php-5.1.6-39.0.1.AXS3
エラータID: AXSA:2012-687:05
リリース日:
2012/08/02 Thursday - 21:57
題名:
php-5.1.6-39.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- PHP は zend_strndup 関数の返り値をいつもチェックしておらず,巧妙に細工されたアプリケーションの入力によって,リモートの攻撃者がサービス拒否 (ヌルポインタ逆参照とアプリケーションのクラッシュ)を引き起こす脆弱性があります。(CVE-2011-4153)
- PHP には不適切な libxslt のセキュリティの設定があり,巧妙に細工された XSLT スタイルシートによって,リモートの攻撃者が任意のファイルを作成する脆弱性があります。(CVE-2012-0057)
- PHP の rfc1867.c のファイルアップロード実装は,名前の値に含まれる不正な ”[” 文字を適切に処理しておらず,複数のファイルのアップロードの際に,リモートの攻撃者がサービス拒否 (不正な $_FILES インデックス) を引き起こしやすくしたり,ディレクトリトラバーサル攻撃を行いやすくする脆弱性があります。(CVE-2012-1172)
- PHP の sapi/cgi/cgi_main.c は CGI スクリプトとして設定されている場合,"=" 文字が欠けているクエリ文字列を適切に処理しておらず,クエリ文字列にコマンドラインオプションを置くことによって,リモートの攻撃者がサービス拒否 (リソースの消費) を引き起こす脆弱性があります。
注: この脆弱性は CVE-2012-1823 の不完全な修正による脆弱性です。(CVE-2012-2336)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
CVE-2012-2336
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
追加情報:
N/A
ダウンロード:
SRPMS
- php-5.1.6-39.0.1.AXS3.src.rpm
MD5: add5ded4e76571e6426f7f8cc799d59d
SHA-256: 3708020d538ed0b3168e8dc0f81b62648d742596a54a486eb184b2f1c0575d47
Size: 8.09 MB
Asianux Server 3 for x86
- php-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 4ccb8749d7dbc88ffe4ebdf74a401254
SHA-256: 612ee3a0d9f26234b5a01dbcebdf2be02d61436f4f13e133620c07da47643a85
Size: 2.33 MB - php-bcmath-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 709090cdff8d27c1d58e71c67f420770
SHA-256: 61d7f4c4257f74b2ee82373997bdd5df2e4a1d0873cf9a928f00619a8060233f
Size: 36.65 kB - php-cli-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 3b825bd37f9b4070f89a59db39b2cc82
SHA-256: a67a7ff78a859499df34d228d913485c3079c64a266872714c33f193faf6b90b
Size: 2.11 MB - php-common-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 5708d9ed3b0021213735dedfbd7ef931
SHA-256: d7a07852ad1cbe370270a82dd329e7c7baf43f03bcae9ae5421edcbdb41bb590
Size: 155.64 kB - php-dba-5.1.6-39.0.1.AXS3.i386.rpm
MD5: d9bffab805d835ff75c3e3d028402e70
SHA-256: b494fa28ee2a69291ece554c26be99ec81717518cd045801edfa1c4ee2694dfd
Size: 43.65 kB - php-devel-5.1.6-39.0.1.AXS3.i386.rpm
MD5: bc914881458edfe776c4fdaeeea843ce
SHA-256: b4268f4fd6dc8517ea5cf81ae144d4ed43b345ddb24f20a9d31f8443ffb1595b
Size: 511.99 kB - php-gd-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 79d545af4eddef51bb2fd25c4a784583
SHA-256: ca278165ff23c425d64a0c80d6df3888e9da1a8c81983c56e9c14614a6ce7fba
Size: 119.57 kB - php-imap-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 7c0cb6a91027766a14f04725b155b210
SHA-256: 03186d274a67c7e5c31b3e9d9ca826844ab649bcb09bd498de576eaec50b4d8e
Size: 56.86 kB - php-ldap-5.1.6-39.0.1.AXS3.i386.rpm
MD5: dad93c3c91d648df01fe5644da6df959
SHA-256: e32efd8cd0d324c2bf8dda2d2595246e2281931ec3768319f3e3126de13a2d80
Size: 39.02 kB - php-mbstring-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 60f17c36ace9442bea6c064ded46897e
SHA-256: 00cf6c7f876520991a2581603a1776fbfbf73693b95df01a5b6e81a48d98a5ba
Size: 1.06 MB - php-mysql-5.1.6-39.0.1.AXS3.i386.rpm
MD5: e2b46673fd8a868f60d85755ae2a550d
SHA-256: 6f6ab4e2c0f76df9263f1f78d2e0d49b7b68f66f2e6fd4660e8789f17fcdae46
Size: 88.25 kB - php-ncurses-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 715566de406fd3201de6721766282b2c
SHA-256: 300af0609fa37e34c10551437175664a5d732e46296b67cfa3c2a863337d64ec
Size: 43.98 kB - php-oci8-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 1499139f0a43c2de612f859107003f8b
SHA-256: 992c2afcb648f02a7bb6101ca5d0ef67036378cead87009b5539bd730b463aec
Size: 78.16 kB - php-odbc-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 9ad3730394ad33b77e398741808dc95b
SHA-256: fe13ae10699ddfb450a1eebeeb871cbae25c898efed6642e3a2dd14b301a2a21
Size: 55.57 kB - php-pdo-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 6750faa8f0547928a9f6459604b3ee96
SHA-256: d224cc60efedf1e098cc5ca8dca6035824aafd96d19bae79f6cc9a9c7d5cc7be
Size: 67.09 kB - php-pgsql-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 0d627072e8de0245c4fea79564af6325
SHA-256: c20ff5e32be8820afd79dd8ca4d8d1061b9e0fce714043d86f7cd8657ea91715
Size: 70.30 kB - php-snmp-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 88846da847ab9c798f89cc6655e24050
SHA-256: 081b9e5e6837222f112a1329d025d35bf099e09944eb0714fc0d3b4b2c3c4130
Size: 32.12 kB - php-soap-5.1.6-39.0.1.AXS3.i386.rpm
