SuSE: 2006-059: php4,php5 Security Update


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                php4,php5
        Announcement ID:        SUSE-SA:2006:059
        Date:                   Mon, 09 Oct 2006 16:00:00 +0000
        Affected Products:      Novell Linux POS 9
                                Open Enterprise Server
                                SLE SDK 10
                                SUSE LINUX 10.1
                                SUSE LINUX 10.0
                                SUSE LINUX 9.3
                                SUSE LINUX 9.2
                                SuSE Linux Enterprise Server 8
                                SuSE Linux Openexchange Server 4
                                SUSE LINUX Retail Solution 8
                                SuSE Linux School Server
                                SuSE Linux Standard Server 8
                                SUSE SLES 10
                                SUSE SLES 9
                                UnitedLinux 1.0
        Vulnerability Type:     remote code execution
        Severity (1-10):        5
        SUSE Default Package:   no
        Cross-References:       CVE-2006-4625, CVE-2006-4812

    Content of This Advisory:
        1) Security Vulnerability Resolved:
             php remote code execution
           Problem Description
        2) Solution or Work-Around
        3) Special Instructions and Notes
        4) Package Location and Checksums
        5) Pending Vulnerabilities, Solutions, and Work-Arounds:
            - MozillaFirefox
        6) Authenticity Verification and Additional Information

______________________________________________________________________________

1) Problem Description and Brief Discussion

   The ini_restore() method could be exploited to reset options such as
   open_basedir when set via the web server config file to their default
   value set in php.ini (CVE-2006-4625).
   
   Additionally php5 on all products as well as php4 on SLES8 were
   vulnerable to an integer overflow problem in the memory
   allocation routine. This bug can be exploited to execute
   arbitrary code with the uid of the web server (CVE-2006-4812).
   Thanks to Stefan Esser for reporting the problem.

2) Solution or Work-Around

   There is no known workaround, please install the update packages.

3) Special Instructions and Notes

   None

4) Package Location and Checksums

   The preferred method for installing security updates is to use the YaST
   Online Update (YOU) tool. YOU detects which updates are required and
   automatically performs the necessary steps to verify and install them.
   Alternatively, download the update packages for your distribution manually
   and verify their integrity by the methods listed in Section 6 of this
   announcement. Then install the packages using the command

     rpm -Fhv 

   to apply the update, replacing  with the filename of the
   downloaded RPM package.

   
   x86 Platform:
   
   SUSE LINUX 10.1:
             f6dd03b1f84b776a939e58e38fd6c98f
             b6159e3912b3bffb11fae6dab9500461
             846328aa86a3f25b029e35b9d3840f63
             c735136afd5c213ad6be4120fa43e3cb
             fe82cff678a1fd1cea3b230e15d873d7
             06cfb81e9a19bef52cc219896fa45ec2
             ede772e0df37d4327c2dadeba9db1d5c
             fe8226a18150a18cc47efd8e1e49545f
             2eeaa4d328c1a88fb012a9c63d0f5737
             c8d62c473ee38a740d82acbb01f2a604
             9d7627b1aea3af75e4c5af1a6e0372a5
             8115eb92b3097f7c3fe319c0e6c2ffc2
             d1f160e50b916e50a8e8b52195d3fc72
             49d2d0ae0c9c25d38b1eaa89865bcab4
             45187b38a55b347ae84abb30d061a787
             94b1cecfdfb18773641439cdf1668454
             5574dc126d991fef2824a6acc8c0895a
             89cc8ab51584491c7b39c78b4170bb29
             ddeca03fd455c9c93a022c012abf55e3
             89d3bfacf2abec0fbec695f69707e35d
             0f2b0fc62b87ffd75e5f1cb21064a31f
             4ea6ebd1396b33d23ffacf1e9599af02
             1084a9ce72c2ed624949c65493db643c
   
   SUSE LINUX 10.0:
             fbc86de2aaa147b2d264ff831c831792
             007e4de44bfa90eef1ff6567f78eba59
             051943acb8ec58b129136f46c2ecd7ec
             18ec3b046301279842e52fa6cd66fca0
             246f6c4a6b6881228e608d46fbd1099d
             cb567d9796c9c1ba7b17dfb14237f426
             dbef703ac598b91a31c9cac4686eef0e
             6f7fa5048ef406f1f5b8af256f1e1463
             e4725eda81a38ad9b641435dca00f49e
             e17da072c91687f6915c4025f6ce7726
             1c403b9e2664f53d22888aa475c0e070
             75207b60793aacc6fbf02ea735a361c0
             dff3cdadd86ef5b3246624de0431c7f5
             004b1818f4400fda0455eb8c84f6c1ed
             9b2f246630ee84be56dd6f353fd8e977
             e38a60b12642b056c15ec648668e2280
             447c44c8407a6bf6988a14c5c27a1317
             b1956139ea32d80efdfcffaf31b472ab
             404f2abddd78e426c85d6c8158f93509
             2b53b87602ea2f7ed6d64435e585a8fa
             c75ada861608c401b7d0bc500942bc6d
             63b11a345afdb21d271ce8c9dce17bd9
             3ce164ecbe438e8620de4e7803a4e78c
             77d42d51dadb0090b1e292439b50455b
             9eeebde8bc4e14abfef2f63c0a3db8ad
             5fe2bb60078bcf49492ff979a7d28dd2
             9fdd80c3e3fb093a75c6490b44372570
             5d3862a7c32c4c453f144396199670ad
             81b4c50e2ea1b2efbb73849f199d8a26
             c91721c527f771a939decb7d59d2a434
             fe1b50e4e78b9c2ff7ca1ac28e4c0710
             612f4fef9441665bc7f54fa7418fb8b6
             7dea87fcc3b039e0cc93586fa9caa165
             c14cfd7effda4029ad1432e20d1fe0e0
             e9072bc3b473b76605cf0fd6c17690f1
   
