SUSE liberó varias actualizaciones para php4 y php5. Estas reparan varias vulnerabilidades, que pueden explotarse para comprometer un sistema vulnerable.
SUSE Security Announcement
SUSE-SA:2005:049
SUSE Linux 9.0 | php4 | < | 4.3.10 |
SUSE Linux 9.1 | php4 | < | 4.3.10 |
SUSE Linux 9.2 | php4 | < | 4.3.10 |
SUSE Linux 9.3 | php4 | < | 4.3.10 |
SUSE Linux 9.3 | php5 | < | 5.0.3 |
SUSE liberó varias actualizaciones para php4 y php5. Estas reparan varias vulnerabilidades, que pueden explotarse por personas maliciosas para comprometer un sistema vulnerable.
Errores en la librería PEAR::XML_RPC permitén a atacantes remotos pasar código PHP arbitrario a la función eval(). (CAN-2005-1921, CAN-2005-2498).
SUSE Linux no utiliza la librería PEAR::XML_RPC, pero podría ser utilizada por aplicaciones PHP de terceros.
Ver:
Vulnerabilidad de ejecución de código PHP en PEAR XML_RPC.
Ejecución de código PHP en etiquetas XML anidadas de PEAR XML_RPC.
Se encontro un desbordamiento de variable en la librería PCRE (perl compatible regular expresión) que podría permitir a un atacante la ejecución de código. (CAN-2005-2491)
Negación de Servicio (DoS).
Acceso al sistema.
Aplicar los paquetes actualizados.
x86 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.9.i586.rpm
f4e6d7578b6ae62a0b49989a3be4ef4b
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.9.i586.rpm
79bb1fdc66068aba68a253d16a02f471
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.9.i586.rpm
08708573a0dee6ea412f7afc0d472244
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.9.i586.rpm
ffc0d7f665be377b1c9450f16d8b0b35
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.9.i586.rpm
44bbb9ec8f40b92030a591a718312ce1
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-exif-4.3.10-14.9.i586.rpm
081168bede1cc4409c17fe71ea891f6e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.9.i586.rpm
f6beca45181a6f92cba938b6b1009b39
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-pear-4.3.10-14.9.i586.rpm
c35765443f99ee337e8df8b54414ef74
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.9.i586.rpm
9681a8e5dd6db224689d8e5dc6f07aff
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.9.i586.rpm
9f18c0bce655a1eda2fa9db9cb703e68
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.9.i586.rpm
d39bb57b5df06dc64e3cc5cf484c030c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.9.i586.rpm
514561227c94e8af808dfb9d47a8143a
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-exif-5.0.3-14.9.i586.rpm
a08670d24ea2af4e22425b9879804fa9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.9.i586.rpm
9c374d9ed218a85399d5a529f8f97417
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-pear-5.0.3-14.9.i586.rpm
4cba59009162137d5e4a79f0c355ec15
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.9.i586.rpm
a31dd5f81ebe25fc69b4a3a29321fed9
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.9.i586.rpm
4b1cf3f9ccfc1f4a546f188768a54da2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.4.x86_64.rpm
4cddafbceded22b220e48542f6371337
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.12.i586.rpm
b5f30d4fcad5a1f8a3e5dfc9db519914
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.12.i586.rpm
eed1a644b3908e719d81359b96ef4244
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.12.i586.rpm
3a9fd735f7897fb97be921dee4afe850
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.12.i586.rpm
6145bf500d49378b1f7cd5441612ad92
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-exif-4.3.8-8.12.i586.rpm
38c72905c9c47a6ab680faa781927020
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.12.i586.rpm
8483c7ce1b73710f03120fb7cf009740
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-pear-4.3.8-8.12.i586.rpm
202af06b5ee93fd667a7484d01c3089b
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.12.i586.rpm
498f23a90eab4da6a06de67e44a84014
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.12.i586.rpm
254f0ee5ac6d04f244a8cfd171fdff57
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200508260320.x86_64.rpm
528b00aeb3433f5829cd070a84cfeeb9
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.41.i586.rpm
214e4ef40cb48c998342995cac9d04b8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.41.i586.rpm
f2d4e625ea55fa7ead3a754238ca7078
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.41.i586.rpm
fabfae99a0462b49ec5f1109cd6820a9
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.41.i586.rpm
ca1aaef816f44495a90d4fb487a26524
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.41.i586.rpm
66fe3a880315e1de5d408a5dcaca3680
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-exif-4.3.4-43.41.i586.rpm
c21383cbc809a455c7eff45b8f533f52
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.41.i586.rpm
21363ed91ae437ca66a97ba597c2529c
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.41.i586.rpm
ebdd8e83894392f455f57f8bf96022ea
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.41.i586.rpm
f6bf0f02c69fe67d2b229000bb5c93de
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-pear-4.3.4-43.41.i586.rpm
a2b8fbb9a6f9720e332d311096280aa8
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.41.i586.rpm
7a82acc19b8817a5b80e87bacfab33c7
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.41.i586.rpm
654aa331a6353a34937d6688f8cb6d36
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.41.i586.rpm
fd388995234e536a8d72983f3eb51ce1
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.41.i586.rpm
d47c5fee9862e92daa317f48f3337b28
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.41.i586.rpm
29bd1f214d830de2f70c093ad428452b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.41.src.rpm
dd586cc978292519a290d27439a9da28
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-194.i586.rpm
72dc636b72a3e8b8703eb3d6b770ca61
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-194.i586.rpm
a0934b5d7f27d2d86a9587dd5981e550
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserver-4.3.3-194.i586.rpm
8a9553c2157af21753305fc013bd4b75
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-194.i586.rpm
9dce9a4f911cd1deed07096d5c5be00a
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-devel-4.3.3-194.i586.rpm
