Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2005.0261 -- New versions of PHP 4 and 5 released fixing multiple vulnerabilities 1 April 2005 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PHP 4.3.10 and prior PHP 5.0.3 and prior Operating System: UNIX variants Linux variants Windows Mac OS X Impact: Denial of Service Reduced Security Access: Remote/Unauthenticated CVE Names: CAN-2005-0525 CAN-2005-0524 Original Bulletin: http://news.php.net/php.announce/55 Comment: Details on the image handling remote denial of service vulnerabilities are available at: http://www.idefense.com/application/poi/display?id=222 A vulnerability in swf_openfile() bypasses safe mode restrictions. In conjunction with application vulnerabilities this can potentially allow overwriting arbitrary files. Details are available at: http://bugs.php.net/bug.php?id=31270 unserialize() corrupts floating point values in non-English locales. The security impact of this depends upon how the value is used in an application. Details are available at: http://bugs.php.net/bug.php?id=31699 The fbsql and swf_definepoly vulnerabilities have unknown impact. Full lists of changes are available at the following URLs: http://www.php.net/ChangeLog-4.php http://www.php.net/ChangeLog-5.php - --------------------------BEGIN INCLUDED TEXT-------------------- PHP 4.3.11 & 5.0.4 Released! The PHP Development Team would like to announce the immediate release of PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition to fixing over 70 non-critical bugs, address several security issues. The addressed security issues include fixes to the exif and fbsql extensions, as well as fixes to unserialize(), swf_definepoly() and getimagesize(). All users of PHP are strongly encouraged to upgrade to this release. Aside from the above mentioned issues this release includes the following important fixes: * Crash in bzopen() if supplied path to non-existent file. * DOM crashing when attribute appended to Document. * unserialize() float problem on non-English locales. * Crash in msg_send() when non-string is stored without being serialized. * Possible infinite loop in imap_mail_compose(). * Fixed crash in chunk_split(), when chunklen > strlen. * session_set_save_handler crashes PHP when supplied non-existent object reference. * Memory leak in zend_language_scanner.c. * Compile failures of zend_strtod.c. * Fixed crash in overloaded objects & overload() function. * cURL functions bypass open_basedir. The PHP Development Team would like to thank all the people who have identified the security faults in PHP and helped us address them. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBQkyv/ih9+71yA2DNAQKLzAP7B81ZsZgIj/yhza5T//zjiR0fFrVMfOJP 6ubgeXAYMwtiV/60s5BtVe6C3ffVDYnFMDiRfmLE+VCnwpwyY9ussUV1h6XgehLh XX1s84QlrGC0uOSWMOrwqFnNbrZJynGrFQxOf4kC3sQe077Lf1ZZXO0Oz5wHjqyS WrtPbkCiD9A= =O3e1 -----END PGP SIGNATURE-----