-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2008-27 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date: 16 Jul 2008 Last revised: 16 Jul 2008 Package: php Summary: Multiple vulnerabilities exist in php More information: PHP is an HTML-embedded scripting language. Multiple vulnerabilities have been discovered in php. Affected Products: - Turbolinux Appliance Server 3.0 x64 Edition - Turbolinux Appliance Server 3.0 - Turbolinux 11 Server x64 Edition - Turbolinux 11 Server - Turbolinux Appliance Server 2.0 - Turbolinux 10 Server x64 Edition - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Multimedia - Turbolinux Personal Source Packages Size: MD5 php-5.2.4-14.src.rpm 7654138 f964003f5a46b71ed59a062c99e3c156 Binary Packages Size: MD5 php-5.2.4-14.x86_64.rpm 4161313 b7646bc9222f3f8d174026b5b0c862cc php-bcmath-5.2.4-14.x86_64.rpm 45905 b4f8d34858dae42048aff5af6e919b33 php-cli-5.2.4-14.x86_64.rpm 2627683 98000b006d135af3ff177ede99ca8af2 php-common-5.2.4-14.x86_64.rpm 283436 a970bc74850424fcec967f94c0344946 php-dba-5.2.4-14.x86_64.rpm 60558 aefd5bd106caf8f367d49d5f4f3d4a2e php-embedded-5.2.4-14.x86_64.rpm 1368404 88780fb57b0c764b39427fd3b96c3a71 php-gd-5.2.4-14.x86_64.rpm 212972 a7641b4c41baac65a573b9aea46752d0 php-imap-5.2.4-14.x86_64.rpm 86470 4fa49958e5ab4f77b7822ef03883f10f php-ldap-5.2.4-14.x86_64.rpm 50697 696e89c63e9f31f7beb21d86d54536f4 php-mbstring-5.2.4-14.x86_64.rpm 2163930 a8e1d359e173a8546814097dc57489af php-mcrypt-5.2.4-14.x86_64.rpm 38454 6f2adc9a32b786412f958325ed8ede14 php-mhash-5.2.4-14.x86_64.rpm 19747 36b23a4bdb48b2a5bb24c7b41ddf2f20 php-mssql-5.2.4-14.x86_64.rpm 53858 2b03d5f7b0a3a53dad7d967f0edaf9a3 php-mysql-5.2.4-14.x86_64.rpm 156796 fb54a4cce55b9a506f44a8b4bf2a329c php-ncurses-5.2.4-14.x86_64.rpm 60495 d17bc1a3d5b16be2ce228bf731b1b5ee php-odbc-5.2.4-14.x86_64.rpm 85072 2b9753dd46ced444445df7380bff9c84 php-pdo-5.2.4-14.x86_64.rpm 111411 a892f96abd095d442bc7181426c34ec6 php-pgsql-5.2.4-14.x86_64.rpm 122476 84ddbf98e1ac9fa7e4f100c0cdb707d5 php-snmp-5.2.4-14.x86_64.rpm 31267 04350243501c157ca2323ae562c25bfc php-soap-5.2.4-14.x86_64.rpm 270397 5f8a89a4db913447d86225b536088621 php-tidy-5.2.4-14.x86_64.rpm 45942 c82bef9cfa8ab8f7c473de5686c4a288 php-xml-5.2.4-14.x86_64.rpm 186979 27265d59cf105546488e0770b1b2130c Source Packages Size: MD5 php-5.2.4-14.src.rpm 7654138 f964003f5a46b71ed59a062c99e3c156 Binary Packages Size: MD5 php-5.2.4-14.i686.rpm 3831131 6fd20cc0a5d1404f34cb93e12ad8bf0d php-bcmath-5.2.4-14.i686.rpm 35849 ac6b0bc49a79016d7028c5d929a55e8d php-cli-5.2.4-14.i686.rpm 2485528 dd503570386f60621b9ea0441c7a3e17 php-common-5.2.4-14.i686.rpm 272501 73ab705d783ace7ddb4312f2783cf192 php-dba-5.2.4-14.i686.rpm 56196 6e5c8732c7f63e4e7c9b1900e9276ca4 