Debian: 'php' vulnerability

    Date25 Jan 2001
    CategoryDebian
    2642
    Posted ByLinuxSecurity Advisories
    The Zend people have found a vulnerability in older versions of PHP4.
    
    - ----------------------------------------------------------------------------
    Debian Security Advisory DSA-020-1                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                               Martin Schulze
    January 25, 2001
    - ----------------------------------------------------------------------------
    
    Package        : php4
    Vulnerability  : remote DOS and remote information leak
    Debian-specific: no
    
    The Zend people have found a vulnerability in older versions of PHP4
    (the original advisory speaks of 4.0.4 while the bugs are present in
    4.0.3 as well).  It is possible to specify PHP directives on a
    per-directory basis which leads to a remote attacker crafting an HTTP
    request that would cause the next page to be served with the wrong
    values for these directives.  Also even if PHP is installed, it can be
    activated and deactivated on a per-directory or per-virtual host basis
    using the "engine=on" or "engine=off" directive.  This setting can be
    leaked to other virtual hosts on the same machine, effectively
    disabling PHP for those hosts and resulting in PHP source code being
    sent to the client instead of being executed on the server.
    
    We recommend you upgrade your php4 packages.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    - ------------------------------------
    
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.  PHP4 is not available as proper version for the arm
      architecture.
    
    
      Source archives:
    
         http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.diff.gz
          MD5 checksum: a15f5cf60f0927d827b80af1d2962ebc
         http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.dsc
          MD5 checksum: ac81451c06e1e5e70197bde98068f861
         http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1.orig.tar.gz
          MD5 checksum: e65b706a7fc4469d1ccd564ef8a2c534
    
      Intel ia32 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-gd_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 3b0325c598699e6c89d9033296afa40e
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-imap_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 3d281b9589d0fe4ec2c381e99818d8fe
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-ldap_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: d8c5514768bd923165297693bce59b67
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mhash_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: ea4dd2afdf874b96afd8e56c8fda5eea
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mysql_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: eac99f5f9bd8b63c7011d749e9293d5c
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-pgsql_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 8b197654fd01e7e4ad09851af3a89bb8
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-snmp_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 721683a357df004a95611d32181cd603
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-xml_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 5920fa740a7168788b406766a4a8e2f4
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 0d7643d41a69b5756dc797a277c4f93c
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-gd_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 4ea06d61ac4fd092c200a978a77c5547
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-imap_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 2b36fcab957f44eea531c87d122d02aa
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-ldap_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 250547415edaadd196456ab6b3b54a47
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mhash_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 29781f14c2971c77bdcd6e2f767c9598
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mysql_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: e4b486363b40f0dbbcc239a665ad2422
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-pgsql_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 49817c930561faddf2a5ef8f53fbfdd8
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-snmp_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 9da83993a886cf6c8c53341086cbc2c0
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4-xml_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 1fee10c42fc22091bdfcd854d05803cd
         http://security.debian.org/dists/stable/updates/main/binary-i386/php4_4.0.3pl1-0potato1.1_i386.deb
          MD5 checksum: 04b33b287972e2a15dbaa89bfae20080
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-gd_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: e993097320098832ac5dbbf130ec57cd
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-imap_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: bcced2d00d25ad9cba59886f60dbf935
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-ldap_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: b8106cdd4a6d0f6bda23839df4e8bf59
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mhash_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 6102013e7dfefa61eeca9f1a831cd27e
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 75fca59f289226c6aac7dc863328aa6b
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mysql_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 2596e62882aed9e7b2b2bf9fc24303f7
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: abb21d358a8a47418ad2b863f9223bca
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-snmp_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: ac105724634f8feb78c265c62d3ca721
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-xml_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 6c4b56e3c797b991ecf43b12b207c9b0
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-gd_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: e98ec97cac2055ae5a08080be53ae2e8
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-imap_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 8d1622eeb294df005fd04086ee4cc8e9
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-ldap_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 358f383f0e0b76083768b67ce09b5e44
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mhash_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 2ccb0a9072a6aa94d4d9ed2b061d39d8
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mysql_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: f5892b4b5da2aa31d086ac1af03ce82f
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-pgsql_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 53d0699a9179fb9e5d6a302d0f89ab07
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-snmp_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 8069e9b68faf4c20847f0035ec32e1ed
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-xml_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: ecd8f11252cdcb259f61ebfa9d0db8c3
         http://security.debian.org/dists/stable/updates/main/binary-m68k/php4_4.0.3pl1-0potato1.1_m68k.deb
          MD5 checksum: 21990572dc2396958cd529e8db4247a2
    
      Sun Sparc architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-gd_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 3bb90a8cb90824c0863fa54907d70844
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-imap_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 51a773eb1634d1d73b051382a91411b6
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-ldap_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 91a8ca72c6a3ae00abb3f6a0bdb961fd
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mhash_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 81f7a37ebd7481109e0b270426790537
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mysql_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: aebccbe3b1ccc2c3fda3619a61f27f5f
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 0170246116c6babfc31c780a9b7ed145
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-snmp_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: dc2844130fd1704bcb83b568ede35cac
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-xml_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: bfdf332a97e6c9886af3d7fed549762d
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 7ccd53b96c7fe8d9d0ee227a3d30fcb8
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-gd_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 40593b1f23054c1f4dea44dab3c3ac7e
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-imap_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: e6c9837f637876aa9bd4601f3bd50150
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-ldap_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 74c4f3703584939a83c2a677cd088360
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mhash_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 4a60ee2fcde09d2a0c53a68827f8cf22
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mysql_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 777a7765cfdd0c60e4099cc50d102396
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-pgsql_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: a30473a4a9aa0d6e9f5e42d0465c2e81
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-snmp_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: e831ebdab6d28f80133dc3c76acd1fff
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-xml_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: ef08ca6c104f686c108593124749e73f
         http://security.debian.org/dists/stable/updates/main/binary-sparc/php4_4.0.3pl1-0potato1.1_sparc.deb
          MD5 checksum: 06c5b526104360cc6f2418418bd0dd8a
    
      Alpha architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-gd_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: c38b89bad8a368527593b44511d676e2
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-imap_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 2a4e1b2020486e55c40172666f84544f
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-ldap_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: baf56bbe91cf80b44a4bfc93b03a5155
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mhash_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 5bb4e6c247fc762464003f161658ed70
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mysql_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 4c2400fdfaafba4b1c88407958bf4bde
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 76e5610edea32d3b1ce6368137beed02
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-snmp_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 6446d314c959ca4f6274efc369981d93
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-xml_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 70e42898bb108868190f453b003485d2
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 67ef428c048ea69049de1b2564c2e131
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-gd_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 356415806db04c1af47c2c3879a32056
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-imap_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 8c3e5f384156c16ae4be4eeed506b100
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-ldap_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 26ec819797d98d94f4ddc118050e016e
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mhash_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 92467a81541759cc96ba43d22f3f090a
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mysql_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: db250e1b917732e56ba24300b8b0de4b
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-pgsql_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 68d8997c8ad41eec8fd57fdaa935555d
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-snmp_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 801fc0b590e7cf48352ae3856f174c36
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-xml_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: fa2a5dc876c83b7762330868f481f5e4
         http://security.debian.org/dists/stable/updates/main/binary-alpha/php4_4.0.3pl1-0potato1.1_alpha.deb
          MD5 checksum: 3937b11080e12826d92f6135a004b9e8
    
      PowerPC architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-gd_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: a9fd9a9acdd3ff34e28f4bbd67e7e6d2
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-imap_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: a2d72c2158c7b0e042de5f25528ed22b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 752ef5452377ab0bdad5cb41b49fe69b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 26cd828f3a887723bd8f85d40267d0f2
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 72172ec423522ed0152216ad969194ee
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 10e9d53d216e332bd3898a3bab868e02
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: e6f90e67f24235c8cedb772f15b330cb
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-xml_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 6a673ef2cf5ec2d772ff8ee2fe17377b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 26696cb238de45d5c03ef4661fce9a3b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-gd_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 0e98eb32ac8dc72a6d916534c4ebfe3d
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-imap_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: cec1d7f3d594a4ba70f787a32df1b77a
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-ldap_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: ea2b0763adba1a760dee559e61be5212
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mhash_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 51bbb3e05a10702037bc7e86c41b3437
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mysql_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 07100cd72c4910b84e9ac6b0f0f3730a
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: bf57819400fbcaee6af521c41df8677d
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-snmp_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 104b50678486bebe3b7442f4c63c68c8
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-xml_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 4c659d2d4de794c965c8f4a7c7614aad
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4_4.0.3pl1-0potato1.1_powerpc.deb
          MD5 checksum: 6bdc83efc3dca66ed98610e615de75e6
    
      Architecture independent:
    
         http://security.debian.org/dists/stable/updates/main/binary-all/php4-dev_4.0.3pl1-0potato1.1_all.deb
          MD5 checksum: ac1dafcac90095f7d5a7e43f45fd5024
    
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - ----------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.