November 28, 2009

Mandriva Linux Security Advisory 2009:303: php

Some vulnerabilities were discovered and corrected in php-5.2.11:

The tempnam function in ext/standard/file.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass safe_mode restrictions, and create files in group-writable
or world-writable directories, via the dir and prefix arguments
(CVE-2009-3557).

The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and
earlier, and 5.3.x before 5.3.1, allows context-dependent attackers
to bypass open_basedir restrictions, and create FIFO files, via the
pathname and mode arguments, as demonstrated by creating a .htaccess
file (CVE-2009-3558).

PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number
of temporary files created when handling a multipart/form-data POST
request, which allows remote attackers to cause a denial of service
(resource exhaustion), and makes it easier for remote attackers to
exploit local file inclusion vulnerabilities, via multiple requests,
related to lack of support for the max_file_uploads directive
(CVE-2009-4017).

The proc_open function in ext/standard/proc_open.c in PHP
before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1)
safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars
directives, which allows context-dependent attackers to execute
programs with an arbitrary environment via the env parameter, as
demonstrated by a crafted value of the LD_LIBRARY_PATH environment
variable (CVE-2009-4018).

Intermittent segfaults occured on x86_64 with the latest phpmyadmin
and with apache (#53735).

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Click Here!