php-embedded-5.2.4-14.i686.rpm 1260766 f6f1e29e018ba48e0ac85ee77f385e83 php-gd-5.2.4-14.i686.rpm 200311 47b677f0e2d0d5421bea4a2f22a45341 php-imap-5.2.4-14.i686.rpm 80153 a891423d2974de6d379a72137889bf28 php-ldap-5.2.4-14.i686.rpm 46407 35b4b738ad839866afc8ab0a241a76dc php-mbstring-5.2.4-14.i686.rpm 2123086 4323625116d360e076ae34d0b8922325 php-mcrypt-5.2.4-14.i686.rpm 32997 fd28d0a80027c4abbd991ef161a28664 php-mhash-5.2.4-14.i686.rpm 18955 c83f3b30731db37af12726608c60265b php-mssql-5.2.4-14.i686.rpm 50498 650e1c2216a621b56048053a835ccbb0 php-mysql-5.2.4-14.i686.rpm 139555 b1dbc8199e3e969611560b23c1c0891e php-ncurses-5.2.4-14.i686.rpm 54039 f79d4b40b1a5a235638b5591ca62f379 php-odbc-5.2.4-14.i686.rpm 77384 5ff163fb45c400e2be861aeab8b1cc11 php-pdo-5.2.4-14.i686.rpm 102776 30a43415bbd39066b94e00c440c1eadb php-pgsql-5.2.4-14.i686.rpm 111133 28e2bd4f8080990c108ac097f82bffe9 php-snmp-5.2.4-14.i686.rpm 28794 8b650d2c74114d586b739038ecf75704 php-soap-5.2.4-14.i686.rpm 266040 58ef5655cd8b3ad6027c6ee2675030d9 php-tidy-5.2.4-14.i686.rpm 42681 30bcbfbb39f3dc0eaca29a6eca1f85c0 php-xml-5.2.4-14.i686.rpm 164098 fc68665353f474a9f58c2172e4f62ee9 php-xmlrpc-5.2.4-14.i686.rpm 83417 8023678d125b9881cd1d49b8078bcc32 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/11/updates/SRPMS/php-5.2.4-14.src.rpm 7654138 f964003f5a46b71ed59a062c99e3c156 Binary Packages Size: MD5 php-5.2.4-14.x86_64.rpm 4161313 b7646bc9222f3f8d174026b5b0c862cc php-bcmath-5.2.4-14.x86_64.rpm 45905 b4f8d34858dae42048aff5af6e919b33 php-cli-5.2.4-14.x86_64.rpm 2627683 98000b006d135af3ff177ede99ca8af2 php-common-5.2.4-14.x86_64.rpm 283436 a970bc74850424fcec967f94c0344946 php-dba-5.2.4-14.x86_64.rpm 60558 aefd5bd106caf8f367d49d5f4f3d4a2e php-devel-5.2.4-14.x86_64.rpm 570135 6ff98f2e65d5d882212ee4f5d33941a7 php-embedded-5.2.4-14.x86_64.rpm 1368404 88780fb57b0c764b39427fd3b96c3a71 php-gd-5.2.4-14.x86_64.rpm 212972 a7641b4c41baac65a573b9aea46752d0 php-imap-5.2.4-14.x86_64.rpm 86470 4fa49958e5ab4f77b7822ef03883f10f php-ldap-5.2.4-14.x86_64.rpm 50697 696e89c63e9f31f7beb21d86d54536f4 php-mbstring-5.2.4-14.x86_64.rpm 2163930 a8e1d359e173a8546814097dc57489af php-mcrypt-5.2.4-14.x86_64.rpm 38454 6f2adc9a32b786412f958325ed8ede14 php-mhash-5.2.4-14.x86_64.rpm 19747 36b23a4bdb48b2a5bb24c7b41ddf2f20 php-mssql-5.2.4-14.x86_64.rpm 53858 2b03d5f7b0a3a53dad7d967f0edaf9a3 php-mysql-5.2.4-14.x86_64.rpm 156796 fb54a4cce55b9a506f44a8b4bf2a329c php-ncurses-5.2.4-14.x86_64.rpm 60495 d17bc1a3d5b16be2ce228bf731b1b5ee php-odbc-5.2.4-14.x86_64.rpm 85072 2b9753dd46ced444445df7380bff9c84 php-pdo-5.2.4-14.x86_64.rpm 111411 a892f96abd095d442bc7181426c34ec6 php-pgsql-5.2.4-14.x86_64.rpm 122476 84ddbf98e1ac9fa7e4f100c0cdb707d5 