---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: SUSE update for php4/php5 SECUNIA ADVISORY ID: SA16619 VERIFY ADVISORY: http://secunia.com/advisories/16619/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: SUSE Linux Enterprise Server 9 http://secunia.com/product/4118/ SuSE Linux Enterprise Server 8 http://secunia.com/product/1171/ SUSE Linux 9.3 http://secunia.com/product/4933/ SUSE Linux 9.2 http://secunia.com/product/4258/ SuSE Linux 9.1 http://secunia.com/product/3473/ SuSE Linux 9.0 http://secunia.com/product/2467/ DESCRIPTION: SUSE has issued updates for php4 and php5. These fix some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA15861 SA16431 SA16502 SOLUTION: Apply updated packages. -- x86 Platform -- SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.9.i586.rpm f4e6d7578b6ae62a0b49989a3be4ef4b ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.9.i586.rpm 79bb1fdc66068aba68a253d16a02f471 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.9.i586.rpm 08708573a0dee6ea412f7afc0d472244 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.9.i586.rpm ffc0d7f665be377b1c9450f16d8b0b35 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.9.i586.rpm 44bbb9ec8f40b92030a591a718312ce1 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.9.i586.rpm 081168bede1cc4409c17fe71ea891f6e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.9.i586.rpm f6beca45181a6f92cba938b6b1009b39 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.9.i586.rpm c35765443f99ee337e8df8b54414ef74 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.9.i586.rpm 9681a8e5dd6db224689d8e5dc6f07aff ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.9.i586.rpm 9f18c0bce655a1eda2fa9db9cb703e68 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.9.i586.rpm d39bb57b5df06dc64e3cc5cf484c030c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.9.i586.rpm 514561227c94e8af808dfb9d47a8143a ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.9.i586.rpm a08670d24ea2af4e22425b9879804fa9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.9.i586.rpm 9c374d9ed218a85399d5a529f8f97417 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.9.i586.rpm 4cba59009162137d5e4a79f0c355ec15 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.9.i586.rpm a31dd5f81ebe25fc69b4a3a29321fed9 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.9.i586.rpm 4b1cf3f9ccfc1f4a546f188768a54da2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.4.x86_64.rpm 4cddafbceded22b220e48542f6371337 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.12.i586.rpm b5f30d4fcad5a1f8a3e5dfc9db519914 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.12.i586.rpm eed1a644b3908e719d81359b96ef4244 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.12.i586.rpm 3a9fd735f7897fb97be921dee4afe850 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.12.i586.rpm 6145bf500d49378b1f7cd5441612ad92 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.12.i586.rpm 38c72905c9c47a6ab680faa781927020 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.12.i586.rpm 8483c7ce1b73710f03120fb7cf009740 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.12.i586.rpm 202af06b5ee93fd667a7484d01c3089b ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.12.i586.rpm 498f23a90eab4da6a06de67e44a84014 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.12.i586.rpm 254f0ee5ac6d04f244a8cfd171fdff57 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200508260320.x86_64.rpm 528b00aeb3433f5829cd070a84cfeeb9 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.41.i586.rpm 214e4ef40cb48c998342995cac9d04b8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.41.i586.rpm f2d4e625ea55fa7ead3a754238ca7078 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.41.i586.rpm fabfae99a0462b49ec5f1109cd6820a9 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.41.i586.rpm ca1aaef816f44495a90d4fb487a26524 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.41.i586.rpm 66fe3a880315e1de5d408a5dcaca3680 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.41.i586.rpm c21383cbc809a455c7eff45b8f533f52 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.41.i586.rpm 21363ed91ae437ca66a97ba597c2529c ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.41.i586.rpm ebdd8e83894392f455f57f8bf96022ea ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.41.i586.rpm f6bf0f02c69fe67d2b229000bb5c93de ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.41.i586.rpm a2b8fbb9a6f9720e332d311096280aa8 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.41.i586.rpm 7a82acc19b8817a5b80e87bacfab33c7 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.41.i586.rpm 654aa331a6353a34937d6688f8cb6d36 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.41.i586.rpm fd388995234e536a8d72983f3eb51ce1 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.41.i586.rpm d47c5fee9862e92daa317f48f3337b28 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.41.i586.rpm 29bd1f214d830de2f70c093ad428452b source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.41.src.rpm dd586cc978292519a290d27439a9da28 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-194.i586.rpm 72dc636b72a3e8b8703eb3d6b770ca61 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-194.i586.rpm a0934b5d7f27d2d86a9587dd5981e550 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserver-4.3.3-194.i586.rpm 8a9553c2157af21753305fc013bd4b75 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-194.i586.rpm 9dce9a4f911cd1deed07096d5c5be00a ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-devel-4.3.3-194.i586.rpm 5fab53be54518170d3885459ee51232f ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet-4.3.3-194.i586.rpm fd0e4d8d4a938711bc2a93c50a5a1be9 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-194.src.rpm f9f22aee983bbb30e2a10b4343155587 -- x86-64 Platform -- SUSE Linux 9.3: ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3.10-14.9.x86_64.rpm a3566598438cadf224fd5b1a126a6024 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0.3-14.9.x86_64.rpm c6186821c83c329729f282fb8ca34be8 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3.10-14.9.x86_64.rpm ac65da1e1109543f424e6abb1fa99201 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.9.x86_64.rpm 70c628abfaef3a4749c4683a9fa6de25 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14.9.x86_64.rpm 3dde57064fcec2d5fbb5eb8397174f43 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.9.x86_64.rpm be6b952045156e8e39286cf31567f8c2 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-14.9.x86_64.rpm afcaf39f5dd99859f789e68d8183895d ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.9.x86_64.rpm 62d056349b1fffe351fb0d88c3d69905 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-14.9.x86_64.rpm 1352247dee304526e024d8c4132fc04c ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-14.9.x86_64.rpm 0b76af3f88a4482fc59b3e7ddba60ebd ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.9.x86_64.rpm 915b53c32abeff07e509c7480946ba40 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.9.x86_64.rpm 99df6f9e22a93b0ae6a07689d04af43e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.9.x86_64.rpm e0cdc636f1234231653f0cdc354272be ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-14.9.x86_64.rpm 6c25772c43098d4ceeba2637a06b21a0 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.9.x86_64.rpm 2621bf4f9a6582135e10e60861c16c73 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-14.9.x86_64.rpm 7a008af048763a61e05b5d90c94cdaa7 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-14.9.x86_64.rpm 408072d7b235721984593b2daf4cc56f source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.9.src.rpm 2becfb1be4d621a677305153b6aeb04e ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.9.src.rpm 2ec1cf29732840e136d7291677a58c46 SUSE Linux 9.2: ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.12.x86_64.rpm b138dceb7fbc705676fc37c1959a7265 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3.8-8.12.x86_64.rpm d8b17ce13cc0ffd38ab340d1374c27e9 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.12.x86_64.rpm 89572dce1437f77010f224dde5f77b84 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.12.x86_64.rpm af4ef7e10f30648c8d6397b3453eade5 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.12.x86_64.rpm 138673e37f145774abb545ff17b2d873 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8.12.x86_64.rpm 0af41c67a8a227f2e59d47530b79aef4 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.12.x86_64.rpm a267c09190f6782bd408f3b9d451755f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8.12.x86_64.rpm 400df3b11703fba3c363cb6cfd90425f ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8.12.x86_64.rpm a0b37ffe882338dd6ed727fd657f7180 source rpm(s): ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.12.src.rpm b987cb8e60e74cac76b83a6b85092a13 SUSE Linux 9.1: ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.41.x86_64.rpm 1088ec323766692fdf30252386dd17d5 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.41.x86_64.rpm b32bec6f686d83cdff538c661c9bd693 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4.3.4-43.41.x86_64.rpm 6a4a2ee9725a7cbeda50f0bf3c30e1b0 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.41.x86_64.rpm eaace43d9273a5fbf79fa47af64cb764 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-43.41.x86_64.rpm 23ea7c1d4f9d4088201a39106062a169 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-exif-4.3.4-43.41.x86_64.rpm dd0df0fc61f5331bb7fa8d2fff929cff ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4-43.41.x86_64.rpm e14efdeda23c06aac65e55db83555328 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43.41.x86_64.rpm 1a81b3b1c7b6562c330e5fd8afb33489 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-43.41.x86_64.rpm 4e5afde23ba37c5c83bcd2f4ea23e5a4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-pear-4.3.4-43.41.x86_64.rpm 3ec4a646f4254293af2423b1690e68c3 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-43.41.x86_64.rpm 70de23feb7e561f4f9225d82dd51ff6f ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4-43.41.x86_64.rpm de543ba0db1f755f16afa77a1ad6ad06 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4-43.41.x86_64.rpm 973fcbda433eb8187b426ec93e8fefb2 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4-43.41.x86_64.rpm 42c4cc25a00aa42b83aad8be9cbcc265 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43.41.x86_64.rpm 5941a332be13d1a602d6bb2e48c7b188 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.41.src.rpm 2e021c18d66c00989a1fe019cb241064 SUSE Linux 9.0: ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-194.x86_64.rpm c83318085caf523c2a4afcf7e707aaf4 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-194.x86_64.rpm f10309b963b542c0dedb3533c139bc9a ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aolserver-4.3.3-194.x86_64.rpm 19c7918452fdaee52677f3a7adad2863 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-194.x86_64.rpm deebef74b38aca7af032deec065a8f5e ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-devel-4.3.3-194.x86_64.rpm 9979f459d175849bd4eda540a8044c3a ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-servlet-4.3.3-194.x86_64.rpm f15b60a9766e6d9fd405a854e71e9809 source rpm(s): ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-194.src.rpm 5bb5ca24643ef02c1e9b645a2656670c ORIGINAL ADVISORY: http://www.novell.com/linux/security/advisories/2005_49_php.html OTHER REFERENCES: SA15861: http://secunia.com/advisories/15861/ SA16431: http://secunia.com/advisories/16431/ SA16502: http://secunia.com/advisories/16502/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------