   SUSE LINUX 9.3:
             cd05bada49ef9f07859502511c341bb8
             4dc15ec9e03e0067d9e202ea2d5a30ae
             1e68968d9f06b7994437863fb49a7a4e
             5caf64b03ece7424f7bef8c979b57c52
             dcb0476afba90ac91def03ce2004362c
             61c11fadc92bf9ab06f739b292ecaf90
             91ee711ce1de9ae7745c1d47c17f5824
             4f595cd294012bd85bd944dde6611bd6
             0c328a3d48c297175dffb70c4f4a1379
             45888d95df7d3b0411eb20fb02ccd697
             358aba830423e959cc07e2293dbc6980
             c9ee751b2bc23a00a11fa07ae31f0026
             cdbb946e43b95fd8ef85e624a4629f5b
             5247aab4da119ddef1ebb435e5e832c6
             9fd4c00263e6b63e01e090595ced8a2e
             b0c884ad8505fc5a4ee4c4dee5d16bf2
             50dedfe6107fa2653315a4aac13252c7
             55a45c1bd646124bdf9f3eea2794b533
             43d3508e975f10d231178e5e8b40dce1
             f3db940945dd212f5a9b682a89215fa5
             db078448d4d499c504246a32e44766ad
             87efa23fc3ea41885f532a7de5de08fb
             54397e6467a9591de6d07fd7098618af
             3eed6c7c14538dbd373cfa90f2f96feb
             9d49f8c56768433e8167c3adf9a300b2
             477bb33a8184c3bd2de7d8a00a1b4c2d
             ad9fc22af4586c67df7f7ba71073e625
             d076b8ac94953b201fe272d78ef92ae5
             6bfaa9d4a081f4acecff27b5e9246456
             85d610f4f7e14b6bf12aef1c6f8ccc7f
             74094b1bd45c23fc0a69c83e8d398810
             77fd442e71d6b929849163fd35d1016b
             cac6cfa6c6604782d5bcd0ad92a9e4f4
             b988bbba4ffaefb424bdee98f6fb2218
             882da0a0da11360fab0d1de9e17cbb6a
             b431e4834365ce84bddec9f7b8a8b745
             b1b83587ed9175f4bba12d64b14604c8
             60a8483a2be8aa09f7e8e9b466e80c48
             351c07f60fa51ba61f78fd90918a12b1
   
   SUSE LINUX 9.2:
             932db4aa97d47de823bbb8a60da6f01a
             633090701852c58e7f7c8ddfd389260c
             9b0fdc2c678b99e3cfb10256eccffaa8
             bb3103aa6ecc1a5ea68e99b74cd68243
             48c19eb0c5626afb0798248fb522b1e9
             f33278e462354fb9417909933bdddd4c
             4c63ef97386fa705aee8fd6bc0a34f1c
             b20ce9f96b9a1d219f4284f9be1c6769
             d3ce1978b63951b01dd71e239fc8c653
             7acac40296c303c9d632f6b6049b52d0
             ee35c61e9005d0e69350bf16d9911a97
             18d4c3dde24ce92d9c801796008f426c
             b3339967bf8ac7b5c73f0b477a4f86d6
             afe0dccdecf19478671de8460fe192e5
             65056f0fc08ce660782f67ed31f45cec
   
   Power PC Platform:
   
   SUSE LINUX 10.1:
             403aa6a3deb4375b6f3209360b2b40c9
             afc28dc756325d9032ffe5da24ff7410
             33b26806735c57b80bb8f693dd686c1b
             ed392e2bd40bb6e57d06f2924f871b28
             20765547d47fc406c6c03437ff5233b6
             b881aa56b9f2cda99b3544ca9090bcc6
             7e4496e4ea7b782576e5cf5e81ecebc9
             31b9f17cfffab798c5c8672fefd50552
             00ca9a6da8ff6423a176310c66079f8b
             0c18e1ac2ab1bc4af92a2a04608bac5d
             fd137ee43ae350086fabc4dda8358363
             d9eb6e8e7cb2ecd412d1d7d97a08f871
             a14070473b79c34cabae4d7c422a0ca4
             405440aeecce1f9e6db7edab2db94f07
             0f05185c36c427984eb6fe03d658962f
             df68e381e4bb8fc0a63b5295c518e2a2
             6314ea97b0f8fe4f2df143d2a0490da0
             c8527246e6af1b70798855caf9f9f835
             77254262548be8ce2d57c0fe4c4a0bec
             035b88ed045ddb9ed193ad99d0b4a821
             40902c4ea299bc8c82b8072b4257282e
             415b36426ded7fd11854b4f5cc1312c6
             78dbaac509f06279442f74d55d6fbe28
   