php-snmp-5.2.4-14.x86_64.rpm 31267 04350243501c157ca2323ae562c25bfc php-soap-5.2.4-14.x86_64.rpm 270397 5f8a89a4db913447d86225b536088621 php-tidy-5.2.4-14.x86_64.rpm 45942 c82bef9cfa8ab8f7c473de5686c4a288 php-xml-5.2.4-14.x86_64.rpm 186979 27265d59cf105546488e0770b1b2130c php-xmlrpc-5.2.4-14.x86_64.rpm 89673 c6f3e473d12354ccfa5692039cbe9322 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/11/updates/SRPMS/php-5.2.4-14.src.rpm 7654138 f964003f5a46b71ed59a062c99e3c156 Binary Packages Size: MD5 php-5.2.4-14.i686.rpm 3831131 6fd20cc0a5d1404f34cb93e12ad8bf0d php-bcmath-5.2.4-14.i686.rpm 35849 ac6b0bc49a79016d7028c5d929a55e8d php-cli-5.2.4-14.i686.rpm 2485528 dd503570386f60621b9ea0441c7a3e17 php-common-5.2.4-14.i686.rpm 272501 73ab705d783ace7ddb4312f2783cf192 php-dba-5.2.4-14.i686.rpm 56196 6e5c8732c7f63e4e7c9b1900e9276ca4 php-devel-5.2.4-14.i686.rpm 570432 48bc849b091b0a1a12a8863d0f0feb5c php-embedded-5.2.4-14.i686.rpm 1260766 f6f1e29e018ba48e0ac85ee77f385e83 php-gd-5.2.4-14.i686.rpm 200311 47b677f0e2d0d5421bea4a2f22a45341 php-imap-5.2.4-14.i686.rpm 80153 a891423d2974de6d379a72137889bf28 php-ldap-5.2.4-14.i686.rpm 46407 35b4b738ad839866afc8ab0a241a76dc php-mbstring-5.2.4-14.i686.rpm 2123086 4323625116d360e076ae34d0b8922325 php-mcrypt-5.2.4-14.i686.rpm 32997 fd28d0a80027c4abbd991ef161a28664 php-mhash-5.2.4-14.i686.rpm 18955 c83f3b30731db37af12726608c60265b php-mssql-5.2.4-14.i686.rpm 50498 650e1c2216a621b56048053a835ccbb0 php-mysql-5.2.4-14.i686.rpm 139555 b1dbc8199e3e969611560b23c1c0891e php-ncurses-5.2.4-14.i686.rpm 54039 f79d4b40b1a5a235638b5591ca62f379 php-odbc-5.2.4-14.i686.rpm 77384 5ff163fb45c400e2be861aeab8b1cc11 php-pdo-5.2.4-14.i686.rpm 102776 30a43415bbd39066b94e00c440c1eadb php-pgsql-5.2.4-14.i686.rpm 111133 28e2bd4f8080990c108ac097f82bffe9 php-snmp-5.2.4-14.i686.rpm 28794 8b650d2c74114d586b739038ecf75704 php-soap-5.2.4-14.i686.rpm 266040 58ef5655cd8b3ad6027c6ee2675030d9 php-tidy-5.2.4-14.i686.rpm 42681 30bcbfbb39f3dc0eaca29a6eca1f85c0 php-xml-5.2.4-14.i686.rpm 164098 fc68665353f474a9f58c2172e4f62ee9 php-xmlrpc-5.2.4-14.i686.rpm 83417 8023678d125b9881cd1d49b8078bcc32 Source Packages Size: MD5 php4-4.3.11-25.src.rpm 12530490 5cda922b518cd890ff54767f4328b133 Binary Packages Size: MD5 php4-4.3.11-25.i586.rpm 5368036 726ef3ed08acfce2d8985a0acfb237c6 php4-gd-4.3.11-25.i586.rpm 50578 6129a82a024b0696929531843a5c2b43 php4-imap-4.3.11-25.i586.rpm 13912 a436aeac68bc5292847af88fa95ff741 php4-ldap-4.3.11-25.i586.rpm 37284 90cb9e308cba36e7b2c5bfecad5d4043 php4-manual-4.3.11-25.i586.rpm 7505307 1298e46da3a488450b6e8fbeb0276fab php4-ming-4.3.11-25.i586.rpm 48703 5259eadb99e57bab08e33bdf4d136d46 php4-mysql-4.3.11-25.i586.rpm 124591 18529df4451fa6c1238fa472e4332c50 php4-pgsql-4.3.11-25.i586.rpm 