stef-guest at alioth.debian.org
2007-May-24 19:54 UTC
[Secure-testing-commits] r5915 - data/DTSA/advs
Author: stef-guest Date: 2007-05-24 19:54:49 +0000 (Thu, 24 May 2007) New Revision: 5915 Added: data/DTSA/advs/40-php4.adv Removed: data/DTSA/advs/44-kdelibs.adv Modified: data/DTSA/advs/39-qemu.adv Log: php4 adv; remove never released kdelibs adv Modified: data/DTSA/advs/39-qemu.adv ==================================================================--- data/DTSA/advs/39-qemu.adv 2007-05-24 18:23:41 UTC (rev 5914) +++ data/DTSA/advs/39-qemu.adv 2007-05-24 19:54:49 UTC (rev 5915) @@ -1,4 +1,4 @@ -source: samba +source: qemu date: May 24th, 2007 author: Stefan Fritsch vuln-type: several vulnerabilities Added: data/DTSA/advs/40-php4.adv ==================================================================--- data/DTSA/advs/40-php4.adv (rev 0) +++ data/DTSA/advs/40-php4.adv 2007-05-24 19:54:49 UTC (rev 5915) @@ -0,0 +1,58 @@ +source: php4 +date: May 24th, 2007 +author: Stefan Fritsch +vuln-type: several vulnerabilities +problem-scope: remote +debian-specifc: no +cve: CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1718 CVE-2007-1777 CVE-2007-2509 +vendor-advisory: +testing-fix: 6:4.4.4-9lenny1 +sid-fix: 6:4.4.6-2 +upgrade: apt-get upgrade + +IMPORTANT NOTE: + php4 will be removed from testing (lenny); thus you are strongly + advised to migrate to php5. If you cannot upgrade, you should + consider using the stable distribution (etch) instead. + +Several remote vulnerabilities have been discovered in PHP, a +server-side, HTML-embedded scripting language, which may lead to the +execution of arbitrary code. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2007-1286 + Stefan Esser discovered an overflow in the object reference handling + code of the unserialize() function, which allows the execution of + arbitrary code if malformed input is passed from an application. + +CVE-2007-1380 + Stefan Esser discovered that the session handler performs + insufficient validation of variable name length values, which allows + information disclosure through a heap information leak. + +CVE-2007-1521 + Stefan Esser discovered a double free vulnerability in the + session_regenerate_id() function, which allows the execution of + arbitrary code. + +CVE-2007-1538 + Stefan Esser discovered that the mb_parse_str function sets the internal + register_globals flag and does not disable it in certain cases when a script + terminates, which allows remote attackers to invoke available PHP scripts with + register_globals functionality that is not detectable by these scripts + +CVE-2007-1718 + Stefan Esser discovered that the mail() function performs + insufficient validation of folded mail headers, which allows mail + header injection. + +CVE-2007-1777 + Stefan Esser discovered that the extension to handle ZIP archives + performs insufficient length checks, which allows the execution of + arbitrary code. + +CVE-2007-2509 + It was discovered that the ftp extension of PHP, a server-side, + HTML-embedded scripting language performs insufficient input sanitising, + which permits an attacker to execute arbitrary FTP commands. This + requires the attacker to already have access to the FTP server. Deleted: data/DTSA/advs/44-kdelibs.adv ==================================================================--- data/DTSA/advs/44-kdelibs.adv 2007-05-24 18:23:41 UTC (rev 5914) +++ data/DTSA/advs/44-kdelibs.adv 2007-05-24 19:54:49 UTC (rev 5915) @@ -1,15 +0,0 @@ -source: kdelibs -date: September 13th, 2005 -author: Moritz Muehlenhoff -vuln-type: insecure default permissions -problem-scope: local -debian-specifc: no -cve: CVE-2005-1920 -vendor-advisory: -testing-fix: 4:3.3.2-6.1etch1 -sid-fix: 4:3.4.2-1 -upgrade: apt-get install kdelibs4 - -kate always created backup files for edited files with default permissions, -even if the original permissions were stricter. This could lead to information -disclosure. \ No newline at end of file