ports/116182: [patch] security/vuxml add vulnerabilities in php5 < 5.2.4
Nick Barkas
snb at threerings.net
Fri Sep 7 18:40:01 UTC 2007
>Number: 116182
>Category: ports
>Synopsis: [patch] security/vuxml add vulnerabilities in php5 < 5.2.4
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Sep 07 18:40:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nick Barkas
>Release: FreeBSD 6.2-RELEASE-p4 i386
>Organization:
Three Rings Design
>Environment:
System: FreeBSD mail1.earth.threerings.net 6.2-RELEASE-p4 FreeBSD 6.2-RELEASE-p4 #0: Thu Apr 26 17:55:55 UTC 2007 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386
>Description:
PHP 5 versions before 5.2.4 have numerous security vulnerabilities. This updates
the VuXML document to notify users of PHP < 5.2.4 that they should upgrade.
>How-To-Repeat:
>Fix:
--- vuxml.patch begins here ---
diff -urN vuxml.orig/vuln.xml vuxml/vuln.xml
--- vuxml.orig/vuln.xml Wed Sep 5 04:26:31 2007
+++ vuxml/vuln.xml Fri Sep 7 10:25:20 2007
@@ -34,6 +34,75 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4dc3bd16-fc74-4f1f-aed1-3433d1666eb9">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php5</name>
+ <range><lt>5.2.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP development team reports:</p>
+ <blockquote cite="http://www.php.net/releases/5_2_4.php">
+ <p>Security Enhancements and Fixes in PHP 5.2.4:</p>
+ <ul>
+ <li>Fixed a floating point exception inside wordwrap() (Reported
+ by Mattias Bengtsson)</li>
+ <li>Fixed several integer overflows inside the GD extension
+ (Reported by Mattias Bengtsson)</li>
+ <li>Fixed size calculation in chunk_split() (Reported by Gerhard
+ Wagner)</li>
+ <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias
+ Bengtsson)</li>
+ <li>Fixed money_format() not to accept multiple %i or %n tokens.
+ (Reported by Stanislav Malyshev)</li>
+ <li>Fixed zend_alter_ini_entry() memory_limit interruption
+ vulnerability. (Reported by Stefan Esser)</li>
+ <li>Fixed INFILE LOCAL option handling with MySQL extensions not
+ to be allowed when open_basedir or safe_mode is active. (Reported
+ by Mattias Bengtsson)</li>
+ <li>Fixed session.save_path and error_log values to be checked
+ against open_basedir and safe_mode (CVE-2007-3378) (Reported by
+ Maksymilian Arciemowicz)</li>
+ <li>Fixed a possible invalid read in glob() win32 implementation
+ (CVE-2007-3806) (Reported by shinnai)</li>
+ <li>Fixed a possible buffer overflow in php_openssl_make_REQ
+ (Reported by zatanzlatan at hotbrev dot com)</li>
+ <li>Fixed an open_basedir bypass inside glob() function (Reported
+ by dr at peytz dot dk)</li>
+ <li>Fixed a possible open_basedir bypass inside session extension
+ when the session file is a symlink (Reported by c dot i dot morris
+ at durham dot ac dot uk)</li>
+ <li>Improved fix for MOPB-03-2007.</li>
+ <li>Corrected fix for CVE-2007-2872.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-3996</cvename>
+ <cvename>CVE-2007-3997</cvename>
+ <cvename>CVE-2007-3998</cvename>
+ <cvename>CVE-2007-4652</cvename>
+ <cvename>CVE-2007-4657</cvename>
+ <cvename>CVE-2007-4658</cvename>
+ <cvename>CVE-2007-4659</cvename>
+ <cvename>CVE-2007-4660</cvename>
+ <cvename>CVE-2007-4661</cvename>
+ <cvename>CVE-2007-4662</cvename>
+ <cvename>CVE-2007-4663</cvename>
+ <cvename>CVE-2007-4670</cvename>
+ <url>http://www.php.net/releases/5_2_4.php</url>
+ <url>http://secunia.com/advisories/26642</url>
+ </references>
+ <dates>
+ <discovery>2007-08-30</discovery>
+ <entry>2007-09-07</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f14ad681-5b88-11dc-812d-0011098b2f36">
<topic>rkhunter -- insecure temporary file creation</topic>
<affects>
--- vuxml.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list