   SUSE LINUX 10.0:
             92c467afc8499acd6741295592135d47
             fd2b8d050fd0b965c97f570e1eead6e2
             4aac71798b31f08294ea989ed12eec30
             faded8e49ab6209fa8b47cc5e35f9d50
             cad2ab1f4959c036206248401332e50f
             fbe624caef506f028fea26829be304ea
             dc70abf0de81d818b28bfa8c87973b22
             9a33700522d2974894092582450662d2
             fe5cec68785419e1f5a880cea4325205
             64c9df252105971d2633d9c34bd8ffb7
             14a5b886c3b88e0b55d7d29c6cf6528c
             47fc29bd436e35c2e4484cb4ce053e7d
             aa69f2d86554292e5cc33d1d71700386
             e1ea0b3c94a48d60375ab75146640380
             a9d838eeffc7552d1d8761b8adf925d5
             fde53494b4d321b354dfefffe794041c
             c5599db73f8ae5f89a6df48724eedc28
             9cde256c6f0cbef1b3f12517dc48c116
             4b48505b1ff76cc580d6e6f563bfd487
             399abb278959362a131373091b7b6f08
             beffccac7a7a8fd2772d2cf55e68cf50
             b3ecb6c72b0c40c173e4ee5c0a8cd73e
             a8fd23d05a1c7dc25ed2ba4a5f301611
             c4fefff079301ebcca63a59ab1e0e153
             13a4aa5e1bfdd2a5ad33e7fe744ca9ea
             bbd7eb300ee9227adfbe93b8b69356e7
             8903ff48cd8226ea717f0e8e97ce2b60
             93da69c86dcf56364fc7143a9b609c75
             1b64509a590d002849524cdd467b79e0
             56fe5de931c142bcb8883a354e7071d3
             96f40acb04fd6068d42dcb56b9ab89e0
             61102c8134a1f779d082d99d3aa4d9e6
             4d07e0dbcbd0febef91cdc9ff1c3ad57
             7097dc036944f5561a26b7257428fbaf
   
   x86-64 Platform:
   
   SUSE LINUX 10.1:
             c749607da1bc1a972e638d4370f2f35d
             8e8082bf28dac11ee3d99178122d0368
             699345521cd281e9b6019f00b2b86bb5
             7b917378da6ff33446cef9adb4a74a6e
             9746da6165ac4b857c070381c6750fe8
             e056bb5c0ae649cbea5950314d3d5c1f
             0c8f57d45f9149c054f8936aab135fd4
             c34912e3616e6aa67af07b10f8d3f0cb
             4be839015bd25b70851f2568795632b7
             a862b4f752f2be0ae37eb3eb09e709cf
             d4a3111a5faf259cd8030d4d1ee30183
             3210a033fd82cfb3a9a33d20ff2d5b63
             8f646fceffa1d7395055c8b8d91f441e
             d5f607c88c9ec11d08fcf239fb98af91
             546b07881b9268bab6eacbf83f381078
             b5e9cdb4299ba235edfa5e2d33ccc359
             8ea616e5a196a63a67a210134bbb4f68
             b4e81b116ba21cd72e0c9f439a1d2f1c
             026feb504831f32e2d34a33399616b62
             0fda401e8867fcdfc7ff364ae76ee8b0
             be0633d33c9c08baba83b82436c55ac5
             6533d9d8acbc65856d7fbeef6dead46b
             9cf9310441ffbd502d6439dc2d7de6b9
   
   SUSE LINUX 10.0:
             1e0de6a51def77aac177bce9d5e82b1b
             8e1122f9fe744a1f03d6566fd6f93130
             ddb89672b22e2b300fc7991c236b7db4
             5414044cdda8fb4a7ae550151fd21cdf
             50baf6b9757589519224c7a87572eb7c
             98d938b23a28b90d3d099f02f3f2b6c4
             7a4d0ed6213f52cc1a045e3fbb207f08
             561e2a171e05fff93948ac16067b478d
             7a1fdd00365891457d05d8bd0715c108
             74bdcd4636cdae23ab0d6007eb0c8a69
             2f2ce3fea7ca6ba5e32584419fb3fc41
             3ca43e4bbfaaa59e344bb034b1190231
             6cfcaf4311f1176b74cd77df4a9557a7
             58d43be831da6ac171afa3c44633712b
             12a56931c439fe28f41d143c7d46cf06
             632e238add83943445527286ad2a4786
             003b14cc6b68249847509ba343c2ae7e
             5bff13f4271cf1b0c39a3c093137b3fd
             08893a7b87a44dd7a58c568a66bde2fc
             10e6adbef4230e1433663e66e76ab097
             f726b6f72e2ba22ff2140d4d3369041e
             b366024861fd8b449976e4cc3df2f5bf
             24ce6fbfc7cfbdb0c32d5f0fcdbb83b4
             21fa1feb4c1e92caf293b0a4d212f7e4
             06641522ee0439da6478803f3164343e
             58d37498fac28dd0b9d4acf11769cffe
             0d3bfef80261caf193d0f87b19c5b7f7
             28a9435f7292a94868c071b9bd5a12fc
             c4775839ea0e3b6a4ca44e26847f2945
             1b80b850f9f1df3cc8cdb81e86133040
             c104825999f8576717ce03e6f9ce19ee
             188457c92de4703458cc1124933dd0a4
             8a3451cccafc2cc843b64bc860042e42
             53f7615b8cb7d6cbe052884507f2f7b0
             552f17b1e803ecdd2444598bb0b6f685
             d26fd9c0b6f962bc8a9e3b7562c1290d
   
