------------------------------------------------------------------------
---
Peachtree Linux Security Notice PLSN-0001
April 19, 2005
Remote code execution and remote DoS vulnerability in PHP
CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043
------------------------------------------------------------------------
---
The following Peachtree Linux releases are affected:
Peachtree Linux release 1 ("Atlanta")
Description:
CAN-2005-0524: The php_handle_iff function in image.c for PHP 4.2.2,
4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function,
allows remote attackers to cause a denial of service (infinite loop)
via a -8 size value.
CAN-2005-0525: The php_next_marker function in image.c for PHP 4.2.2,
4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function,
allows remote attackers to cause a denial of service (infinite loop)
via a JPEG image with an invalid marker value, which causes a negative
length value to be passed to php_stream_seek.
CAN-2005-1042: Integer overflow in the exif_process_IFD_TAG function
in exif.c in PHP before 4.3.11 may allow remote attackers to execute
arbitrary code via an IFD tag that leads to a negative byte count.
CAN-2005-1043: exif.c in PHP before 4.3.11 allows remote attackers to
cause a denial of service (memory consumption and crash) via an EXIF
header with a large IFD nesting level, which causes significant stack
recursion.
Packages:
Download the updated php package for your release of Peachtree Linux
and your host architecture. The main updates site is:
http://peachtree.burdell.org/updates/
Updated packages available for Peachtree Linux release 1 ("Atlanta"):
---
Peachtree Linux Security Notice PLSN-0001
April 19, 2005
Remote code execution and remote DoS vulnerability in PHP
CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043
------------------------------------------------------------------------
---
The following Peachtree Linux releases are affected:
Peachtree Linux release 1 ("Atlanta")
Description:
CAN-2005-0524: The php_handle_iff function in image.c for PHP 4.2.2,
4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function,
allows remote attackers to cause a denial of service (infinite loop)
via a -8 size value.
CAN-2005-0525: The php_next_marker function in image.c for PHP 4.2.2,
4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function,
allows remote attackers to cause a denial of service (infinite loop)
via a JPEG image with an invalid marker value, which causes a negative
length value to be passed to php_stream_seek.
CAN-2005-1042: Integer overflow in the exif_process_IFD_TAG function
in exif.c in PHP before 4.3.11 may allow remote attackers to execute
arbitrary code via an IFD tag that leads to a negative byte count.
CAN-2005-1043: exif.c in PHP before 4.3.11 allows remote attackers to
cause a denial of service (memory consumption and crash) via an EXIF
header with a large IFD nesting level, which causes significant stack
recursion.
Packages:
Download the updated php package for your release of Peachtree Linux
and your host architecture. The main updates site is:
http://peachtree.burdell.org/updates/
Updated packages available for Peachtree Linux release 1 ("Atlanta"):
alpha
db11a244e5085bcee51714d001b56df3 php-4.3.11.alpha.dist
i386
97720a9c42d89288945d8214e3e2336c php-4.3.11.i686.dist
ppc
f2237e37682a905c432cb81d724f8dd6 php-4.3.11.ppc.dist
Solution:
Download the appropriate package for your release of Peachtree Linux.
Upgrade your system to the new package:
distadd -u packagename
Where packagename is the name of the package file from the list above.
After installation of the new package, restart any services you have
that are using PHP, such as Apache.
--
Peachtree Linux Security Team
http://peachtree.burdell.org/
[ reply ]