CVE-2005-3353
CVSS5.0
发布时间 :2005-11-18 18:03:00
修订时间 :2011-03-07 21:26:24
NMCOPS    

[原文]The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.


[CNNVD]PHP exif_read_data函数拒绝服务漏洞(CNNVD-200511-239)

        PHP是一种易于学习和使用的服务器端脚本语言。
        PHP 4.4.1以前的版本中,其Exif模块中的exif_read_data函数允许远程攻击者通过一个特制的JPEG图像来导致拒绝服务攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:php:php:4.3.3PHP PHP 4.3.3
cpe:/a:php:php:4.0.1PHP PHP 4.0.1
cpe:/a:php:php:4.3.1PHP PHP 4.3.1
cpe:/a:php:php:4.3.10PHP PHP 4.3.10
cpe:/a:php:php:4.0.0PHP PHP 4.0.0
cpe:/a:php:php:4.3.7PHP PHP 4.3.7
cpe:/a:php:php:4.2.0PHP PHP 4.2.0
cpe:/a:php:php:4.2.2PHP PHP 4.2.2
cpe:/a:php:php:4.2.1PHP PHP 4.2.1
cpe:/a:php:php:4.0.2PHP PHP 4.0.2
cpe:/a:php:php:4.0.6PHP PHP 4.0.6
cpe:/a:php:php:4.1.2PHP PHP 4.1.2
cpe:/a:php:php:4.1.1PHP PHP 4.1.1
cpe:/a:php:php:4.0.5PHP PHP 4.0.5
cpe:/a:php:php:4.3.11PHP PHP 4.3.11
cpe:/a:php:php:4.3.6PHP PHP 4.3.6
cpe:/a:php:php:4.3
cpe:/a:php:php:4.0.4PHP PHP 4.0.4
cpe:/a:php:php:4.3.4PHP PHP 4.3.4
cpe:/a:php:php:4.3.8PHP PHP 4.3.8
cpe:/a:php:php:4.1.0PHP PHP 4.1.0
cpe:/a:php:php:4.4.0PHP PHP 4.4.0
cpe:/a:php:php:4.3.9PHP PHP 4.3.9
cpe:/a:php:php:4.0.3PHP PHP 4.0.3
cpe:/a:php:php:4.3.5PHP PHP 4.3.5
cpe:/a:php:php:4.2.3PHP PHP 4.2.3
cpe:/a:php:php:4.3.2PHP PHP 4.3.2

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11032The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3353
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-239
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-062A.html
(UNKNOWN)  CERT  TA06-062A
http://bugs.php.net/bug.php?id=34704
(VENDOR_ADVISORY)  MISC  http://bugs.php.net/bug.php?id=34704
http://www.vupen.com/english/advisories/2006/4320
(UNKNOWN)  VUPEN  ADV-2006-4320
http://www.vupen.com/english/advisories/2006/0791
(UNKNOWN)  VUPEN  ADV-2006-0791
http://www.ubuntulinux.org/usn/usn-232-1/document_view
(UNKNOWN)  UBUNTU  USN-232-1
http://www.securityfocus.com/bid/15358
(UNKNOWN)  BID  15358
http://www.securityfocus.com/archive/1/archive/1/419504/100/0/threaded
(UNKNOWN)  SUSE  SUSE-SA:2005:069
http://www.php.net/ChangeLog-4.php#4.4.1
(UNKNOWN)  CONFIRM  http://www.php.net/ChangeLog-4.php#4.4.1
http://www.openpkg.org/security/OpenPKG-SA-2005.027-php.html
(UNKNOWN)  OPENPKG  OpenPKG-SA-2005.027
http://www.fedoralegacy.org/updates/FC2/2005-11-28-FLSA_2005_166943__Updated_php_packages_fix_security_issues.html
(UNKNOWN)  FEDORA  FLSA:166943
http://secunia.com/advisories/18198
(UNKNOWN)  SECUNIA  18198
http://secunia.com/advisories/18054
(UNKNOWN)  SECUNIA  18054
http://secunia.com/advisories/17371
(UNKNOWN)  SECUNIA  17371
http://rhn.redhat.com/errata/RHSA-2005-831.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:831
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
(UNKNOWN)  HP  HPSBMA02159
http://xforce.iss.net/xforce/xfdb/24351
(UNKNOWN)  XF  php-exif-dos(24351)
http://www.turbolinux.com/security/2006/TLSA-2006-38.txt
(UNKNOWN)  TURBO  TLSA-2006-38
http://www.securityfocus.com/bid/16907
(UNKNOWN)  BID  16907
http://www.mandriva.com/security/advisories?name=MDKSA-2005:213
(UNKNOWN)  MANDRIVA  MDKSA-2005:213
http://www.debian.org/security/2006/dsa-1206
(UNKNOWN)  DEBIAN  DSA-1206
http://securityreason.com/securityalert/525
(UNKNOWN)  SREASON  525
http://secunia.com/advisories/22713
(UNKNOWN)  SECUNIA  22713
http://secunia.com/advisories/22691
(UNKNOWN)  SECUNIA  22691
http://secunia.com/advisories/19064
(UNKNOWN)  SECUNIA  19064
http://secunia.com/advisories/17557
(UNKNOWN)  SECUNIA  17557
http://secunia.com/advisories/17531
(UNKNOWN)  SECUNIA  17531
http://secunia.com/advisories/17490
(UNKNOWN)  SECUNIA  17490
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2006-03-01
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
(UNKNOWN)  HP  HPSBMA02159
http://docs.info.apple.com/article.html?artnum=303382
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=303382

- 漏洞信息

PHP exif_read_data函数拒绝服务漏洞
中危 设计错误
2005-11-18 00:00:00 2006-01-10 00:00:00
远程  
        PHP是一种易于学习和使用的服务器端脚本语言。
        PHP 4.4.1以前的版本中,其Exif模块中的exif_read_data函数允许远程攻击者通过一个特制的JPEG图像来导致拒绝服务攻击。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Apple SecUpd2006-001Ti.dmg
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09818&cat=1&platform=osx&method=sa/SecUpd2006-001Ti.dmg
        http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=09818&cat=1&platform=osx&method=sa/SecUpd2006-001Ti.dmg

- 漏洞信息 (F51730)

Debian Linux Security Advisory 1206-1 (PacketStormID:F51730)
2006-11-07 00:00:00
Debian  debian.org
advisory,remote,arbitrary,php,vulnerability
linux,debian
CVE-2005-3353,CVE-2006-3017,CVE-2006-4482,CVE-2006-5465
[点击下载]

Debian Security Advisory 1206-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1206-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
November 6th, 2006                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : php4
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2005-3353 CVE-2006-3017 CVE-2006-4482 CVE-2006-5465

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2005-3353

    Tim Starling discovered that missing input sanitising in the EXIF
    module could lead to denial of service.

CVE-2006-3017

    Stefan Esser discovered a security-critical programming error in the
    hashtable implementation of the internal Zend engine.

CVE-2006-4482

    It was discovered that str_repeat() and wordwrap() functions perform
    insufficient checks for buffer boundaries on 64 bit systems, which
    might lead to the execution of arbitrary code.

CVE-2006-5465

    Stefan Esser discovered a buffer overflow in the htmlspecialchars()
    and htmlentities(), which might lead to the execution of arbitrary
    code.

For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-18. Builds for hppa and m68k will be provided later
once they are available.

For the unstable distribution (sid) these problems have been fixed in
version 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.

We recommend that you upgrade your php4 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.dsc
      Size/MD5 checksum:     1686 b99c2dd2804c2bbc49e2ddf4552cc80c
    http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18.diff.gz
      Size/MD5 checksum:   280816 86bdd61412df9ca0b87a5f5aa536a610
    http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
      Size/MD5 checksum:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-18_all.deb
      Size/MD5 checksum:   250000 8d364cb47cfbb8bb2472ca47812123e3
    http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-18_all.deb
      Size/MD5 checksum:     1144 26260bbbf8804b071cdf75ce70bde876