   SUSE LINUX 9.3:
             643f1e34da10a3bed2d1f9c1e4712538
             efdeea1303dc872a40be3b87da46ad15
             70ca20f6c1162bcf99aac25c91afc858
             b6d3df5f0be0beb4b4c6c3fed43cef0e
             c952654ac95199cedf6e864692769287
             2f711da5b9a6cec7c5ede1ca9cab987f
             ef7677be40f12c666c8cc64f9cc53f15
             03097a89737b2d761db59956f3f2a84c
             b3329ee06339347236804faacdda05fd
             44eaf0ed40023787e2d4225b45493244
             2d93762abd94bbe4d6a3915003808f82
             b47f6a22a04b593651c2a4caf8193ddb
             85f0b820820978a1f9ca9c4df8d6d6c8
             a33d2d4ec99a423c3b04a879d871454f
             c44f66156b0fa4e42539f97e6e3d07e2
             8cf0b1691ae76361efee324ccf620bae
             ab41eb2df74f43b2337f04b28b0ac636
             d2f0e45577ba78bacb35b6b756c19921
             75c441f0b1367f8fadb325f9e6a7d15f
             a48a71f3e3868dfb06516aa55ef2d5a4
             c29a4230f4b262db4722a48b8c275d1c
             a63d4f4c97883ef4eb77220db27d9dbf
             05e617f0bb42e7d91136e919816c23f6
             ef857806b3a69116353805102fdc8bc3
             1e24ec771dfaa282a53cc56b099c931f
             2d828e49145419252f146eaee1f9bbd9
             07f89108dfce4d2a11d1605ad9504db7
             ca6b86f0a359b76c2d43c9d11ce0e28a
             def26aa2782932d03212a32d2014ebef
             7e2160498dea91361182cc9da7358603
             323de649e6ca3caf0650986fb1589f6f
             d415f8cd5b92d425187c8041ce124471
             5dbfb8fb07bb68fdbc1c32a7bc2febf8
             b53f94ba9fe43ec528dbd9a588d424bd
             1cd948197a375bb6be6648863e1b8634
             12b0ed1aa4abf7fecc50abb2f0515508
             d56c7f2dfa51306646b19be686a51ec5
             daef780694c53520262f443007455379
             ebd520248c18d2cbf0f5809b20f8698f
             318cac7311b10d8755a48e9fa3964b68
   
   SUSE LINUX 9.2:
             c2b8e562ff87dc6bce395a24ce3a9b47
             2028fcf513906981769e27cc4949954c
             a97865f41d9f9e706c2d2ae44edb7f55
             a3c90067b86988feeffb8d8eee11ab8e
             1f0e7435cd4392fe11774c220f3edd72
             87c63bcb25656f5a6b5e20a47469fcba
             3d49718bfd1a093a55bbfb0fb3d9d67e
             e6651814510fccf90f4cc173dad1ef1a
             69958c72bded1f197491cf3aca1543d8
             dbd2ee8bb34c64858424cd7af03a6f11
             edaec833274625b6d856be99fb9a20cd
             9dde75c674d247bcc86262b326cfd453
             85d4d54a73e9a7be57edc801b0265037
             f3af7b261a32714e31d980581e9abed5
             714bfc397e7de8d5c5d5ece6a0e5d6e0
             8fd2ce4a48d75e9e87f829a7f1a5fe5f
   
   Sources:
   
   SUSE LINUX 10.1:
             cc6bc61b1b20c8f0e9d5028fff7f6d24
   
   SUSE LINUX 10.0:
             f0517a98aa6a2e438ea1df08749526fb
             479e3a8ce7006d0da2ff0cbc652a8820
   
   SUSE LINUX 9.3:
             78f103b7127ae5c1fa0721f8522109fb
             c59645d70437725b056d757c50313e2c
   
   SUSE LINUX 9.2:
             17b174a8f31e0694ed22445e385b2b4b
   
   Our maintenance customers are notified individually. The packages are
   offered for installation from the maintenance web:
   
   SUSE SLES 10
     http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.html
   
   SLE SDK 10
     http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.html
   
   UnitedLinux 1.0
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   SuSE Linux Openexchange Server 4
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   SuSE Linux Enterprise Server 8
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   SuSE Linux Standard Server 8
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   SuSE Linux School Server
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   SUSE LINUX Retail Solution 8
     http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html
   
   Open Enterprise Server
     http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html
   
   Novell Linux POS 9
     http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html
   
   SUSE SLES 9
     http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html

______________________________________________________________________________

5) Pending Vulnerabilities, Solutions, and Work-Arounds:

   - MozillaFirefox
     The previous MozillaFirefox update was erroneously compiled
     with debug options enabled which caused slowdowns and excessive
     amount of logging. Updated packages with disabled debug options
     are now available.


______________________________________________________________________________

6) Authenticity Verification and Additional Information

  - Announcement authenticity verification:

    SUSE security announcements are published via mailing lists and on Web
    sites. The authenticity and integrity of a SUSE security announcement is
    guaranteed by a cryptographic signature in each announcement. All SUSE
    security announcements are published with a valid signature.

    To verify the signature of the announcement, save it as text into a file
    and run the command

      gpg --verify 

    replacing  with the name of the file where you saved the
    announcement. The output for a valid signature looks like:

      gpg: Signature made  using RSA key ID 3D25D3D9
      gpg: Good signature from "SuSE Security Team "

    where  is replaced by the date the document was signed.

    If the security team's key is not contained in your key ring, you can
    import it from the first installation CD. To import the key, use the
    command

      gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc

  - Package authenticity verification:

    SUSE update packages are available on many mirror FTP servers all over the
    world. While this service is considered valuable and important to the free
    and open source software community, the authenticity and the integrity of
    a package needs to be verified to ensure that it has not been tampered
    with.

    There are two verification methods that can be used independently from
    each other to prove the authenticity of a downloaded file or RPM package:

    1) Using the internal gpg signatures of the rpm package
    2) MD5 checksums as provided in this announcement

    1) The internal rpm package signatures provide an easy way to verify the
       authenticity of an RPM package. Use the command

        rpm -v --checksig 

       to verify the signature of the package, replacing  with the
       filename of the RPM package downloaded. The package is unmodified if it
       contains a valid signature from build@suse.de with the key ID 9C800ACA.

       This key is automatically imported into the RPM database (on
       RPMv4-based distributions) and the gpg key ring of 'root' during
       installation. You can also find it on the first installation CD and at
       the end of this announcement.

    2) If you need an alternative means of verification, use the md5sum
       command to verify the authenticity of the packages. Execute the command

         md5sum 

       after you downloaded the file from a SUSE FTP server or its mirrors.
       Then compare the resulting md5sum with the one that is listed in the
       SUSE security announcement. Because the announcement containing the
       checksums is cryptographically signed (by security@suse.de), the
       checksums show proof of the authenticity of the package if the
       signature of the announcement is valid. Note that the md5 sums
       published in the SUSE Security Announcements are valid for the
       respective packages only. Newer versions of these packages cannot be
       verified.

  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   General Linux and SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an e-mail to
                .

    For general information or the frequently asked questions (FAQ),
    send mail to  or
    .

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2006:059 Date: Mon, 09 Oct 2006 16:00:00 +0000 Affected Products: Novell Linux POS 9 Open Enterprise Server SLE SDK 10 SUSE LINUX 10.1 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SUSE LINUX Retail Solution 8 SuSE Linux School Server SuSE Linux Standard Server 8 SUSE SLES 10 SUSE SLES 9 UnitedLinux 1.0 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-4625, CVE-2006-4812 Content of This Advisory: 1) Security Vulnerability Resolved: php remote code execution Problem Description 2) Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - MozillaFirefox 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion The ini_restore() method could be exploited to reset options such as open_basedir when set via the web server config file to their default value set in php.ini (CVE-2006-4625). Additionally php5 on all products as well as php4 on SLES8 were vulnerable to an integer overflow problem in the memory allocation routine. This bug can be exploited to execute arbitrary code with the uid of the web server (CVE-2006-4812). Thanks to Stefan Esser for reporting the problem. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes None 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: SUSE LINUX 10.1: f6dd03b1f84b776a939e58e38fd6c98f b6159e3912b3bffb11fae6dab9500461 846328aa86a3f25b029e35b9d3840f63 c735136afd5c213ad6be4120fa43e3cb fe82cff678a1fd1cea3b230e15d873d7 06cfb81e9a19bef52cc219896fa45ec2 ede772e0df37d4327c2dadeba9db1d5c fe8226a18150a18cc47efd8e1e49545f 2eeaa4d328c1a88fb012a9c63d0f5737 c8d62c473ee38a740d82acbb01f2a604 9d7627b1aea3af75e4c5af1a6e0372a5 8115eb92b3097f7c3fe319c0e6c2ffc2 d1f160e50b916e50a8e8b52195d3fc72 49d2d0ae0c9c25d38b1eaa89865bcab4 45187b38a55b347ae84abb30d061a787 94b1cecfdfb18773641439cdf1668454 5574dc126d991fef2824a6acc8c0895a 89cc8ab51584491c7b39c78b4170bb29 ddeca03fd455c9c93a022c012abf55e3 89d3bfacf2abec0fbec695f69707e35d 0f2b0fc62b87ffd75e5f1cb21064a31f 4ea6ebd1396b33d23ffacf1e9599af02 1084a9ce72c2ed624949c65493db643c SUSE LINUX 10.0: fbc86de2aaa147b2d264ff831c831792 007e4de44bfa90eef1ff6567f78eba59 051943acb8ec58b129136f46c2ecd7ec 18ec3b046301279842e52fa6cd66fca0 246f6c4a6b6881228e608d46fbd1099d cb567d9796c9c1ba7b17dfb14237f426 dbef703ac598b91a31c9cac4686eef0e 6f7fa5048ef406f1f5b8af256f1e1463 e4725eda81a38ad9b641435dca00f49e e17da072c91687f6915c4025f6ce7726 1c403b9e2664f53d22888aa475c0e070 75207b60793aacc6fbf02ea735a361c0 dff3cdadd86ef5b3246624de0431c7f5 004b1818f4400fda0455eb8c84f6c1ed 9b2f246630ee84be56dd6f353fd8e977 e38a60b12642b056c15ec648668e2280 447c44c8407a6bf6988a14c5c27a1317 b1956139ea32d80efdfcffaf31b472ab 404f2abddd78e426c85d6c8158f93509 2b53b87602ea2f7ed6d64435e585a8fa c75ada861608c401b7d0bc500942bc6d 63b11a345afdb21d271ce8c9dce17bd9 3ce164ecbe438e8620de4e7803a4e78c 77d42d51dadb0090b1e292439b50455b 9eeebde8bc4e14abfef2f63c0a3db8ad 5fe2bb60078bcf49492ff979a7d28dd2 9fdd80c3e3fb093a75c6490b44372570 5d3862a7c32c4c453f144396199670ad 81b4c50e2ea1b2efbb73849f199d8a26 c91721c527f771a939decb7d59d2a434 fe1b50e4e78b9c2ff7ca1ac28e4c0710 612f4fef9441665bc7f54fa7418fb8b6 7dea87fcc3b039e0cc93586fa9caa165 c14cfd7effda4029ad1432e20d1fe0e0 e9072bc3b473b76605cf0fd6c17690f1 SUSE LINUX 9.3: cd05bada49ef9f07859502511c341bb8 4dc15ec9e03e0067d9e202ea2d5a30ae 1e68968d9f06b7994437863fb49a7a4e 5caf64b03ece7424f7bef8c979b57c52 dcb0476afba90ac91def03ce2004362c 61c11fadc92bf9ab06f739b292ecaf90 91ee711ce1de9ae7745c1d47c17f5824 4f595cd294012bd85bd944dde6611bd6 0c328a3d48c297175dffb70c4f4a1379 45888d95df7d3b0411eb20fb02ccd697 358aba830423e959cc07e2293dbc6980 c9ee751b2bc23a00a11fa07ae31f0026 cdbb946e43b95fd8ef85e624a4629f5b 5247aab4da119ddef1ebb435e5e832c6 9fd4c00263e6b63e01e090595ced8a2e b0c884ad8505fc5a4ee4c4dee5d16bf2 50dedfe6107fa2653315a4aac13252c7 55a45c1bd646124bdf9f3eea2794b533 43d3508e975f10d231178e5e8b40dce1 f3db940945dd212f5a9b682a89215fa5 db078448d4d499c504246a32e44766ad 87efa23fc3ea41885f532a7de5de08fb 54397e6467a9591de6d07fd7098618af 3eed6c7c14538dbd373cfa90f2f96feb 9d49f8c56768433e8167c3adf9a300b2 477bb33a8184c3bd2de7d8a00a1b4c2d ad9fc22af4586c67df7f7ba71073e625 d076b8ac94953b201fe272d78ef92ae5 6bfaa9d4a081f4acecff27b5e9246456 85d610f4f7e14b6bf12aef1c6f8ccc7f 74094b1bd45c23fc0a69c83e8d398810 77fd442e71d6b929849163fd35d1016b cac6cfa6c6604782d5bcd0ad92a9e4f4 b988bbba4ffaefb424bdee98f6fb2218 882da0a0da11360fab0d1de9e17cbb6a b431e4834365ce84bddec9f7b8a8b745 b1b83587ed9175f4bba12d64b14604c8 60a8483a2be8aa09f7e8e9b466e80c48 351c07f60fa51ba61f78fd90918a12b1 SUSE LINUX 9.2: 932db4aa97d47de823bbb8a60da6f01a 633090701852c58e7f7c8ddfd389260c 9b0fdc2c678b99e3cfb10256eccffaa8 bb3103aa6ecc1a5ea68e99b74cd68243 48c19eb0c5626afb0798248fb522b1e9 f33278e462354fb9417909933bdddd4c 4c63ef97386fa705aee8fd6bc0a34f1c b20ce9f96b9a1d219f4284f9be1c6769 d3ce1978b63951b01dd71e239fc8c653 7acac40296c303c9d632f6b6049b52d0 ee35c61e9005d0e69350bf16d9911a97 18d4c3dde24ce92d9c801796008f426c b3339967bf8ac7b5c73f0b477a4f86d6 afe0dccdecf19478671de8460fe192e5 65056f0fc08ce660782f67ed31f45cec Power PC Platform: SUSE LINUX 10.1: 403aa6a3deb4375b6f3209360b2b40c9 afc28dc756325d9032ffe5da24ff7410 33b26806735c57b80bb8f693dd686c1b ed392e2bd40bb6e57d06f2924f871b28 20765547d47fc406c6c03437ff5233b6 b881aa56b9f2cda99b3544ca9090bcc6 7e4496e4ea7b782576e5cf5e81ecebc9 31b9f17cfffab798c5c8672fefd50552 00ca9a6da8ff6423a176310c66079f8b 0c18e1ac2ab1bc4af92a2a04608bac5d fd137ee43ae350086fabc4dda8358363 d9eb6e8e7cb2ecd412d1d7d97a08f871 a14070473b79c34cabae4d7c422a0ca4 405440aeecce1f9e6db7edab2db94f07 0f05185c36c427984eb6fe03d658962f df68e381e4bb8fc0a63b5295c518e2a2 6314ea97b0f8fe4f2df143d2a0490da0 c8527246e6af1b70798855caf9f9f835 77254262548be8ce2d57c0fe4c4a0bec 035b88ed045ddb9ed193ad99d0b4a821 40902c4ea299bc8c82b8072b4257282e 415b36426ded7fd11854b4f5cc1312c6 78dbaac509f06279442f74d55d6fbe28 SUSE LINUX 10.0: 92c467afc8499acd6741295592135d47 fd2b8d050fd0b965c97f570e1eead6e2 4aac71798b31f08294ea989ed12eec30 faded8e49ab6209fa8b47cc5e35f9d50 cad2ab1f4959c036206248401332e50f fbe624caef506f028fea26829be304ea dc70abf0de81d818b28bfa8c87973b22 9a33700522d2974894092582450662d2 fe5cec68785419e1f5a880cea4325205 64c9df252105971d2633d9c34bd8ffb7 14a5b886c3b88e0b55d7d29c6cf6528c 47fc29bd436e35c2e4484cb4ce053e7d aa69f2d86554292e5cc33d1d71700386 e1ea0b3c94a48d60375ab75146640380 a9d838eeffc7552d1d8761b8adf925d5 fde53494b4d321b354dfefffe794041c c5599db73f8ae5f89a6df48724eedc28 9cde256c6f0cbef1b3f12517dc48c116 4b48505b1ff76cc580d6e6f563bfd487 399abb278959362a131373091b7b6f08 beffccac7a7a8fd2772d2cf55e68cf50 b3ecb6c72b0c40c173e4ee5c0a8cd73e a8fd23d05a1c7dc25ed2ba4a5f301611 c4fefff079301ebcca63a59ab1e0e153 13a4aa5e1bfdd2a5ad33e7fe744ca9ea bbd7eb300ee9227adfbe93b8b69356e7 8903ff48cd8226ea717f0e8e97ce2b60 93da69c86dcf56364fc7143a9b609c75 1b64509a590d002849524cdd467b79e0 56fe5de931c142bcb8883a354e7071d3 96f40acb04fd6068d42dcb56b9ab89e0 61102c8134a1f779d082d99d3aa4d9e6 4d07e0dbcbd0febef91cdc9ff1c3ad57 7097dc036944f5561a26b7257428fbaf x86-64 Platform: SUSE LINUX 10.1: c749607da1bc1a972e638d4370f2f35d 8e8082bf28dac11ee3d99178122d0368 699345521cd281e9b6019f00b2b86bb5 7b917378da6ff33446cef9adb4a74a6e 9746da6165ac4b857c070381c6750fe8 e056bb5c0ae649cbea5950314d3d5c1f 0c8f57d45f9149c054f8936aab135fd4 c34912e3616e6aa67af07b10f8d3f0cb 4be839015bd25b70851f2568795632b7 a862b4f752f2be0ae37eb3eb09e709cf d4a3111a5faf259cd8030d4d1ee30183 3210a033fd82cfb3a9a33d20ff2d5b63 8f646fceffa1d7395055c8b8d91f441e d5f607c88c9ec11d08fcf239fb98af91 546b07881b9268bab6eacbf83f381078 b5e9cdb4299ba235edfa5e2d33ccc359 8ea616e5a196a63a67a210134bbb4f68 b4e81b116ba21cd72e0c9f439a1d2f1c 026feb504831f32e2d34a33399616b62 0fda401e8867fcdfc7ff364ae76ee8b0 be0633d33c9c08baba83b82436c55ac5 6533d9d8acbc65856d7fbeef6dead46b 9cf9310441ffbd502d6439dc2d7de6b9 SUSE LINUX 10.0: 1e0de6a51def77aac177bce9d5e82b1b 8e1122f9fe744a1f03d6566fd6f93130 ddb89672b22e2b300fc7991c236b7db4 5414044cdda8fb4a7ae550151fd21cdf 50baf6b9757589519224c7a87572eb7c 98d938b23a28b90d3d099f02f3f2b6c4 7a4d0ed6213f52cc1a045e3fbb207f08 561e2a171e05fff93948ac16067b478d 7a1fdd00365891457d05d8bd0715c108 74bdcd4636cdae23ab0d6007eb0c8a69 2f2ce3fea7ca6ba5e32584419fb3fc41 3ca43e4bbfaaa59e344bb034b1190231 6cfcaf4311f1176b74cd77df4a9557a7 58d43be831da6ac171afa3c44633712b 12a56931c439fe28f41d143c7d46cf06 632e238add83943445527286ad2a4786 003b14cc6b68249847509ba343c2ae7e 5bff13f4271cf1b0c39a3c093137b3fd 08893a7b87a44dd7a58c568a66bde2fc 10e6adbef4230e1433663e66e76ab097 f726b6f72e2ba22ff2140d4d3369041e b366024861fd8b449976e4cc3df2f5bf 24ce6fbfc7cfbdb0c32d5f0fcdbb83b4 21fa1feb4c1e92caf293b0a4d212f7e4 06641522ee0439da6478803f3164343e 58d37498fac28dd0b9d4acf11769cffe 0d3bfef80261caf193d0f87b19c5b7f7 28a9435f7292a94868c071b9bd5a12fc c4775839ea0e3b6a4ca44e26847f2945 