-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2006-38 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 20 Nov 2006 Last revised: 20 Nov 2006 Package: php Summary: Multiple vulnerabilities in php More information: PHP is an HTML-embedded scripting language. The multiple vulnerabilities exist in php. Impact: Please refer to the "References" section. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server Source Packages Size: MD5 php4-4.3.11-8.src.rpm 12522275 65b543a5521e9878042427a5c35ac48a Binary Packages Size: MD5 php4-4.3.11-8.i586.rpm 5362181 d069e7a96ffc7d1de27edfd3e65f1cbf php4-gd-4.3.11-8.i586.rpm 47185 e7a255463281ff3ca2d1ec47056dc420 php4-imap-4.3.11-8.i586.rpm 12626 5d902f25b026e5d2d51641646fe02762 php4-ldap-4.3.11-8.i586.rpm 35981 7c35b7212f269eeaa6007b63c406de5f php4-manual-4.3.11-8.i586.rpm 7504283 0f17f533b985dd19dd8cf4a2378a650a php4-ming-4.3.11-8.i586.rpm 47418 5f7e75f47225abe51eb4076bf734ab76 php4-mysql-4.3.11-8.i586.rpm 123108 72b038159e00aed8f116ba90e93d925b php4-pgsql-4.3.11-8.i586.rpm 72660 1c513a7b5e15cd3f2aaec325deda0467 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/php4-4.3.9-14.src.rpm 12369268 8fbbdcb37bd07c9f47dcba00a9d7aad8 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-4.3.9-14.x86_64.rpm 5475330 ee95f19dec726606e6ca81db80df9094 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-debug-4.3.9-14.x86_64.rpm 6575353 43c88277b737d978f9d9f2de965ff6c1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-gd-4.3.9-14.x86_64.rpm 50893 f874051cc178998aeea8a03e0a18530a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-imap-4.3.9-14.x86_64.rpm 11253 78d60e81f49584271c05e0db18f00f3e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ldap-4.3.9-14.x86_64.rpm 39147 dd201ae6ec833b5412a8a282e4ff038a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-manual-4.3.9-14.x86_64.rpm 7502600 f1ddfa81b8e00e6ab8280ae206af15c6 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ming-4.3.9-14.x86_64.rpm 51179 c94d646dabddb6200cb7deb40a8cdc72 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-mysql-4.3.9-14.x86_64.rpm 134461 ad9e712a61c28b2b1dd81afb611cd0e2 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-pgsql-4.3.9-14.x86_64.rpm 76120 8e0c29656eac756f7230753d46617cf5 Source Packages Size: MD5 php-4.2.3-35.src.rpm 3612554 9d33c7977515c49c842718f564aa7b23 Binary Packages Size: MD5 php-4.2.3-35.i586.rpm 1633550 72009920ca8f383229d686733fc29972 php-gd-4.2.3-35.i586.rpm 32287 c4898eaa9ee87afa1a8168aa9791e1d1 php-imap-4.2.3-35.i586.rpm 10120 ebf32ae1c8bd215fdad12ae4f3c69b40 php-ldap-4.2.3-35.i586.rpm 25563 fbfd8b891bdbcb94f7775a019f081cdd php-manual-4.2.3-35.i586.rpm 342663 80444d31e66575493951772ef17998b7 php-ming-4.2.3-35.i586.rpm 34164 c81970170ab386bf548c2780ffa6208c php-mysql-4.2.3-35.i586.rpm 91745 fed57c7b4687bdb97eef84fb9d3c8427 php-pgsql-4.2.3-35.i586.rpm 36402 b71e2f655ff4a143ca3d2a17fdf65ad2 Source Packages Size: MD5 php-4.2.3-35.src.rpm 3612554 b4444480c4d4fa0e5ddfbf924dc4f2f2 Binary Packages Size: MD5 php-4.2.3-35.i586.rpm 1634374 876c6aad59b1cb4ae138b2ca91c5328d php-gd-4.2.3-35.i586.rpm 32444 ef155635f57f489decafde722c21f8ab php-imap-4.2.3-35.i586.rpm 10263 a31ef9b6e0a2a20f4bf3e28c35c23f45 php-ldap-4.2.3-35.i586.rpm 25722 8b5c57089646c6d787efb06ab0251c0f php-manual-4.2.3-35.i586.rpm 342774 c54c502b6412db8dc0a754fe30a60df4 php-ming-4.2.3-35.i586.rpm 34292 93e2a9e2221357e3030230b3f4bbc75a php-mysql-4.2.3-35.i586.rpm 91898 2944f92ad8322278876b0b1278054b59 php-pgsql-4.2.3-35.i586.rpm 36547 800c6b2048a1bff5227cf309ca2fa78c Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.11-8.src.rpm 12522275 65b543a5521e9878042427a5c35ac48a Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-4.3.11-8.i586.rpm 5362181 d069e7a96ffc7d1de27edfd3e65f1cbf ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-debug-4.3.11-8.i586.rpm 6442687 8a6ec780d80da613e6182d51c432a87a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-gd-4.3.11-8.i586.rpm 47185 e7a255463281ff3ca2d1ec47056dc420 