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_alpha.deb
      Size/MD5 checksum:  1700934 1deff9409b11b01a88a805ca8726d3c3
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_alpha.deb
      Size/MD5 checksum:  1698672 d91afe4bf274a9abc1227747765be8ca
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_alpha.deb
      Size/MD5 checksum:  3464908 2d3ac8b65a2650bbc60327043bb74cfa
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_alpha.deb
      Size/MD5 checksum:  1743098 0228c6cb6f305f473d0df08c61bfe10f
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_alpha.deb
      Size/MD5 checksum:   167916 02f6e85f6e12684c41f16cf908aa2a0e
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_alpha.deb
      Size/MD5 checksum:    18148 3aa1ca7f556608a37d8dc6442cbc244e
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_alpha.deb
      Size/MD5 checksum:   325200 7126e4aa1ca42fd6e04a72ba782dc2e0
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_alpha.deb
      Size/MD5 checksum:    39036 28fc28ae9bf2b4ab091b7ae6687b027d
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_alpha.deb
      Size/MD5 checksum:    34552 daa6539117567a4fffd1c8196426b3d7
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_alpha.deb
      Size/MD5 checksum:    38060 026c1fdd47d1cc9ff426427d5e04e5c6
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_alpha.deb
      Size/MD5 checksum:    21378 01d0e1b4abc53a4aff236bae15a3021c
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_alpha.deb
      Size/MD5 checksum:    18210 ebb9a131438cd54cd636fab7db1b3293
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_alpha.deb
      Size/MD5 checksum:     8340 29dda4814444739effce591f24f4b3da
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_alpha.deb
      Size/MD5 checksum:    22454 344307b6d30996a6fc9bcffab5ea163d
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_alpha.deb
      Size/MD5 checksum:    28368 114065def6bdf90c16fc60e8c087dfec
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_alpha.deb
      Size/MD5 checksum:     7964 4b614f3bfa16346d449bcbee71c58d75
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_alpha.deb
      Size/MD5 checksum:    13770 6f8c4f516e744ed9daf4157df9112fa6
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_alpha.deb
      Size/MD5 checksum:    23304 644e7764688b5d9305cf9bb625ae6747
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_alpha.deb
      Size/MD5 checksum:    17886 a01178a81b43e0fd909a16a81695832b

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_amd64.deb
      Size/MD5 checksum:  1660608 2dcf0c9a7c99609665f54d571628bc4f
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_amd64.deb
      Size/MD5 checksum:  1658062 009757f161f1ff3bd3fc29bee44d6e17
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_amd64.deb
      Size/MD5 checksum:  3277740 76ee9926ad67aa6dd666edb59a590adf
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_amd64.deb
      Size/MD5 checksum:  1648188 3b40796e964ee6eab1e06a1a76029ef1
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_amd64.deb
      Size/MD5 checksum:   167920 0064aba32b455b870848cf0c151ed93f
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_amd64.deb
      Size/MD5 checksum:    17834 d44cba2553a65d00f844d964615c2f0c
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_amd64.deb
      Size/MD5 checksum:   325184 f21e0e6afe5835083193c3039ab5fdfc
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_amd64.deb
      Size/MD5 checksum:    40802 9ccd024e9fb5f70aa3ecc3d4c0fe8531
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_amd64.deb
      Size/MD5 checksum:    34286 781c66281eb08f129aae64d806cb42b1
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_amd64.deb
      Size/MD5 checksum:    37650 a0c129d1e47883a244199e553c637581
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_amd64.deb
      Size/MD5 checksum:    21412 7de677bfdae7ac19f663f878a00dcb40
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_amd64.deb
      Size/MD5 checksum:    18884 bb82e2d09986e4f76e64b05d27f26dd5
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_amd64.deb
      Size/MD5 checksum:     8244 1ede17004a053a4d66f541e580fcf56d
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_amd64.deb
      Size/MD5 checksum:    22890 83c5c86e1c9e4260cdf68048b8a4052b
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_amd64.deb
      Size/MD5 checksum:    28784 c717f11defbfd27a151035510efae669
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_amd64.deb
      Size/MD5 checksum:     7908 9a89b18ed52654643c368b8374494940
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_amd64.deb
      Size/MD5 checksum:    13672 aadb8c935c6cfc0940ebca26f74a8f66
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_amd64.deb
      Size/MD5 checksum:    22434 904489e90619114f29a371c175b81e7d
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_amd64.deb
      Size/MD5 checksum:    17570 08b245b8e01cb69806b8e453a7ec6234

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_arm.deb
      Size/MD5 checksum:  1591974 afdd3c988badd5c2751e364f77987dbb
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_arm.deb
      Size/MD5 checksum:  1591786 a2ea48b3394a081b42eb5f680f29ef72
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_arm.deb
      Size/MD5 checksum:  3171516 07df6b074d821e4a61396964050ded20
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_arm.deb
      Size/MD5 checksum:  1593088 0703edb2b7348ebf2a4d072e1b52b3bc
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_arm.deb
      Size/MD5 checksum:   167938 0934b0061b9aa706a2e33a47d270508a
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_arm.deb
      Size/MD5 checksum:    17646 adba08080702e089bffba483a9de1035
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_arm.deb
      Size/MD5 checksum:   325468 10b04c3f5e58e3c0a8ca1122f7afb518
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_arm.deb
      Size/MD5 checksum:    36114 474494efb516b9cbc403e809df4e419c
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_arm.deb
      Size/MD5 checksum:    31782 2f3485924aabf2da12ff9a6c15826abb
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_arm.deb
      Size/MD5 checksum:    35384 d4c458352a00c5c2b93c0ea7db3c47fa
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_arm.deb
      Size/MD5 checksum:    19736 64ecf4479384d29a420873bcd3f89a65
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_arm.deb
      Size/MD5 checksum:    17086 8a5ee897db51d1ef44613dad242b51ea
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_arm.deb
      Size/MD5 checksum:     7814 fe2c30426aaaffe72d8ca0151702bc96
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_arm.deb
      Size/MD5 checksum:    20598 88b93b4216656b50fc52b2022f7d1d3a
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_arm.deb
      Size/MD5 checksum:    27324 e0498ee38ead720b3c8592a1bdc41224
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_arm.deb
      Size/MD5 checksum:     7640 52bdb48050f3b8c2d569bbfca236d0ea
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_arm.deb
      Size/MD5 checksum:    12794 c9642636475261fe406ffcc81ed9be4e
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_arm.deb
      Size/MD5 checksum:    20888 8742826563b883e2e761afc44788c027
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_arm.deb
      Size/MD5 checksum:    15792 79495683d81c4cb9063b5c13b94c4547

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_i386.deb
      Size/MD5 checksum:  1614232 572e82d2d3c8e9299fc27fb3da1be573
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_i386.deb
      Size/MD5 checksum:  1611996 3eb79568d85b2154e07fbc7c8a71ab99
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_i386.deb
      Size/MD5 checksum:  3208898 822b7d30ae417ca4cca7a959d33967c0
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_i386.deb
      Size/MD5 checksum:  1609468 354276638d467776e026a9b95a1acb60
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_i386.deb
      Size/MD5 checksum:   167936 cf408f6af1e686a1b9a9a33e59341bb5
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_i386.deb
      Size/MD5 checksum:    17902 3a863a5c7f7540aa01e53ff817affeca
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_i386.deb
      Size/MD5 checksum:   325168 3cccbdc82dd6ef063746c691cb5d063f
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_i386.deb
      Size/MD5 checksum:    37234 0fbaff4f5b3bcc2ff27ea25ef377f7d8
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_i386.deb
      Size/MD5 checksum:    32390 a5110ec9f8e82505613bceb78341a829
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_i386.deb
      Size/MD5 checksum:    37370 fd429c6203e71101cd628e4ac040087b
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_i386.deb
      Size/MD5 checksum:    19960 8384a96bc96147a83ad05a5ec5f2cfd3
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_i386.deb
      Size/MD5 checksum:    17676 90a2ffebe127c8c672b2f43cc9fddfcf
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_i386.deb
      Size/MD5 checksum:     8040 e7ee51f0cd7fcb8a66c29a58837509df
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_i386.deb
      Size/MD5 checksum:    21218 00f174cd3965a23abcccccc3bcfa2200
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_i386.deb
      Size/MD5 checksum:    27146 e84270ecde6cae6a3b4bbdd36bb86c3d
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_i386.deb
      Size/MD5 checksum:     7700 a58a6b0579b26459afb478462ee31519
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_i386.deb
      Size/MD5 checksum:    13158 a508e1dc78f5fda5c3dd2ad19360fe0d
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_i386.deb
      Size/MD5 checksum:    21376 ec7bd84b0e3b1d1cc17355c474486cbb
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_i386.deb
      Size/MD5 checksum:    16396 c141d3d2498cc3391f32232b95cb196a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_ia64.deb
      Size/MD5 checksum:  1952128 ced874b90ed36a7843a56303a8a04522
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_ia64.deb
      Size/MD5 checksum:  1949382 4cc9f82fe65d380bab127178b3b5f08c
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_ia64.deb
      Size/MD5 checksum:  3895128 43c19f3ab0f53e5371595520b2f7d1e7
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_ia64.deb
      Size/MD5 checksum:  1949590 cc7d7eff9e324c31ebec2112345821ef
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_ia64.deb
      Size/MD5 checksum:   167916 d17b9aa8fc429e41ad6b7393977af93a
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_ia64.deb
      Size/MD5 checksum:    22022 ae3a31d8f477eb69650c9d88f7271788
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_ia64.deb
      Size/MD5 checksum:   325196 4d7e3dd0d060056bc20198f3d5ead646
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_ia64.deb
      Size/MD5 checksum:    50632 7368a6ef6bd8e41bf7a3e905a448660c
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_ia64.deb
      Size/MD5 checksum:    45248 0b2cc6364099fe906820c8043f565629
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_ia64.deb
      Size/MD5 checksum:    48216 44a538ecbe3760c449e6898fcd9f02a8
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_ia64.deb
      Size/MD5 checksum:    27026 8ea2a8c41ce29715747457503714a76b
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_ia64.deb
      Size/MD5 checksum:    22648 e6edbf30d910de441c2e080695612a71
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_ia64.deb
      Size/MD5 checksum:     9324 2d056ffa84d4d37195cc38c395e4ddec
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_ia64.deb
      Size/MD5 checksum:    27598 4e228c68bd22099f414cfc34794a422e
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_ia64.deb
      Size/MD5 checksum:    36170 8d23bb4db75de14272daa22e543a8adc
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_ia64.deb
      Size/MD5 checksum:     9004 345581f1565d77212bff7dec007322a1
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_ia64.deb
      Size/MD5 checksum:    16328 5e96eab77cd21d2ad0074c791429488e
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_ia64.deb
      Size/MD5 checksum:    28870 fe208dfb33c64c60888da4ae676eca01
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_ia64.deb
      Size/MD5 checksum:    21896 0ae7872423bcddb068506be60a592e02