1b80b850f9f1df3cc8cdb81e86133040 c104825999f8576717ce03e6f9ce19ee 188457c92de4703458cc1124933dd0a4 8a3451cccafc2cc843b64bc860042e42 53f7615b8cb7d6cbe052884507f2f7b0 552f17b1e803ecdd2444598bb0b6f685 d26fd9c0b6f962bc8a9e3b7562c1290d SUSE LINUX 9.3: 643f1e34da10a3bed2d1f9c1e4712538 efdeea1303dc872a40be3b87da46ad15 70ca20f6c1162bcf99aac25c91afc858 b6d3df5f0be0beb4b4c6c3fed43cef0e c952654ac95199cedf6e864692769287 2f711da5b9a6cec7c5ede1ca9cab987f ef7677be40f12c666c8cc64f9cc53f15 03097a89737b2d761db59956f3f2a84c b3329ee06339347236804faacdda05fd 44eaf0ed40023787e2d4225b45493244 2d93762abd94bbe4d6a3915003808f82 b47f6a22a04b593651c2a4caf8193ddb 85f0b820820978a1f9ca9c4df8d6d6c8 a33d2d4ec99a423c3b04a879d871454f c44f66156b0fa4e42539f97e6e3d07e2 8cf0b1691ae76361efee324ccf620bae ab41eb2df74f43b2337f04b28b0ac636 d2f0e45577ba78bacb35b6b756c19921 75c441f0b1367f8fadb325f9e6a7d15f a48a71f3e3868dfb06516aa55ef2d5a4 c29a4230f4b262db4722a48b8c275d1c a63d4f4c97883ef4eb77220db27d9dbf 05e617f0bb42e7d91136e919816c23f6 ef857806b3a69116353805102fdc8bc3 1e24ec771dfaa282a53cc56b099c931f 2d828e49145419252f146eaee1f9bbd9 07f89108dfce4d2a11d1605ad9504db7 ca6b86f0a359b76c2d43c9d11ce0e28a def26aa2782932d03212a32d2014ebef 7e2160498dea91361182cc9da7358603 323de649e6ca3caf0650986fb1589f6f d415f8cd5b92d425187c8041ce124471 5dbfb8fb07bb68fdbc1c32a7bc2febf8 b53f94ba9fe43ec528dbd9a588d424bd 1cd948197a375bb6be6648863e1b8634 12b0ed1aa4abf7fecc50abb2f0515508 d56c7f2dfa51306646b19be686a51ec5 daef780694c53520262f443007455379 ebd520248c18d2cbf0f5809b20f8698f 318cac7311b10d8755a48e9fa3964b68 SUSE LINUX 9.2: c2b8e562ff87dc6bce395a24ce3a9b47 2028fcf513906981769e27cc4949954c a97865f41d9f9e706c2d2ae44edb7f55 a3c90067b86988feeffb8d8eee11ab8e 1f0e7435cd4392fe11774c220f3edd72 87c63bcb25656f5a6b5e20a47469fcba 3d49718bfd1a093a55bbfb0fb3d9d67e e6651814510fccf90f4cc173dad1ef1a 69958c72bded1f197491cf3aca1543d8 dbd2ee8bb34c64858424cd7af03a6f11 edaec833274625b6d856be99fb9a20cd 9dde75c674d247bcc86262b326cfd453 85d4d54a73e9a7be57edc801b0265037 f3af7b261a32714e31d980581e9abed5 714bfc397e7de8d5c5d5ece6a0e5d6e0 8fd2ce4a48d75e9e87f829a7f1a5fe5f Sources: SUSE LINUX 10.1: cc6bc61b1b20c8f0e9d5028fff7f6d24 SUSE LINUX 10.0: f0517a98aa6a2e438ea1df08749526fb 479e3a8ce7006d0da2ff0cbc652a8820 SUSE LINUX 9.3: 78f103b7127ae5c1fa0721f8522109fb c59645d70437725b056d757c50313e2c SUSE LINUX 9.2: 17b174a8f31e0694ed22445e385b2b4b Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.html SLE SDK 10 http://support.novell.com/techcenter/psdb/f432b71f2a461b7fdaa41fe183b0cf96.html UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/f605f6450308ab2167b3807a3ec3f6e5.html Open Enterprise Server http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/18ce0ef65eb3f8c4c6da71f27f4397cf.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: - MozillaFirefox The previous MozillaFirefox update was erroneously compiled with debug options enabled which caused slowdowns and excessive amount of logging. Updated packages with disabled debug options are now available. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of the rpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement. 2) If you need an alternative means of verification, use the md5sum command to verify the authenticity of the packages. Execute the command md5sum after you downloaded the file from a SUSE FTP server or its mirrors. Then compare the resulting md5sum with the one that is listed in the SUSE security announcement. Because the announcement containing the checksums is cryptographically signed (by security@suse.de), the checksums show proof of the authenticity of the package if the signature of the announcement is valid. Note that the md5 sums published in the SUSE Security Announcements are valid for the respective packages only. Newer versions of these packages cannot be verified. - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to . suse-security-announce@suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to . For general information or the frequently asked questions (FAQ), send mail to or . ==================================================================== SUSE's security contact is or . The public key is listed below. ====================================================================

Get the Latest News & Insights

SuSE: 2006-059: php4,php5 Security Update

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By