MD5: cf8c0a52a0187e50b8749d3429543017
SHA-256: 9b962bbfafbcfdb652246d15190739aea3233ea68e7de4ba384ac2c09477ef47
Size: 138.87 kB - php-xml-5.1.6-39.0.1.AXS3.i386.rpm
MD5: 1d204393b43be54de0b53cd39dd78c04
SHA-256: 98660e7cd47a96adf9e03ca60a02e5e8c1ed42e45f303c11724bab00e5852159
Size: 99.78 kB - php-xmlrpc-5.1.6-39.0.1.AXS3.i386.rpm
MD5: a720dd6cbf07db515b37374868e234df
SHA-256: d04d7f17c5a41fd68eec4471381456c3fe66d6f4062e6fc0ddf533d32ba33245
Size: 59.67 kB
Asianux Server 3 for x86_64
- php-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: a9691c92a045eeff321dc86ac673b27a
SHA-256: 7e01f6eaeb460f8f0036b95cf1c6718cc8317687811249e2ad3c067065b72815
Size: 2.37 MB - php-bcmath-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 7df1eef8fe01fee5b3582b7df508f3d8
SHA-256: a05580aec65677b65c57a3149d0aaa1285fbcd2d3c3b8a4eaeb5a2420e2832fa
Size: 36.96 kB - php-cli-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 81b2ab193fa9d42d4fa506cb31121634
SHA-256: 2a9b920d8d0eb075d38691bbd5870b1cb71218c7a7f501c042472979f149b4ba
Size: 2.18 MB - php-common-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: dc7d2c303db3964156f66f433c1a0f32
SHA-256: 29460871830af0598ab582eb2b0fe414a130f70f119126c1e74ad674472cf4e1
Size: 156.01 kB - php-dba-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: b34cc68015da647d3a48173f07605a64
SHA-256: c07c4d2b8924d4e4ac71de807b4531fc27665196374975dea5cd1046cc19a5db
Size: 43.56 kB - php-devel-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 7cd55be08b7cb1b882729397a95329ca
SHA-256: 1e3854d2273389fd67132578c400645a6f3fee49c6cff538c3faa9cc6e7f2bad
Size: 511.85 kB - php-gd-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 586a4a0a20105418aa455588486e6109
SHA-256: 4dd3029161a2dcd3a923498c9776b6485b6f781f933167fdf52b14f9a8f1c008
Size: 119.77 kB - php-imap-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 0410f34b0815b62ee345e2574ef26618
SHA-256: 31c4fb01befaf9e1ffd8e1ada9e60585b08ad47e82c3a1e79acd05b5fdc9f2e4
Size: 57.33 kB - php-ldap-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: d3dc915fad602dcaf5616ffa2326e4f9
SHA-256: 74342cd3181e9fc6f7f3523015916ccce2e7f677ce5ad9cd9a464288587511a2
Size: 40.00 kB - php-mbstring-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 14e71f296105156ccf85defcce48d591
SHA-256: 6f0505baa442f6db8ed071ecc3d7a34f221e6755abde67fafda1d2133e2a299d
Size: 1.07 MB - php-mysql-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 3024dcd7395a14d2d50091b9fa083d4c
SHA-256: 3bcae7259545f5cacbfe1b338756f75504a51cec17734d0ab412de9d1f9a6f1c
Size: 91.72 kB - php-ncurses-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: df95a7fa42b45d7db48e0c70fa8e45a1
SHA-256: 43b67dd069b50cfd797fc4a05d4fe030c62befafc5f662a47b617f232c7c4108
Size: 45.21 kB - php-oci8-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: b3174c4987d3a7aae892f17c44471a15
SHA-256: 08f540320436d168c9cb8eeb606ba5fc6385e43d079976b526edac7025beb8c0
Size: 80.70 kB - php-odbc-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: abb00950fcc1e1d5d580005a37c72f4c
SHA-256: 8dc1722cf602c793b2699baf2e228c2f53d6894c6e5c5812ff280f5c7e11fa40
Size: 56.52 kB - php-pdo-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: e39b6d32c6a4428480703b22a9c0bbca
SHA-256: 02b54916610da7b53ae2cd0de771a3f8dae514f1c37de7949c8ac2a5ace2a53c
Size: 68.09 kB - php-pgsql-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 9579f6ee59dbec7135e9781276fa0112
SHA-256: dab358b9134c317e027732ba4721e1d6332ece19c3bc1f916c7dc3311f0f92c2
Size: 72.24 kB - php-snmp-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 101fd52633e60f9802bbd5ec5c786370
SHA-256: b8cf7fcb4b2c097272ad03d8b98c74f6840dd493e33e6b09eb01205f8d7f2721
Size: 32.46 kB - php-soap-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 5d053a9656c773dc5cfc4e21d76356cd
SHA-256: 0a9a7bdc1afa7a0745ed26560cf1edda0630d772920906c36435681da5569335
Size: 138.72 kB - php-xml-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 23d7ce3e1fa3e62490f082788c3a2691
SHA-256: 5b4dd50d74e6c9a16762bbbf0f899b1fc6ccbf94c65a7c6b116e5e03ba569a72
Size: 104.64 kB - php-xmlrpc-5.1.6-39.0.1.AXS3.x86_64.rpm
MD5: 1091e1cc4d409aba17c2cba86256970a
SHA-256: a62e731cc235d3b2513b4eb6b0c568d797a44dc078174a9e87408d590ee8d09d
Size: 59.53 kB