Debian: Updated 'php4' packages

    Date15 Oct 2000
    CategoryDebian
    2902
    Posted ByLinuxSecurity Advisories
    In versions of the PHP 4 packages before version 4.0.3, several format string bugs could allow properly crafted requests to execute code.
    
    - ----------------------------------------------------------------------------
    Debian Security Advisory                                 This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                            Daniel Jacobowitz
    October 14, 2000
    - ----------------------------------------------------------------------------
    
    Package: php4
    Vulnerability: possible remote exploit
    Debian-specific: no
    Vulnerable: yes
    
    [Updated version: corrected URLs]
    
    In versions of the PHP 4 packages before version 4.0.3, several format
    string bugs could allow properly crafted requests to execute code as the
    user running PHP scripts on the web server.
    
    This problem is fixed in versions 4.0.3-0potato1 for Debian 2.2 (potato) and 
    4.0.3-1 for Debian Unstable (woody).  This is a bug fix release and we
    recommend
    all users of php4 upgrade to it; potato users should note that this is an
    upgrade from 4.0b3, but no incompatibilities are expected.
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      Slink does not contain any php4 packages, and is therefore not affected.
    
    Debian GNU/Linux 2.2 (stable) alias potato
    - ------------------------------------------
    
      Fixes are currently available for the Alpha, Intel ia32, Motorola 680x0,
      PowerPC and Sun SPARC architectures, and will be included in 2.2r1.
    
      Source archives:
        
    http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.diff.gz
          MD5 checksum: a4a9ce00f9b85966521fccf91c20b1fe
        
    http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3-0potato1.dsc
          MD5 checksum: 26e0cc7624981b4872e104b62151c4b1
        
    http://security.debian.org/dists/potato/updates/main/source/php4_4.0.3.orig.tar.gz
          MD5 checksum: e80223ed44a445bbf202cd9a41a8fbbb
    
      Architecture indendent archives:
        
    http://security.debian.org/dists/potato/updates/main/binary-all/php4-dev_4.0.3-0potato1_all.deb
          MD5 checksum: 04b2040609b61c7c2ad391a23450ec66
    
      Alpha architecture:
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-gd_4.0.3-0potato1_alpha.deb
          MD5 checksum: d3fe7fef73c4b598a81fa2190d0c9eb5
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-imap_4.0.3-0potato1_alpha.deb
          MD5 checksum: 1231668e5b49c44ec5aa1cf6260537ba
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-ldap_4.0.3-0potato1_alpha.deb
          MD5 checksum: 7cbe170c8dc9d1692b5e3a59f225dc35
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mhash_4.0.3-0potato1_alpha.deb
          MD5 checksum: d41ac1166ace253daa79da899b60f1d2
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-mysql_4.0.3-0potato1_alpha.deb
          MD5 checksum: 7ce535f98712a5b925e0e0c939623395
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3-0potato1_alpha.deb
          MD5 checksum: 49fa22bbd37e6da2b42f2988c34f062f
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-snmp_4.0.3-0potato1_alpha.deb
          MD5 checksum: 3c8ae9b6caff94e3cfe9396929678ea8
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi-xml_4.0.3-0potato1_alpha.deb
          MD5 checksum: b6b109a24e81a346cae7ede4acb7b8d6
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-cgi_4.0.3-0potato1_alpha.deb
          MD5 checksum: f9dfaf4d72f9fd72684a6c1ef70e88f0
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-gd_4.0.3-0potato1_alpha.deb
          MD5 checksum: d738d12da802f8335c367c9c74f84702
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-imap_4.0.3-0potato1_alpha.deb
          MD5 checksum: 93171ea93342cd4818cc2e470bf755dd
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-ldap_4.0.3-0potato1_alpha.deb
          MD5 checksum: a566dcef79feaa5835bac1fdf25447c9
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mhash_4.0.3-0potato1_alpha.deb
          MD5 checksum: 10bbe8213e8016321c1c39dfa4c71d00
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-mysql_4.0.3-0potato1_alpha.deb
          MD5 checksum: 82eaa050345ebb04183ba54cb91d1dd3
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-pgsql_4.0.3-0potato1_alpha.deb
          MD5 checksum: 7756b53bd8889e76bb53ee200efa762a
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-snmp_4.0.3-0potato1_alpha.deb
          MD5 checksum: 8768e4ac8a49fcd8fb93a39565ba9f6b
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4-xml_4.0.3-0potato1_alpha.deb
          MD5 checksum: 1766704f4c160d70bbc8ceabbacb0485
        
    http://security.debian.org/dists/potato/updates/main/binary-alpha/php4_4.0.3-0potato1_alpha.deb
          MD5 checksum: ab46675a4746fb9c6d98d41f69d6c39d
    