73930 f4a89dcaebef10e8ce5a5b03d637a699 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/SRPMS/php4-4.3.9-18.src.rpm 12376216 ad66e798922bb40bc769ccf9532f1a0e Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-4.3.9-18.x86_64.rpm 5478514 d5fa8bbe977556d6828faba83b642a32 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-debug-4.3.9-18.x86_64.rpm 6583596 f13e61b41bba3763637c03cccfca03f0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-gd-4.3.9-18.x86_64.rpm 53956 c0e24fc4d753e276ccc6ee6f2c5540b0 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-imap-4.3.9-18.x86_64.rpm 11826 696a10567a891a0dade0f70af25e9042 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ldap-4.3.9-18.x86_64.rpm 39687 70d57f5cdd350f2e097740c678ec2f69 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-manual-4.3.9-18.x86_64.rpm 7503538 e3a30677139f66075fef852d755d1b7d ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-ming-4.3.9-18.x86_64.rpm 51790 1a685712ff47c4f047bc946e7791ca56 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-mysql-4.3.9-18.x86_64.rpm 135098 2aaa2f0ad63263694b796f437ee9bd1b ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/updates/RPMS/php4-pgsql-4.3.9-18.x86_64.rpm 76719 272e14e0083bf0c6e3fa7efe1b42439d Source Packages Size: MD5 php-4.2.3-39.src.rpm 3616814 edd2145ad194d531ec35dc118c395933 Binary Packages Size: MD5 php-4.2.3-39.i586.rpm 1634692 3722cb9c14986db53dce15a4c7e106b2 php-gd-4.2.3-39.i586.rpm 32667 0848f2098841dc4930187cc475318b80 php-imap-4.2.3-39.i586.rpm 10490 433e47aa531821e2c378de2f145dd7fb php-ldap-4.2.3-39.i586.rpm 25935 651011b3e11ef0b1e4891ecd6519e9d0 php-manual-4.2.3-39.i586.rpm 343084 57f37f9b63b2fb74d71f06902551d959 php-ming-4.2.3-39.i586.rpm 34532 39282aedee7882331a84d98fc470d2fb php-mysql-4.2.3-39.i586.rpm 92104 e5a6b3336d0ab578ab3edda59a2def52 php-pgsql-4.2.3-39.i586.rpm 36749 1dfebc07853b09715dd15f8ff0b06d50 Source Packages Size: MD5 php-4.2.3-39.src.rpm 3616814 b2fedfbcaf14d9c9bba7fde20a4af867 Binary Packages Size: MD5 php-4.2.3-39.i586.rpm 1635026 4cb097639b95979426f81827c3fcb89f php-gd-4.2.3-39.i586.rpm 32812 e278f6e7edfe4e42df8def0699877b47 php-imap-4.2.3-39.i586.rpm 10641 f966bf30cc9b3a6d18849e0ba12db050 php-ldap-4.2.3-39.i586.rpm 26115 0d8a66fd22ae5e65b92c328269d0abb2 php-manual-4.2.3-39.i586.rpm 343054 81ae4a9c617c03145a70398065dc651d php-ming-4.2.3-39.i586.rpm 34697 92e2e94637e82057dec26a1b94d1b466 php-mysql-4.2.3-39.i586.rpm 92304 e42edd99cfefd5e346de1921cd9984dd php-pgsql-4.2.3-39.i586.rpm 36902 1d1546f0cb8aa76d0cce434c39af5eb4 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/php4-4.3.11-25.src.rpm 12530490 5cda922b518cd890ff54767f4328b133 Binary Packages Size: MD5 php4-4.3.11-25.i586.rpm 5368036 