Nepravilnosti paketa PHP5

Otkrivena su dva sigurnosna propusta u paketu PHP5 koja omogućuju izvođenje XSS napada i krađu Internetske sjednice.

Paket:	PHP 5.0.x
Operacijski sustavi:	SUSE Linux Enterprise Server (SLES) 10
Kritičnost:	3.7
Problem:	neodgovarajuća provjera ulaznih podataka, pogreška u programskoj funkciji, XSS
Iskorištavanje:	udaljeno
Posljedica:	otkrivanje osjetljivih informacija, umetanje proizvoljnih podataka u zaštićenu sjednicu, zaobilaženje postavljenih ograničenja
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-1398, CVE-2011-4388
Izvorni ID preporuke:	SUSE-SU-2012:1210-1
Izvor:	SUSE

Problem:
Ranjivost se javlja unutar funkcije "sapi_header_op" koja nepravilno obrađuje ulazne nizove i omogućuje zaobilaženje zaštitnih mehanizama.
Posljedica:
Zlonamjerni korisnik bi mogao izvesti XSS napad te krađu Internetske sjednice.
Rješenje:
Svim se korisnicima savjetuje instalacija nadogradnje.

Izvorni tekst preporuke

   SUSE Security Update: Security update for PHP5
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1210-1
Rating:             important
References:         #778003 
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SLE SDK 10 SP4
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:


   This update fixes header code injection issues in PHP5
   (CVE-2011-1398 and  CVE-2011-4388).



Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      apache2-mod_php5-5.2.14-0.40.1
      php5-5.2.14-0.40.1
      php5-bcmath-5.2.14-0.40.1
      php5-bz2-5.2.14-0.40.1
      php5-calendar-5.2.14-0.40.1
      php5-ctype-5.2.14-0.40.1
      php5-curl-5.2.14-0.40.1
      php5-dba-5.2.14-0.40.1
      php5-dbase-5.2.14-0.40.1
      php5-devel-5.2.14-0.40.1
      php5-dom-5.2.14-0.40.1
      php5-exif-5.2.14-0.40.1
      php5-fastcgi-5.2.14-0.40.1
      php5-ftp-5.2.14-0.40.1
      php5-gd-5.2.14-0.40.1
      php5-gettext-5.2.14-0.40.1
      php5-gmp-5.2.14-0.40.1
      php5-hash-5.2.14-0.40.1
      php5-iconv-5.2.14-0.40.1
      php5-imap-5.2.14-0.40.1
      php5-json-5.2.14-0.40.1
      php5-ldap-5.2.14-0.40.1
      php5-mbstring-5.2.14-0.40.1
      php5-mcrypt-5.2.14-0.40.1
      php5-mhash-5.2.14-0.40.1
      php5-mysql-5.2.14-0.40.1
      php5-ncurses-5.2.14-0.40.1
      php5-odbc-5.2.14-0.40.1
      php5-openssl-5.2.14-0.40.1
      php5-pcntl-5.2.14-0.40.1
      php5-pdo-5.2.14-0.40.1
      php5-pear-5.2.14-0.40.1
      php5-pgsql-5.2.14-0.40.1
      php5-posix-5.2.14-0.40.1
      php5-pspell-5.2.14-0.40.1
      php5-shmop-5.2.14-0.40.1
      php5-snmp-5.2.14-0.40.1
      php5-soap-5.2.14-0.40.1
      php5-sockets-5.2.14-0.40.1
      php5-sqlite-5.2.14-0.40.1
      php5-suhosin-5.2.14-0.40.1
      php5-sysvmsg-5.2.14-0.40.1
      php5-sysvsem-5.2.14-0.40.1
      php5-sysvshm-5.2.14-0.40.1
      php5-tokenizer-5.2.14-0.40.1
      php5-wddx-5.2.14-0.40.1
      php5-xmlreader-5.2.14-0.40.1
      php5-xmlrpc-5.2.14-0.40.1
      php5-xsl-5.2.14-0.40.1
      php5-zlib-5.2.14-0.40.1

   - SLE SDK 10 SP4 (i586 ia64 ppc s390x x86_64):

      apache2-mod_php5-5.2.14-0.40.1
      php5-5.2.14-0.40.1
      php5-bcmath-5.2.14-0.40.1
      php5-bz2-5.2.14-0.40.1
      php5-calendar-5.2.14-0.40.1
      php5-ctype-5.2.14-0.40.1
      php5-curl-5.2.14-0.40.1
      php5-dba-5.2.14-0.40.1
      php5-dbase-5.2.14-0.40.1
      php5-devel-5.2.14-0.40.1
      php5-dom-5.2.14-0.40.1
      php5-exif-5.2.14-0.40.1
      php5-fastcgi-5.2.14-0.40.1
      php5-ftp-5.2.14-0.40.1
      php5-gd-5.2.14-0.40.1
      php5-gettext-5.2.14-0.40.1
      php5-gmp-5.2.14-0.40.1
      php5-hash-5.2.14-0.40.1
      php5-iconv-5.2.14-0.40.1
      php5-imap-5.2.14-0.40.1
      php5-ldap-5.2.14-0.40.1
      php5-mbstring-5.2.14-0.40.1
      php5-mcrypt-5.2.14-0.40.1
      php5-mhash-5.2.14-0.40.1
      php5-mysql-5.2.14-0.40.1
      php5-ncurses-5.2.14-0.40.1
      php5-odbc-5.2.14-0.40.1
      php5-openssl-5.2.14-0.40.1
      php5-pcntl-5.2.14-0.40.1
      php5-pdo-5.2.14-0.40.1
      php5-pear-5.2.14-0.40.1
      php5-pgsql-5.2.14-0.40.1
      php5-posix-5.2.14-0.40.1
      php5-pspell-5.2.14-0.40.1
      php5-shmop-5.2.14-0.40.1
      php5-snmp-5.2.14-0.40.1
      php5-soap-5.2.14-0.40.1
      php5-sockets-5.2.14-0.40.1
      php5-sqlite-5.2.14-0.40.1
      php5-suhosin-5.2.14-0.40.1
      php5-sysvmsg-5.2.14-0.40.1
      php5-sysvsem-5.2.14-0.40.1
      php5-sysvshm-5.2.14-0.40.1
      php5-tidy-5.2.14-0.40.1
      php5-tokenizer-5.2.14-0.40.1
      php5-wddx-5.2.14-0.40.1
      php5-xmlreader-5.2.14-0.40.1
      php5-xmlrpc-5.2.14-0.40.1
      php5-xsl-5.2.14-0.40.1
      php5-zlib-5.2.14-0.40.1


References:

   https://bugzilla.novell.com/778003
  
http://download.novell.com/patch/finder/?keywords=fc148b307277a068b432ffd08c765241

-- 
To unsubscribe, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
For additional commands, e-mail: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.

Nepravilnosti paketa PHP5

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Nepravilnosti paketa PHP5

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti