Fedora 10 Update: maniadrive-1.2-13.fc10

    Date29 May 2009
    CategoryFedora
    2932
    Posted ByJoe Shakespeare
    Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap library by the PHP "imap" extension. This could cause the PHP interpreter to crash if the "imap" extension was used to read specially-crafted mail messages with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php http://www.php.net/ChangeLog-5.php#5.2.9
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-3768
    2009-04-21 23:54:56
    --------------------------------------------------------------------------------
    
    Name        : maniadrive
    Product     : Fedora 10
    Version     : 1.2
    Release     : 13.fc10
    URL         : http://maniadrive.raydium.org/
    Summary     : 3D stunt driving game
    Description :
    ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous
    gameplay (tracks almost never exceed one minute). Features: Complex car
    physics, Challenging "story mode", LAN and Internet mode, Live scores,
    Track editor, Dedicated server with HTTP interface and More than 30 blocks.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to PHP 5.2.9    A heap-based buffer overflow flaw was found in PHP's
    mbstring extension. A remote attacker able to pass arbitrary input to a PHP
    script using mbstring conversion functions could cause the PHP interpreter to
    crash or, possibly, execute arbitrary code. (CVE-2008-5557)    A directory
    traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used
    to extract a malicious ZIP archive, it could allow an attacker to write
    arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658)
    A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
    script allowed a remote attacker to load a carefully crafted font file, it could
    cause the PHP interpreter to crash or, possibly, execute arbitrary code.
    (CVE-2008-3658)    A memory disclosure flaw was found in the PHP gd extension's
    imagerotate function. A remote attacker able to pass arbitrary values as the
    "background color" argument of the function could, possibly, view portions of
    the PHP interpreter's memory. (CVE-2008-5498)    A cross-site scripting flaw was
    found in a way PHP reported errors for invalid cookies. If the PHP interpreter
    had "display_errors" enabled, a remote attacker able to set a specially-crafted
    cookie on a victim's system could possibly inject arbitrary HTML into an error
    message generated by PHP. (CVE-2008-5814)    A flaw was found in the handling of
    the "mbstring.func_overload" configuration setting. A value set for one virtual
    host, or in a user's .htaccess file, was incorrectly applied to other virtual
    hosts on the same server, causing the handling of multibyte character strings to
    not work correctly. (CVE-2009-0754)    A flaw was found in PHP's json_decode
    function. A remote attacker could use this flaw to create a specially-crafted
    string which could cause the PHP interpreter to crash while being decoded in a
    PHP script. (CVE-2009-1271)    A flaw was found in the use of the uw-imap
    library by the PHP "imap" extension. This could cause the PHP interpreter to
    crash if the "imap" extension was used to read specially-crafted mail messages
    with long headers. (CVE-2008-2829)    http://www.php.net/releases/5_2_7.php
    http://www.php.net/releases/5_2_8.php  http://www.php.net/releases/5_2_9.php
    http://www.php.net/ChangeLog-5.php#5.2.9
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Apr 16 2009 Remi Collet  - 1.2-13
    - Rebuild for php 5.2.9
    * Sun Feb 15 2009 Hans de Goede  1.2-12
    - Fix maniadrive crashing with php 5.2.8 (and later)
    - Fix maniadrive triggering an assert in the latest ode
    * Wed Dec 17 2008 Hans de Goede  1.2-11
    - Rebuild for new php version
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
            https://bugzilla.redhat.com/show_bug.cgi?id=478425
      [ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode()
            https://bugzilla.redhat.com/show_bug.cgi?id=494530
      [ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
            https://bugzilla.redhat.com/show_bug.cgi?id=459529
      [ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
            https://bugzilla.redhat.com/show_bug.cgi?id=459572
      [ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow
            https://bugzilla.redhat.com/show_bug.cgi?id=452808
      [ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
            https://bugzilla.redhat.com/show_bug.cgi?id=474824
      [ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
            https://bugzilla.redhat.com/show_bug.cgi?id=478848
      [ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
            https://bugzilla.redhat.com/show_bug.cgi?id=479272
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update maniadrive' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.