-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2007-11 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 28 Feb 2007 Last revised: 28 Feb 2007 Package: php Summary: Buffer overflow More information: PHP is an HTML-embedded scripting language. Buffer overflow vulnerability exists in php GD Graphics Library. Impact: This vulnerability may allow remote attackers to execute arbitrary code via a crafted string with a JIS encoded font. Affected Products: - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal Source Packages Size: MD5 php4-4.3.11-10.src.rpm 12522722 7dac8c434ed80a6e27aa9e59584b473e Binary Packages Size: MD5 php4-4.3.11-10.i586.rpm 5360755 12d37116eb1b4ee3191662ce56d8e7ec php4-gd-4.3.11-10.i586.rpm 47400 ff1046801594b896c6b197d230730b65 php4-imap-4.3.11-10.i586.rpm 12809 0511407be90ee9fc7efed9cc85caf06c php4-ldap-4.3.11-10.i586.rpm 36168 c207bb93afcd4f44f295d53669413a0a php4-manual-4.3.11-10.i586.rpm 7504084 17528b92e6f24ea36b2980e68971c10b php4-ming-4.3.11-10.i586.rpm 47597 3d2fb8e69a8fbc4e1aff246c2a8823d8 php4-mysql-4.3.11-10.i586.rpm 123493 9642371c62acb3595e4f66d3b853cbbb php4-pgsql-4.3.11-10.i586.rpm 72722 3c976ec6c455b3233a98a7a0c9005cb3 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/php4-4.3.9-15.src.rpm 12369640 6d3b874e93858d5bd43e0ef55d104ed7 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-4.3.9-15.x86_64.rpm 5476858 9483241f63037294e899256e96585949 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-debug-4.3.9-15.x86_64.rpm 6577964 5b94bc7f209b3d890c9c2f3f429cd1ec ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-gd-4.3.9-15.x86_64.rpm 51004 b1662e4bfc903670f4f3092bccea482e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-imap-4.3.9-15.x86_64.rpm 11367 e52432a43a1cb7b75059fc289103425e ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ldap-4.3.9-15.x86_64.rpm 39190 0eea2fa53f2da1e644ac4bc89a0db592 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-manual-4.3.9-15.x86_64.rpm 7502884 d2271a9151a089149543eab6ff29dd00 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ming-4.3.9-15.x86_64.rpm 51295 3da84d0aa895ed1e889e83119f622b21 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-mysql-4.3.9-15.x86_64.rpm 134598 d78ce08a56066395ca9cc55e1db739ef ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-pgsql-4.3.9-15.x86_64.rpm 76237 75c18a6c53d58f4ec345bf38868268a0 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.11-10.src.rpm 12522722 7dac8c434ed80a6e27aa9e59584b473e Binary Packages Size: MD5 php4-4.3.11-10.i586.rpm 5360755 12d37116eb1b4ee3191662ce56d8e7ec php4-debug-4.3.11-10.i586.rpm 6442907 df9f85275da3b04c56087594eb15d73e php4-gd-4.3.11-10.i586.rpm 47400 ff1046801594b896c6b197d230730b65 php4-imap-4.3.11-10.i586.rpm 12809 0511407be90ee9fc7efed9cc85caf06c php4-ldap-4.3.11-10.i586.rpm 36168 c207bb93afcd4f44f295d53669413a0a php4-manual-4.3.11-10.i586.rpm 7504084 17528b92e6f24ea36b2980e68971c10b php4-ming-4.3.11-10.i586.rpm 47597 3d2fb8e69a8fbc4e1aff246c2a8823d8 php4-mysql-4.3.11-10.i586.rpm 123493 9642371c62acb3595e4f66d3b853cbbb php4-pgsql-4.3.11-10.i586.rpm 72722 3c976ec6c455b3233a98a7a0c9005cb3 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-21.src.rpm 4197223 bf2533e85d18b4f37a0063d14a12884c Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-21.i586.rpm 3408820 9356fd085a41f059d717e37299237a53 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-21.i586.rpm 31884 369b9da9e15f2b284a3dafa308eb3969 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-21.i586.rpm 10496 af3e3362d06a5ff494944b78689b6404 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-21.i586.rpm 24867 cc94dfbfe2320d0aca30f5ec37d8562c ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-21.i586.rpm 342888 d068cdf026a5880c8ebea0c899fe1ec1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-21.i586.rpm 31384 44beb1f296bde3e07ef9303a8795cd67 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-21.i586.rpm 82396 2583d946780b5d61b411287a813b4985 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-21.i586.rpm 48884 fb0d9f660d54c495b6f51c82f2f16ae0 References: CVE [CVE-2007-0455] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 -------------------------------------------------------------------------- Revision History 28 Feb 2007 Initial release -------------------------------------------------------------------------- Copyright(C) 2007 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFF5SwEK0LzjOqIJMwRAuDdAJ9L0l0XoncZPUjKEQWwyI0jofAtYwCeI3l4 p0MX7rx6iEBovE7IHklOGmo= =oiZN -----END PGP SIGNATURE-----