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-imap-4.3.11-8.i586.rpm 12626 5d902f25b026e5d2d51641646fe02762 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ldap-4.3.11-8.i586.rpm 35981 7c35b7212f269eeaa6007b63c406de5f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-manual-4.3.11-8.i586.rpm 7504283 0f17f533b985dd19dd8cf4a2378a650a ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-ming-4.3.11-8.i586.rpm 47418 5f7e75f47225abe51eb4076bf734ab76 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-mysql-4.3.11-8.i586.rpm 123108 72b038159e00aed8f116ba90e93d925b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/php4-pgsql-4.3.11-8.i586.rpm 72660 1c513a7b5e15cd3f2aaec325deda0467 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-20.src.rpm 4196792 0017f78d4c3c16ae05614a3ed37fb79e Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-20.i586.rpm 3408800 cdb760bc3554922d8d0111139859afc1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-20.i586.rpm 31823 64d68f73d095864f07eb09005c8a417e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-20.i586.rpm 10380 b6303066eb8a07f9d8d672b631fe1870 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-20.i586.rpm 24771 7f6e30d5811fc2f70ef8816a665e6cea ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-20.i586.rpm 342778 c2eadbe77642b547be1ba1ecd3790371 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-20.i586.rpm 31277 8737fe7f3f5cb7b6b22d95225f1ac7af ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-20.i586.rpm 82251 9c867d5343f501ad16c0c027b71746ab ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-20.i586.rpm 48817 7f18ec28a1b656cb2f3e1c8ee2f2d386 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/php-4.2.3-35.src.rpm 3612554 2319f2446d1bf1e2e94ed339c503186f Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-4.2.3-35.i586.rpm 1633776 7c8836113c53329ef43a918ed7f1317e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-gd-4.2.3-35.i586.rpm 32353 69b24bccb34de91b56d21cad718bb032 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-imap-4.2.3-35.i586.rpm 10218 489152a6a716269290e3bbcdd9d75d66 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ldap-4.2.3-35.i586.rpm 25656 1976db7eed969b54b31f609c08a28e27 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-manual-4.2.3-35.i586.rpm 342744 3f4ec0a6d453badd2f641ee4766dcfbc ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-ming-4.2.3-35.i586.rpm 34226 9c04e849d6f638a0c426b65d226b18fe ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-mysql-4.2.3-35.i586.rpm 91835 22ff1905ff5395e9edd5a1e7db4b2ac4 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/php-pgsql-4.2.3-35.i586.rpm 36467 b1dc9f02d77f80d3af4b2a4298600806 References: CVE [CVE-2005-3353] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 [CVE-2005-3388] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 [CVE-2005-3389] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 [CVE-2005-3883] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883 [CVE-2006-1990] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 [CVE-2006-2657] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2657 [CVE-2006-3016] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016 [CVE-2006-4482] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482 [CVE-2006-4484] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484 [CVE-2006-4486] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486 [CVE-2006-4625] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625 [CVE-2006-5178] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178 [CVE-2006-5465] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 -------------------------------------------------------------------------- Revision History 20 Nov 2006 Initial release -------------------------------------------------------------------------- Copyright(C) 2006 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFFYS+0K0LzjOqIJMwRAhMgAKCJWhuEQ4N/1wmc6YG45ifzDkCP+ACgpOD3 cPpUMr8/IQhm4ddxVgfp+P8= =mGI5 -----END PGP SIGNATURE-----