5fab53be54518170d3885459ee51232f
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet-4.3.3-194.i586.rpm
fd0e4d8d4a938711bc2a93c50a5a1be9
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-194.src.rpm
f9f22aee983bbb30e2a10b4343155587
x86-64 Platform:
SUSE Linux 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3.10-14.9.x86_64.rpm
a3566598438cadf224fd5b1a126a6024
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0.3-14.9.x86_64.rpm
c6186821c83c329729f282fb8ca34be8
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3.10-14.9.x86_64.rpm
ac65da1e1109543f424e6abb1fa99201
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.9.x86_64.rpm
70c628abfaef3a4749c4683a9fa6de25
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14.9.x86_64.rpm
3dde57064fcec2d5fbb5eb8397174f43
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-exif-4.3.10-14.9.x86_64.rpm
be6b952045156e8e39286cf31567f8c2
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-14.9.x86_64.rpm
afcaf39f5dd99859f789e68d8183895d
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-pear-4.3.10-14.9.x86_64.rpm
62d056349b1fffe351fb0d88c3d69905
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-14.9.x86_64.rpm
1352247dee304526e024d8c4132fc04c
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-14.9.x86_64.rpm
0b76af3f88a4482fc59b3e7ddba60ebd
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.9.x86_64.rpm
915b53c32abeff07e509c7480946ba40
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.9.x86_64.rpm
99df6f9e22a93b0ae6a07689d04af43e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-exif-5.0.3-14.9.x86_64.rpm
e0cdc636f1234231653f0cdc354272be
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-14.9.x86_64.rpm
6c25772c43098d4ceeba2637a06b21a0
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-pear-5.0.3-14.9.x86_64.rpm
2621bf4f9a6582135e10e60861c16c73
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-14.9.x86_64.rpm
7a008af048763a61e05b5d90c94cdaa7
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-14.9.x86_64.rpm
408072d7b235721984593b2daf4cc56f
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.9.src.rpm
2becfb1be4d621a677305153b6aeb04e
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.9.src.rpm
2ec1cf29732840e136d7291677a58c46
SUSE Linux 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.12.x86_64.rpm
b138dceb7fbc705676fc37c1959a7265
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3.8-8.12.x86_64.rpm
d8b17ce13cc0ffd38ab340d1374c27e9
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.12.x86_64.rpm
89572dce1437f77010f224dde5f77b84
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.12.x86_64.rpm
af4ef7e10f30648c8d6397b3453eade5
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-exif-4.3.8-8.12.x86_64.rpm
138673e37f145774abb545ff17b2d873
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8.12.x86_64.rpm
0af41c67a8a227f2e59d47530b79aef4
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-pear-4.3.8-8.12.x86_64.rpm
a267c09190f6782bd408f3b9d451755f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8.12.x86_64.rpm
400df3b11703fba3c363cb6cfd90425f
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8.12.x86_64.rpm
a0b37ffe882338dd6ed727fd657f7180
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.12.src.rpm
b987cb8e60e74cac76b83a6b85092a13
SUSE Linux 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.41.x86_64.rpm
1088ec323766692fdf30252386dd17d5
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.41.x86_64.rpm
b32bec6f686d83cdff538c661c9bd693
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4.3.4-43.41.x86_64.rpm
6a4a2ee9725a7cbeda50f0bf3c30e1b0
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.41.x86_64.rpm
eaace43d9273a5fbf79fa47af64cb764
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-43.41.x86_64.rpm
23ea7c1d4f9d4088201a39106062a169
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-exif-4.3.4-43.41.x86_64.rpm
dd0df0fc61f5331bb7fa8d2fff929cff
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4-43.41.x86_64.rpm
e14efdeda23c06aac65e55db83555328
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43.41.x86_64.rpm
1a81b3b1c7b6562c330e5fd8afb33489
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-43.41.x86_64.rpm
4e5afde23ba37c5c83bcd2f4ea23e5a4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-pear-4.3.4-43.41.x86_64.rpm
3ec4a646f4254293af2423b1690e68c3
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-43.41.x86_64.rpm
70de23feb7e561f4f9225d82dd51ff6f
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4-43.41.x86_64.rpm
de543ba0db1f755f16afa77a1ad6ad06
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4-43.41.x86_64.rpm
973fcbda433eb8187b426ec93e8fefb2
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4-43.41.x86_64.rpm
42c4cc25a00aa42b83aad8be9cbcc265
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43.41.x86_64.rpm
5941a332be13d1a602d6bb2e48c7b188
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.41.src.rpm
2e021c18d66c00989a1fe019cb241064
SUSE Linux 9.0:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-194.x86_64.rpm
c83318085caf523c2a4afcf7e707aaf4
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-194.x86_64.rpm
f10309b963b542c0dedb3533c139bc9a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aolserver-4.3.3-194.x86_64.rpm
19c7918452fdaee52677f3a7adad2863
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-194.x86_64.rpm
deebef74b38aca7af032deec065a8f5e
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-devel-4.3.3-194.x86_64.rpm
9979f459d175849bd4eda540a8044c3a
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-servlet-4.3.3-194.x86_64.rpm
f15b60a9766e6d9fd405a854e71e9809
source rpm(s):
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-194.src.rpm
5bb5ca24643ef02c1e9b645a2656670c
Mayor información.
http://www.novell.com/La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:
UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información
incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47
Aviso legal |
Créditos |
Staff |
Administración
Copyright © Todos los derechos reservados
UNAM - CERT