Hosting Provided By

[ MDKSA-2007:187 ] - Updated PHP packages fix numerous vulnerabilities

From: <security(at)mandriva.com>
Date: Fri Sep 21 2007 - 19:17:14 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 Mandriva Linux Security Advisory                         MDKSA-2007:187

http://www.mandriva.com/security/

 Package : php
 Date    : September 21, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

Problem Description:

Numerous vulnerabilities were discovered in the PHP scripting language that are corrected with this update.

An integer overflow in the substr_compare() function allows context-dependent attackers to read sensitive memory via a large value in the length argument. This only affects PHP5 (CVE-2007-1375).

A stack-based buffer overflow in the zip:// URI wrapper in PECL ZIP 1.8.3 and earlier allowes remote attackers to execute arbitrary code via a long zip:// URL. This only affects Corporate Server 4.0
(CVE-2007-1399).
A CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter could allow an attacker to inject arbitrary email headers via a special email address. This only affects Mandriva Linux 2007.1
(CVE-2007-1900).
The mcrypt_create_iv() function calls php_rand_r() with an uninitialized seed variable, thus always generating the same initialization vector, which may allow an attacker to decrypt certain data more easily because of the guessable encryption keys
(CVE-2007-2727).
The soap extension calls php_rand_r() with an uninitialized seec variable, which has unknown impact and attack vectors; an issue similar to that affecting mcrypt_create_iv(). This only affects PHP5
(CVE-2007-2728).
The substr_count() function allows attackers to obtain sensitive information via unspecified vectors. This only affects PHP5
(CVE-2007-2748).
An infinite loop was found in the gd extension that could be used to cause a denial of service if a script were forced to process certain PNG images from untrusted sources (CVE-2007-2756).

An integer overflow flaw was found in the chunk_split() function that ould possibly execute arbitrary code as the apache user if a remote attacker was able to pass arbitrary data to the third argument of chunk_split() (CVE-2007-2872).

A flaw in the PHP session cookie handling could allow an attacker to create a cross-site cookie insertion attack if a victim followed an untrusted carefully-crafted URL (CVE-2007-3799).

Do you need help?

Various integer overflow flaws were discovered in the PHP gd extension that could allow a remote attacker to execute arbitrary code as the apache user (CVE-2007-3996).

A flaw in the wordwrap() frunction could result in a denial of ervice if a remote attacker was able to pass arbitrary data to the function
(CVE-2007-3998).
A flaw in the money_format() function could result in an information leak or denial of service if a remote attacker was able to pass arbitrary data to this function; this situation would be unlikely however (CVE-2007-4658).

A bug in the PHP session cookie handling could allow an attacker to stop a victim from viewing a vulnerable website if the victim first visited a malicious website under the control of the attacker who was able to use that page to set a cookie for the vulnerable website
(CVE-2007-4670).
Updated packages have been patched to prevent these issues. In addition, PECL ZIP version 1.8.10 is being provided for Corporate Server 4.0.

References:

 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1375
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1399
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2727
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2728
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2748
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
 _______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:

 57a68f47fd8c691db93b9eadbbf19b40  2007.0/i586/libphp5_common5-5.1.6-1.9mdv2007.0.i586.rpm
 f82d39f70da087f4d7f9470f81211276  2007.0/i586/php-cgi-5.1.6-1.9mdv2007.0.i586.rpm
 a22e66bf85ab53ff1782ce331ffa60a6  2007.0/i586/php-cli-5.1.6-1.9mdv2007.0.i586.rpm
 c3cd07dba2182b4f583794a3b240e84e  2007.0/i586/php-devel-5.1.6-1.9mdv2007.0.i586.rpm
 265ef0003e043ad3013022b1e566fd89  2007.0/i586/php-fcgi-5.1.6-1.9mdv2007.0.i586.rpm
 598e110d6abcc345a0b6ee1676214ee2  2007.0/i586/php-gd-5.1.6-1.3mdv2007.0.i586.rpm
 0f9a486f5ccadd55c81aa61705ae5d81  2007.0/i586/php-mcrypt-5.1.6-1.1mdv2007.0.i586.rpm
 6d7d80d3cdeae2e4ca286b67be659cef  2007.0/i586/php-soap-5.1.6-1.2mdv2007.0.i586.rpm 
 06fef845a7f0eb15fbda8e01d2449759  2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
 1c4c5379d367dd0ba8c002d2a60eb8b1  2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
 4b4382448f9be55ea66f8b910a12a97c  2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
 c9e9b415eac3b864ffcece762c6aa6bb  2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:

 8ddfb570e663d8b61cbfaf5bc8585d54  2007.0/x86_64/lib64php5_common5-5.1.6-1.9mdv2007.0.x86_64.rpm
 d05d20ad5c5ddd84649aaed661b83c7a  2007.0/x86_64/php-cgi-5.1.6-1.9mdv2007.0.x86_64.rpm
 9ba45cce68ffa043cf1fb23fe765e104  2007.0/x86_64/php-cli-5.1.6-1.9mdv2007.0.x86_64.rpm
 26ead0e8cd3bab9ba64cc39f596d6533  2007.0/x86_64/php-devel-5.1.6-1.9mdv2007.0.x86_64.rpm
 65673d78e3e1af683d64e30ba832be63  2007.0/x86_64/php-fcgi-5.1.6-1.9mdv2007.0.x86_64.rpm
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 0d478806da998759a96cdbf8694c0324  2007.0/x86_64/php-gd-5.1.6-1.3mdv2007.0.x86_64.rpm
 99ec9336533a6ff74b93841497a73fe1  2007.0/x86_64/php-mcrypt-5.1.6-1.1mdv2007.0.x86_64.rpm
 1b5bdc02b561134835c729fb404b0931  2007.0/x86_64/php-soap-5.1.6-1.2mdv2007.0.x86_64.rpm 
 06fef845a7f0eb15fbda8e01d2449759  2007.0/SRPMS/php-5.1.6-1.9mdv2007.0.src.rpm
 1c4c5379d367dd0ba8c002d2a60eb8b1  2007.0/SRPMS/php-gd-5.1.6-1.3mdv2007.0.src.rpm
 4b4382448f9be55ea66f8b910a12a97c  2007.0/SRPMS/php-mcrypt-5.1.6-1.1mdv2007.0.src.rpm
 c9e9b415eac3b864ffcece762c6aa6bb  2007.0/SRPMS/php-soap-5.1.6-1.2mdv2007.0.src.rpm

Mandriva Linux 2007.1:

 cfb5ebca225920865fd41b8d7379ec04  2007.1/i586/libphp5_common5-5.2.1-4.3mdv2007.1.i586.rpm
 fd99e8fd1eba60464844111ba0bf658f  2007.1/i586/php-cgi-5.2.1-4.3mdv2007.1.i586.rpm
 d2d5ef2a6eb326c85e5e4e66d5488032  2007.1/i586/php-cli-5.2.1-4.3mdv2007.1.i586.rpm
 f8ff08caf4bf9d4b06c84dabf426ad4f  2007.1/i586/php-devel-5.2.1-4.3mdv2007.1.i586.rpm
 0e362fc96f32b9046df73d01938f4a4f  2007.1/i586/php-fcgi-5.2.1-4.3mdv2007.1.i586.rpm
 3796283e1a18abd35c66e9fdb7cecf84  2007.1/i586/php-gd-5.2.1-1.2mdv2007.1.i586.rpm
 8303fdaff4f40f7025e84b9571db7557  2007.1/i586/php-mcrypt-5.2.1-1.1mdv2007.1.i586.rpm
 765b7cff3e34bf6be0d31d5e11c6d21f  2007.1/i586/php-openssl-5.2.1-4.3mdv2007.1.i586.rpm
 8ed091e407210049489fb70ba4f18e3f  2007.1/i586/php-soap-5.2.1-1.2mdv2007.1.i586.rpm
 649f2efadad45640ca14f5ab644de67f  2007.1/i586/php-zlib-5.2.1-4.3mdv2007.1.i586.rpm 
 8779e5a26aecb35eaf93a5c54f35a798  2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
 d16710089832ae31873c0db7e6df87fd  2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
 ec8b2d536f13c35dd2c2f1cca92c5694  2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 90f9821184ef2fc8cca2a35e54080f44  2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

Can we help you?

Mandriva Linux 2007.1/X86_64:

 4af5b6e98feeeb88b8993768c15497ce  2007.1/x86_64/lib64php5_common5-5.2.1-4.3mdv2007.1.x86_64.rpm
 f5e5fbb413e349ff9ae9e8e82a59dd92  2007.1/x86_64/php-cgi-5.2.1-4.3mdv2007.1.x86_64.rpm
 c93c070b38a3c2602dbfea38e648fea1  2007.1/x86_64/php-cli-5.2.1-4.3mdv2007.1.x86_64.rpm
 5d7fa073092e6599eddaaffab5b4df4f  2007.1/x86_64/php-devel-5.2.1-4.3mdv2007.1.x86_64.rpm
 0d593dad6f79e0331d1a9c7544d6fe42  2007.1/x86_64/php-fcgi-5.2.1-4.3mdv2007.1.x86_64.rpm
 8652914b9aa256724004e12621111ce3  2007.1/x86_64/php-gd-5.2.1-1.2mdv2007.1.x86_64.rpm
 cc2993f0faf2d76eb317162162237049  2007.1/x86_64/php-mcrypt-5.2.1-1.1mdv2007.1.x86_64.rpm
 2becb2e136e605d4b6fcbb80b8b96fdc  2007.1/x86_64/php-openssl-5.2.1-4.3mdv2007.1.x86_64.rpm
 241a453a1007cc84f0f789b2a11bf96f  2007.1/x86_64/php-soap-5.2.1-1.2mdv2007.1.x86_64.rpm
 58a30a4284944ed364d488338c6d4605  2007.1/x86_64/php-zlib-5.2.1-4.3mdv2007.1.x86_64.rpm 
 8779e5a26aecb35eaf93a5c54f35a798  2007.1/SRPMS/php-5.2.1-4.3mdv2007.1.src.rpm
 d16710089832ae31873c0db7e6df87fd  2007.1/SRPMS/php-gd-5.2.1-1.2mdv2007.1.src.rpm
 ec8b2d536f13c35dd2c2f1cca92c5694  2007.1/SRPMS/php-mcrypt-5.2.1-1.1mdv2007.1.src.rpm
 90f9821184ef2fc8cca2a35e54080f44  2007.1/SRPMS/php-soap-5.2.1-1.2mdv2007.1.src.rpm

Corporate 3.0:

 247e24717edaad099d4dfac36d06da11  corporate/3.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
 a2fe1080b8981493b83f6bb6c08a6f83  corporate/3.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
 0468aa254c2495b128f4ea776b7100f7  corporate/3.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
 230476bcb71774884ec17ecbef336e5c  corporate/3.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
 3cac8eecfdee304b0889fbe99958a6ca  corporate/3.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm 
Don't know where to look next? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 74c8bcac18b502174d270a0e2529d8e8  corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 7db08e02ff0b4d59c58bbef5ff25a89b  corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

Corporate 3.0/X86_64:

 54b38db5000d71f5f4cfe0d55ea8839d  corporate/3.0/x86_64/lib64php_common432-4.3.4-4.27.C30mdk.x86_64.rpm
 e06d422dedbd7ff39eb86c8afdf23f8c  corporate/3.0/x86_64/php-cgi-4.3.4-4.27.C30mdk.x86_64.rpm
 66bea84020ec6231dbc345215b6398d4  corporate/3.0/x86_64/php-cli-4.3.4-4.27.C30mdk.x86_64.rpm
 6e47af7339e7c939133d3bbab0b54c60  corporate/3.0/x86_64/php-gd-4.3.4-1.7.C30mdk.x86_64.rpm
 9aa27728797f8a8b7fe6932237779dc1  corporate/3.0/x86_64/php432-devel-4.3.4-4.27.C30mdk.x86_64.rpm 
 74c8bcac18b502174d270a0e2529d8e8  corporate/3.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 7db08e02ff0b4d59c58bbef5ff25a89b  corporate/3.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm

Corporate 4.0:

 6660cfe8b3e883412a9d138cb4776a17  corporate/4.0/i586/libphp4_common4-4.4.4-1.7.20060mlcs4.i586.rpm
 0a43b956bf221f3dc6b534aed4c2c332  corporate/4.0/i586/libphp5_common5-5.1.6-1.8.20060mlcs4.i586.rpm
 d01223da70e8e3c6c17b0bd065cf4747  corporate/4.0/i586/php-cgi-5.1.6-1.8.20060mlcs4.i586.rpm
 9cdf4d6ba4446811b0118126b31dd80b  corporate/4.0/i586/php-cli-5.1.6-1.8.20060mlcs4.i586.rpm
 6f486a6a19edef73ac2bc6aba2cf342a  corporate/4.0/i586/php-devel-5.1.6-1.8.20060mlcs4.i586.rpm
 a126823de602fb9aecae42f052ab2827  corporate/4.0/i586/php-fcgi-5.1.6-1.8.20060mlcs4.i586.rpm
 9c198b7e8a34c3e4d03f18174b2b1a84  corporate/4.0/i586/php-gd-5.1.6-1.3.20060mlcs4.i586.rpm
 b58d0518a5a44bdb26006df7b3d0b9f4  corporate/4.0/i586/php-mcrypt-5.1.6-1.1.20060mlcs4.i586.rpm
 c306da649d383d2ef0d4e568e8f77bd2  corporate/4.0/i586/php-soap-5.1.6-1.2.20060mlcs4.i586.rpm
 6fbcf94c677317eaa73f2972afbece1c  corporate/4.0/i586/php-zip-1.8.10-0.1.20060mlcs4.i586.rpm
Confused? Frustrated? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 473813677bb2f261182b53f6175908b8  corporate/4.0/i586/php4-cgi-4.4.4-1.7.20060mlcs4.i586.rpm
 5c53c5fd3860246341522a47712b7d18  corporate/4.0/i586/php4-cli-4.4.4-1.7.20060mlcs4.i586.rpm
 079851b5a916b27cb16aa4bde9bcd86e  corporate/4.0/i586/php4-devel-4.4.4-1.7.20060mlcs4.i586.rpm
 cf0a080ecd0acb5e01f7e2e41ed3c76d  corporate/4.0/i586/php4-gd-4.4.4-1.2.20060mlcs4.i586.rpm
 c2333bbae7d3a20b90a2e174f2caf5da  corporate/4.0/i586/php4-mcrypt-4.4.4-1.1.20060mlcs4.i586.rpm 
 b406cd54519867c9611c6c6700827457  corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
 491027bf3182f1f56e93e4d3a053d9e0  corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
 dd89eef4f40af9dff068c28bd56b4d5b  corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
 d7107b5be0e7768abad9c15cc8584ded  corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
 f39e559d753bc59816d4106cd095d0db  corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
 1f1fd034cfd3d3f911315a34326d553e  corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
 00447503df74be2f96f4ec4f93de6694  corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
 c005bcfb3c95e618ba5a4c928d5b75c7  corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

Corporate 4.0/X86_64:

 d04a06f2a1d4c8d36b1ce3de6448577b  corporate/4.0/x86_64/lib64php4_common4-4.4.4-1.7.20060mlcs4.x86_64.rpm
 b22d1122c842de135ddf34d331641da8  corporate/4.0/x86_64/lib64php5_common5-5.1.6-1.8.20060mlcs4.x86_64.rpm
 9866242fb135cca7cf3e35e97f5178af  corporate/4.0/x86_64/php-cgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
 c68e05947bec3bb82e9d1d5c572f96d5  corporate/4.0/x86_64/php-cli-5.1.6-1.8.20060mlcs4.x86_64.rpm
 cf53b9aaef91d88655f9d74e3ff2aacb  corporate/4.0/x86_64/php-devel-5.1.6-1.8.20060mlcs4.x86_64.rpm
 f8c251520d975a4010def1750fd8346d  corporate/4.0/x86_64/php-fcgi-5.1.6-1.8.20060mlcs4.x86_64.rpm
Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 5b34f8737e26d00f33c0328d763ab213  corporate/4.0/x86_64/php-gd-5.1.6-1.3.20060mlcs4.x86_64.rpm
 758cf65ca6d0a4abebb902e0cba8a340  corporate/4.0/x86_64/php-mcrypt-5.1.6-1.1.20060mlcs4.x86_64.rpm
 13bee1adbfe5e67c01ca731ea81dbdd9  corporate/4.0/x86_64/php-soap-5.1.6-1.2.20060mlcs4.x86_64.rpm
 4c0b39d8927c6cb19e32befb0539680e  corporate/4.0/x86_64/php-zip-1.8.10-0.1.20060mlcs4.x86_64.rpm
 5ada3b423910e48a26c77a8cf95cc274  corporate/4.0/x86_64/php4-cgi-4.4.4-1.7.20060mlcs4.x86_64.rpm
 84fae5bb1c27d7c4a6dcb7c29966e2ce  corporate/4.0/x86_64/php4-cli-4.4.4-1.7.20060mlcs4.x86_64.rpm
 ccc04f5e1301a856a4d8e24bd36342cb  corporate/4.0/x86_64/php4-devel-4.4.4-1.7.20060mlcs4.x86_64.rpm
 0eafa187fc47d54782cba69a73d500f8  corporate/4.0/x86_64/php4-gd-4.4.4-1.2.20060mlcs4.x86_64.rpm
 17f6a6e9ff9cb623ba5538c46571fce5  corporate/4.0/x86_64/php4-mcrypt-4.4.4-1.1.20060mlcs4.x86_64.rpm 
 b406cd54519867c9611c6c6700827457  corporate/4.0/SRPMS/php-5.1.6-1.8.20060mlcs4.src.rpm
 491027bf3182f1f56e93e4d3a053d9e0  corporate/4.0/SRPMS/php-gd-5.1.6-1.3.20060mlcs4.src.rpm
 dd89eef4f40af9dff068c28bd56b4d5b  corporate/4.0/SRPMS/php-mcrypt-5.1.6-1.1.20060mlcs4.src.rpm
 d7107b5be0e7768abad9c15cc8584ded  corporate/4.0/SRPMS/php-soap-5.1.6-1.2.20060mlcs4.src.rpm
 f39e559d753bc59816d4106cd095d0db  corporate/4.0/SRPMS/php-zip-1.8.10-0.1.20060mlcs4.src.rpm
 1f1fd034cfd3d3f911315a34326d553e  corporate/4.0/SRPMS/php4-4.4.4-1.7.20060mlcs4.src.rpm
 00447503df74be2f96f4ec4f93de6694  corporate/4.0/SRPMS/php4-gd-4.4.4-1.2.20060mlcs4.src.rpm
 c005bcfb3c95e618ba5a4c928d5b75c7  corporate/4.0/SRPMS/php4-mcrypt-4.4.4-1.1.20060mlcs4.src.rpm

Multi Network Firewall 2.0:

 4a0e9e73f51d6118c3580b9f556c0a2d  mnf/2.0/i586/libphp_common432-4.3.4-4.27.C30mdk.i586.rpm
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
 f4698dd4eb9c4c9e12528c70cf458e7f  mnf/2.0/i586/php-cgi-4.3.4-4.27.C30mdk.i586.rpm
 91e6914a490349580511f216a8220c86  mnf/2.0/i586/php-cli-4.3.4-4.27.C30mdk.i586.rpm
 b5655d8d54a14d9f5cdb56246ddad2e3  mnf/2.0/i586/php-gd-4.3.4-1.7.C30mdk.i586.rpm
 752e636b31d84df4b9283fc56b60ef5b  mnf/2.0/i586/php432-devel-4.3.4-4.27.C30mdk.i586.rpm 
 dba539a2cc542b14898bea508291fb93  mnf/2.0/SRPMS/php-4.3.4-4.27.C30mdk.src.rpm
 86dacced331afeb19a375cdcd5ade744  mnf/2.0/SRPMS/php-gd-4.3.4-1.7.C30mdk.src.rpm
 _______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

Do you need more help?

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG9CU6mqjQ0CJFipgRAs8RAKDsqCO/QPqLczFFlIVUz3pfMnFdUwCePmkK vvRjTT2T2agDRpYmZWKYhFs=
=4TWc
-----END PGP SIGNATURE----- Received on Sat Sep 22 12:57:39 2007

This message: [ Message body ]
Next message: x0kster(at)gmail.com: "xcms all version arbitrary code execution"
Previous message: Blaine Elzey: "Re: PHP-Nuke add admin ALL Versions"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:17:15 EDT

Can we help you?