Yellow Dog Linux Security Announcement -------------------------------------- Package: php Issue Date: December 27, 2002 Priority: low Advisory ID: YDU-20021227-12 1. Topic: Updated php packages are available. 2. Problem: "PHP versions up to and including 4.2.2 contain vulnerabilities in the mail() function allowing local script authors to bypass safe mode restrictions and possibly allowing remote attackers to insert arbitrary mail headers and content into the message. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. The mail function in PHP 4.x to 4.2.2 may allow local script authors to bypass safe mode restrictions and modify command line arguments to the MTA (such as Sendmail) in the fifth argument to mail(), altering MTA behavior and possibly executing arbitrary local commands. The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy." Script authors should note that all input data should be checked for unsafe data by any PHP scripts which call functions such as mail(). [Note that this PHP errata] enforces memory limits on the size of the PHP process to prevent a badly generated script from becoming a possible source for a denial of service attack. The default process size is 8MB, though you can adjust this as you deem necessary through the php.ini directive memory_limit. For example, to change the process memory limit to 4MB, add the following: memory_limit 4194304" (from Red Hat advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install php b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/php-4.1.2-7.3.6a.ppc.rpm ppc/php-devel-4.1.2-7.3.6a.ppc.rpm ppc/php-imap-4.1.2-7.3.6a.ppc.rpm ppc/php-ldap-4.1.2-7.3.6a.ppc.rpm ppc/php-manual-4.1.2-7.3.6a.ppc.rpm ppc/php-mysql-4.1.2-7.3.6a.ppc.rpm ppc/php-odbc-4.1.2-7.3.6a.ppc.rpm ppc/php-pgsql-4.1.2-7.3.6a.ppc.rpm ppc/php-snmp4.1.2-7.3.6a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- 5392726193cb1550610fd987bdbd9d9d ppc/php-4.1.2-7.3.6a.ppc.rpm a335587dd9d230d068403eb9fd9ca20e ppc/php-devel-4.1.2-7.3.6a.ppc.rpm 3317e850a57bc4fef67555f69a92b95e ppc/php-imap-4.1.2-7.3.6a.ppc.rpm b091f3a2d644f4000897870551386a03 ppc/php-ldap-4.1.2-7.3.6a.ppc.rpm b5d580848e4843b8fc55ff2990031507 ppc/php-manual-4.1.2-7.3.6a.ppc.rpm 627a5b782e7a1954604d293c0b6aa1c6 ppc/php-mysql-4.1.2-7.3.6a.ppc.rpm dd268183f7072faabd9a0d31bdc0a3f0 ppc/php-odbc-4.1.2-7.3.6a.ppc.rpm b05cd35b14fb846984ad293672d986f2 ppc/php-pgsql-4.1.2-7.3.6a.ppc.rpm 557e71b8ab7c7be6e4ae6a1b9a5f823c ppc/php-snmp-4.1.2-7.3.6a.ppc.rpm 3aeb3e10d35a1e71e3b0cb686e6e1cff SRPMS/php-4.1.2-7.3.6a.src.rpm I wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml