Size: 55.61 kB - php-ldap-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: af39054cf6a1edacce93029b1b64fee9
SHA-256: cba0d013d1eb4e5b7a7afa34503aceb2e1c08efe7d68ecda4afb658569a5e750
Size: 38.07 kB - php-mbstring-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: b1f8f7c482c27739df64799bc339fa15
SHA-256: 93bf4b6ad58c476ebfbdb63c0bba4a783f478dbe68aba038fe06d91e05136303
Size: 1.06 MB - php-mysql-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 37e7151c80205cd1f40154d0cf67a790
SHA-256: 030d2d38c063079a768925f53af8ab4ab84365af8b2864b2682f7bfdefdaf800
Size: 87.29 kB - php-ncurses-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 70cfc4cffadd1a075fe59f70f04b5eca
SHA-256: a8cbeeeafd07df9687214887b76b5f19aa0ffff7fa856b2d1325508ba9dde339
Size: 43.01 kB - php-oci8-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: f1e5f5bbe298d3c60fc6c0bf53491cf4
SHA-256: 2367430d1a4cb5402c0ff203189e34b92ab19473fae8f8d29ad8bfc7670dcf1e
Size: 77.20 kB - php-odbc-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 33507c5474f94351af6f6cc9cd2857d1
SHA-256: 0121704c67effa8285f559f0aa1047e69dd02bf637dccb4f66ad01b4d3bcad29
Size: 54.56 kB - php-pdo-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 7f90564b57fc4624eaf59aaba76b935f
SHA-256: e91b11ec411a42168213efca7433b1e6db86d38d03230855749f05764b091917
Size: 66.14 kB - php-pgsql-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 1c862807e4121692bd67d34f6d6f09eb
SHA-256: 81daa267f31956378b39c30c94c778127f12c7db69634adb754c332b00c2681f
Size: 69.31 kB - php-snmp-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 35321e76c0a7d9a52647a0fabaec39de
SHA-256: 86fb24f3f70255d0dd204a4b7210cfbd97e68ce0be1c00a06e062af84d7a64d7
Size: 31.15 kB - php-soap-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 56f5d267b702af1e217981d63fc30ed0
SHA-256: c8befc0451fb81b9f7d121d4c22d04070dc254614e9b5a9d5a89089f9c8bed26
Size: 137.91 kB - php-xml-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: e67c1d7186a79cb46c19d21f9766f624
SHA-256: ceda4bed13a43a2f6a4c5ba8b8cb3827b4e7886432630451d78f260be471383b
Size: 98.12 kB - php-xmlrpc-5.1.6-27.4.0.1.AXS3.i386.rpm
MD5: 503a20a45613ed9c0cfd3670f31e2010
SHA-256: 15371d197224da7fb92cada3759221b85a6699f9be7747f279df907c7851677f
Size: 58.70 kB
Asianux Server 3 for x86_64
- php-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 9af7120c5ba1364e8ab0d4e631fcef76
SHA-256: 92f636d44194a49940fd0d4b4e144dd7b6aa63792eae0a859bb4aa1917dbb252
Size: 2.36 MB - php-bcmath-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 097361e032e238e034e77fab870e8f03
SHA-256: be2240100a2dee7d30a35aba265c1d307aac46400aa9adce0fc68d26be5d5aea
Size: 35.99 kB - php-cli-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 7083393cc2be6b7eb6ddba9ff99cb09c
SHA-256: eddb496c81a9fba1ac371f7ef79dcf8cb49c530a26c4ae184b227407c5b730c9
Size: 2.18 MB - php-common-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 38972516904798d2ffca2f7de7c0e158
SHA-256: bd0620dfd7908b5555d795fedb654f79e0bd92c07e357cfad05511ffacb8b0be
Size: 155.05 kB - php-dba-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 424c40f7a7d65c72b0c08bc450726417
SHA-256: 6d59306ba18b0844b5155fa0ab893c63aadb47edd1293cebfedb18d670944a68
Size: 42.59 kB - php-devel-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: b4b14826d1bc1872535a6cdee30a5f12
SHA-256: dcb07eca47a21284eb7fbf1d3d5b404bbc6fed889c4fe610b9894b36757b2347
Size: 510.85 kB - php-gd-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 0cef91a4284a6ea8672ab968e5d54590
SHA-256: 0629a12041e558923b60de41eb5fa3eb42d911ae6eb9ad146fb834ad2db96111
Size: 118.74 kB - php-imap-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: b1709b515f468763b110a3357e7a3854
SHA-256: b99d55f39964ea35140aee7fb6d3f01a94a78dbcc9e212f7abcf5e85b0a30b9b
Size: 56.01 kB - php-ldap-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 0feb4bd8c6d407e33121ccb679c46e9f
SHA-256: ba19e3e7d40bbadc2e8efb9235adf1a4dd4df0a154fad01e0d3c00334c89c257
Size: 39.04 kB - php-mbstring-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 81b4560d2cab7ab38035c6c96bc5184b
SHA-256: f052ab8cebfb6991133cdeff4ab47d86287b118075c42abf23b26598ce4133c9
Size: 1.07 MB - php-mysql-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 1d2a576134f12db57b9a1d9ac539d197
SHA-256: bb80dc6254dba926202642fb5926feda8bc3fa6ce87dc349ea36b4d0a109890d
Size: 90.75 kB - php-ncurses-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: f1c6ad9c38238178c65c468300ca9c05
SHA-256: 057d71302ee917b639028ea207be4c0c58252dc6b4dec630a56013ce96938032
Size: 44.24 kB - php-oci8-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 8444bdeb108c922e2dd2eb44b65ad769
SHA-256: 7e9768fa1088fd0eb88f63b6cadb8f2404f8cabfa7f2b8a2f1cad8b49e9955c9
Size: 79.74 kB - php-odbc-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 2a7d7655fae775fbb24bfe2fab816401
SHA-256: 41d1175969f2cb6c51261bf309d59319a43850e3eab81b0035dce4386ec6862f
Size: 55.51 kB - php-pdo-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: ceef37ec4ec5f72ea46033eac4d659bd
SHA-256: 9cc5b83725cb757f266fb9ec90b7e78893ba331f14c41c6da6e78ea06dc722ba
Size: 67.12 kB - php-pgsql-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 2f7055ee823ee5cd360a04b70fa60907
SHA-256: c508378379ca776c65ad1c1feebc4a1069c2bf485c270fd2d8e05e2093ebe9b9
Size: 71.25 kB - php-snmp-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: e72cdcbfa9d88d1ab2a528f539f4a2b3
SHA-256: a92e51faff383335960dd69e6f9f04fb8bb27f37ab670bdfbece7dd567d3a307
Size: 31.49 kB - php-soap-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 10d11b1595f9b2b5aa2b972354a8e179
SHA-256: 24f200bd0e68ddc40726bf3358989459425fce4254bbc95e622483cf2e0ded68
Size: 137.76 kB - php-xml-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 5c804309a694a6236ee889c620d08a8c
SHA-256: a593b0edf94d5239c67d6a573fd85c4211c4587ffdbc5c4e90f1995c0b6b5d8f
Size: 103.02 kB - php-xmlrpc-5.1.6-27.4.0.1.AXS3.x86_64.rpm
MD5: 1a42a1b8c5f3d855bdd1590b20339be1
SHA-256: 70b68a8d4cfef634dbf8b3eb43591f1fe8bf4b0d84b08f4ef5e1c1d99af10160
Size: 58.57 kB