      Intel ia32 architecture:
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-gd_4.0.3-0potato1_i386.deb
          MD5 checksum: 950b8d77cabb51fa3fee93f542923b22
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-imap_4.0.3-0potato1_i386.deb
          MD5 checksum: 4a1b39e86058ddef899ea7e30c165997
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-ldap_4.0.3-0potato1_i386.deb
          MD5 checksum: f7ff7751166164afee9f213f088fd293
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mhash_4.0.3-0potato1_i386.deb
          MD5 checksum: 353afa5861d49ccc6c2d2fd3dafad21d
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-mysql_4.0.3-0potato1_i386.deb
          MD5 checksum: 3d1336623f1e32d42efbb32097e50517
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-pgsql_4.0.3-0potato1_i386.deb
          MD5 checksum: fcb4d91a0400a4a9f7e9f97b95a82efd
     
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-snmp_4.0.3-0potato1_i386.deb
          MD5 checksum: d9c7aecfa1f2976f416936333d263323
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi-xml_4.0.3-0potato1_i386.deb
          MD5 checksum: fdf4a7f0a185a9ca340378e6dbb982f7
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-cgi_4.0.3-0potato1_i386.deb
          MD5 checksum: 5050b7fc859f50621a0d54922832c2f1
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-gd_4.0.3-0potato1_i386.deb
          MD5 checksum: 10c0fa0f35e0527f3e2cd1b5b6602ab6
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-imap_4.0.3-0potato1_i386.deb
          MD5 checksum: b411fb51803d7a96ad5eec056de9a41f
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-ldap_4.0.3-0potato1_i386.deb
          MD5 checksum: 341d2bebc353f2ac4948a41d8b3fdb8c
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mhash_4.0.3-0potato1_i386.deb
          MD5 checksum: f6d0465fc1c25d4deecd15dd5e60927b
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-mysql_4.0.3-0potato1_i386.deb
          MD5 checksum: a521a0332ee5c2ff325789c21c9bcc60
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-pgsql_4.0.3-0potato1_i386.deb
          MD5 checksum: 979ffc72564dcd02dae7bb2d97f73bbc
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-snmp_4.0.3-0potato1_i386.deb
          MD5 checksum: 3a174bf266dec089aba50049090fc518
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4-xml_4.0.3-0potato1_i386.deb
          MD5 checksum: 94ac2a5dbb47e4cf86c95579cff37320
        
    http://security.debian.org/dists/potato/updates/main/binary-i386/php4_4.0.3-0potato1_i386.deb
          MD5 checksum: ac2b7d167760365d1143caa0483ca9d8
    
      Motorola 680x0 architecture:
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-gd_4.0.3-0potato1_m68k.deb
          MD5 checksum: cf953a514fc74d16330a5fd61ca6f1d2
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-imap_4.0.3-0potato1_m68k.deb
          MD5 checksum: 54a1330b08760e2105a297652262b5f0
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-ldap_4.0.3-0potato1_m68k.deb
          MD5 checksum: 3e589a6b10fd4c5b8cf0bcc823e1c136
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mhash_4.0.3-0potato1_m68k.deb
          MD5 checksum: 0bee1f3abd78718cd2ccc48862cd62d3
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-mysql_4.0.3-0potato1_m68k.deb
          MD5 checksum: 8dc08d54bed91db40dce3d66f3ec4515
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3-0potato1_m68k.deb
          MD5 checksum: 1b61adc8cf8f0a9782057d622aedcedf
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-snmp_4.0.3-0potato1_m68k.deb
          MD5 checksum: 0ba4613f858af4679d28bac799d9381d
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi-xml_4.0.3-0potato1_m68k.deb
          MD5 checksum: 60047aecb794b0988e6834ad51991e6c
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-cgi_4.0.3-0potato1_m68k.deb
          MD5 checksum: c50c7ea097c5ba876de023f519582c3b
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-gd_4.0.3-0potato1_m68k.deb
          MD5 checksum: 5fd8393cd6d3bb17c5a0cb91846c3c4e
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-imap_4.0.3-0potato1_m68k.deb
          MD5 checksum: 1f1fc4b0822bebf7fc1c8832066cce2d
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-ldap_4.0.3-0potato1_m68k.deb
          MD5 checksum: de194dfccf9acbe7acf674949bd306c9
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mhash_4.0.3-0potato1_m68k.deb
          MD5 checksum: 2329a5ee7ad19c0a791923fddb8a35c1
     
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-mysql_4.0.3-0potato1_m68k.deb
          MD5 checksum: 9a9ada8c95f121ab1ae7b9137990e54b
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-pgsql_4.0.3-0potato1_m68k.deb
          MD5 checksum: a2b7f9d325021b55c3f33e8744b91793
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-snmp_4.0.3-0potato1_m68k.deb
          MD5 checksum: 3892fc2afd953838847d38a1787dd289
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4-xml_4.0.3-0potato1_m68k.deb
          MD5 checksum: 94fa954c37a23af00976b231bf1fd4f6
        
    http://security.debian.org/dists/potato/updates/main/binary-m68k/php4_4.0.3-0potato1_m68k.deb
          MD5 checksum: ca8ff47ba9b93365b9d05ba397b02608
    