726ef3ed08acfce2d8985a0acfb237c6 php4-debug-4.3.11-25.i586.rpm 6455308 feec2550889a45fd4b4483076a7c919d php4-gd-4.3.11-25.i586.rpm 50578 6129a82a024b0696929531843a5c2b43 php4-imap-4.3.11-25.i586.rpm 13912 a436aeac68bc5292847af88fa95ff741 php4-ldap-4.3.11-25.i586.rpm 37284 90cb9e308cba36e7b2c5bfecad5d4043 php4-manual-4.3.11-25.i586.rpm 7505307 1298e46da3a488450b6e8fbeb0276fab php4-ming-4.3.11-25.i586.rpm 48703 5259eadb99e57bab08e33bdf4d136d46 php4-mysql-4.3.11-25.i586.rpm 124591 18529df4451fa6c1238fa472e4332c50 php4-pgsql-4.3.11-25.i586.rpm 73930 f4a89dcaebef10e8ce5a5b03d637a699 Source Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/php4-4.3.3-24.src.rpm 4204055 7668582f528096703056380ef90a8c42 Binary Packages Size: MD5 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-4.3.3-24.i586.rpm 3408800 6ca94aa7f23289d1ead51d4e69837f0f ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-gd-4.3.3-24.i586.rpm 33627 8d78ca50a5073434e22f23831edbdcc1 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-imap-4.3.3-24.i586.rpm 10965 d5de2bcc46cc6b1d44bfbf67df15d0fe ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ldap-4.3.3-24.i586.rpm 25331 b5139533f3f8f838d893ea7be5f7d263 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-manual-4.3.3-24.i586.rpm 343363 e700ae3241f1ab64b7d9b4d996188252 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-ming-4.3.3-24.i586.rpm 31849 da896384673a3fd2c44d2a2c371d1d54 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-mysql-4.3.3-24.i586.rpm 82860 e6334e73dd818538aad7db032ba2d780 ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/php4-pgsql-4.3.3-24.i586.rpm 49369 db20d1bb77201ecc4a323f9851fc1789 References: CVE [CVE-2007-1777] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1777 [CVE-2007-3998] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 [CVE-2007-5898] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5898 [CVE-2007-5899] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5899 [CVE-2008-0599] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0599 [CVE-2008-2051] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2051 [CVE-2008-2107] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2107 [CVE-2008-2108] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2108 [CVE-2008-2829] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2829 -------------------------------------------------------------------------- Revision History 16 Jul 2008 Initial release -------------------------------------------------------------------------- Copyright(C) 2008 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkh9nqwACgkQK0LzjOqIJMzbSACggcc44EZhSkvS8VgnNdo3Bwnc o5QAn1teiWf7iYuMsItKl6SDXvYCxYAa =CzSL -----END PGP SIGNATURE-----