      PowerPC architecture:
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-gd_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 77f491b502259bba05cbe3a0ee1366f3
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-imap_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 920705ee0db58017de6a45e3343e9903
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 89a30a1bdba82ab3b97c4a15d592b9e0
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3-0potato1_powerpc.deb
          MD5 checksum: dea22760f061bea67e95336b145965f6
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3-0potato1_powerpc.deb
          MD5 checksum: a62c51d74bf005ac33aef5f20976a26c
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3-0potato1_powerpc.deb
          MD5 checksum: e8594ffbda40270ce33510307cd2b8c9
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 5f463d50289c4d73085a1c06317b2d0c
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi-xml_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 67a88882315b6a80e52066b15a5430f1
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-cgi_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 562d0f98df13c64446b5f9157b164890
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-gd_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 5cd5a5c626174e945804a9eeb78b357b
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-imap_4.0.3-0potato1_powerpc.deb
          MD5 checksum: b79798b045e33f1633948b3f9187fd17
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-ldap_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 46d1767444a584cc5857fcf4ad69c1d7
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mhash_4.0.3-0potato1_powerpc.deb
          MD5 checksum: c885eb618264bbd7ed40182176c9a627
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-mysql_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 4761cb89398d57b0faffd8266775c008
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-pgsql_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 5caecc8f2ab14ea88f18be1e28158113
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-snmp_4.0.3-0potato1_powerpc.deb
          MD5 checksum: 644c612dc6311f8fb1eaa7a7e5292341
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4-xml_4.0.3-0potato1_powerpc.deb
          MD5 checksum: f8de34081f2cd5a7373eb441b797d3df
        
    http://security.debian.org/dists/potato/updates/main/binary-powerpc/php4_4.0.3-0potato1_powerpc.deb
          MD5 checksum: eb844ebce5c2674c0981295d0992d9ff
    
      Sun Sparc architecture:
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-gd_4.0.3-0potato1_sparc.deb
          MD5 checksum: d467f114370d358e0a02ea1de2495b4e
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-imap_4.0.3-0potato1_sparc.deb
          MD5 checksum: fb9d8131160fd7915bd1e2c700662323
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-ldap_4.0.3-0potato1_sparc.deb
          MD5 checksum: 9eed208d160ba83cab07a99d83448800
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mhash_4.0.3-0potato1_sparc.deb
          MD5 checksum: a90eb840733313cc4daf1e57f3cddf63
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-mysql_4.0.3-0potato1_sparc.deb
          MD5 checksum: ee479f23bad040b9fa4fc960bb0998b8
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3-0potato1_sparc.deb
          MD5 checksum: 6339a967c077b4eae3cf32974657759c
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-snmp_4.0.3-0potato1_sparc.deb
          MD5 checksum: 2cda52b681eb985958135434edeb5ae6
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi-xml_4.0.3-0potato1_sparc.deb
          MD5 checksum: 756fa42bf5d0af442291efa6ad719b38
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-cgi_4.0.3-0potato1_sparc.deb
          MD5 checksum: f4dbb48a2c0c904d3180e4699426f20a
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-gd_4.0.3-0potato1_sparc.deb
          MD5 checksum: 90f994f67c2a0a902a16aeb2acac9556
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-imap_4.0.3-0potato1_sparc.deb
          MD5 checksum: 17997e09572e612f4fc3d0aad8b74fe8
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-ldap_4.0.3-0potato1_sparc.deb
          MD5 checksum: a9985cd2954c5d44d6e7a57d717c0097
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mhash_4.0.3-0potato1_sparc.deb
          MD5 checksum: 49aa1c86cb9ec06c17bc2d727b75e1b0
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-mysql_4.0.3-0potato1_sparc.deb
          MD5 checksum: bac338543482d242d1c5cd936690eb1f
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-pgsql_4.0.3-0potato1_sparc.deb
          MD5 checksum: 5f8ff8caf9086525012db9234a94ff8c
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-snmp_4.0.3-0potato1_sparc.deb
          MD5 checksum: 5d20c6b5fce5bbeb04a422a7ee3cbadd
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4-xml_4.0.3-0potato1_sparc.deb
          MD5 checksum: e0360986406d5f566356f0389bd338dc
        
    http://security.debian.org/dists/potato/updates/main/binary-sparc/php4_4.0.3-0potato1_sparc.deb
          MD5 checksum: c25c1000ce84068fb5ae3b0c36a2c154
    
    Debian GNU/Linux Unstable alias woody
    - -------------------------------------
    
      This version of Debian is not yet released.
    
      Fixes are currently available for Alpha and Intel ia32 in the Debian
      archives; fixes for other architectures will be made available shortly.
    
    - ----------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.