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mips.deb
      Size/MD5 checksum:  1648412 b22897e5386936f5e0c3e534d0ef4edc
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mips.deb
      Size/MD5 checksum:  1646484 bde0d663e4b088ca096707dbd5ea085e
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mips.deb
      Size/MD5 checksum:  3295390 e7ba986c31963686d61cb4e6e7ab0fb1
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mips.deb
      Size/MD5 checksum:  1652314 7b1146db3f44d0756ab8ba581d91204a
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mips.deb
      Size/MD5 checksum:   167932 f0f0d7221606384be034a43584f6c130
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mips.deb
      Size/MD5 checksum:    16826 26ea16ea5120b002899cb096fb339e04
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mips.deb
      Size/MD5 checksum:   325300 4e7913d8409c58e8d440e222d9bbbaeb
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mips.deb
      Size/MD5 checksum:    35224 c35ca59240f075ee1ad544771e82f52d
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mips.deb
      Size/MD5 checksum:    31930 94ef5618ceaed84a592d5323f25b503c
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mips.deb
      Size/MD5 checksum:    33966 1e3af07adb4c1d335115fadca331a3a9
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mips.deb
      Size/MD5 checksum:    19920 2446320de817c5de6df458cd04b84458
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mips.deb
      Size/MD5 checksum:    16478 daf3946631fc385d2ae3200a84a9e6a7
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mips.deb
      Size/MD5 checksum:     8116 9c12d49a7546cb73d12ce943a0c62ab9
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mips.deb
      Size/MD5 checksum:    20510 c65e0863274f9e341f5085c3cf693ea2
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mips.deb
      Size/MD5 checksum:    26372 f631fadcf8aaf2cde32cc9f34cf9ef62
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mips.deb
      Size/MD5 checksum:     7824 8deeeadd18e998e42dcd4c57fb86db7b
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mips.deb
      Size/MD5 checksum:    13152 9449dc1c15a0b9771b08edb99ac7817c
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mips.deb
      Size/MD5 checksum:    21652 2135a7a2354a4d6009105258cd2cb833
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mips.deb
      Size/MD5 checksum:    16192 6747f81d0d4ccbd501053f68da3ac259

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_mipsel.deb
      Size/MD5 checksum:  1630250 9a406a4362e3a8bce8ab0893f1b3fc1e
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_mipsel.deb
      Size/MD5 checksum:  1628592 8ff9ec915fd228bab715b4126f0624f8
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_mipsel.deb
      Size/MD5 checksum:  3253842 d9101ff31106d55f1361a1aea4da796e
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_mipsel.deb
      Size/MD5 checksum:  1631568 92d31cf18ff2138026e9412d5a8c1df6
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_mipsel.deb
      Size/MD5 checksum:   167940 46e1e1fed86610fc6a01580eb305e9da
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    16794 508b3379bef4e8d7ce31dfc235a11702
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_mipsel.deb
      Size/MD5 checksum:   325300 aebcf44cf3ec1a9f5d57254d58240a2f
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    34776 bcb4cd6a3606ee5a069328928a466b1b
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    31662 5b371eb869cab39bc263dec252b24d46
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    33836 79365af49433d2a52fa84eb83e13ff18
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    19802 c7271c289d897c487b9ad2b9d3c8c848
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    16388 ab9a58b595aa4da0edb92d8907b3abd4
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_mipsel.deb
      Size/MD5 checksum:     8088 af3bb195ba0f355539c95e512dacaa1b
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    20452 f59bc05f9fe9806a5e96245629444ae8
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    26242 495d0af0489ef27a27fb803df9c22f9c
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_mipsel.deb
      Size/MD5 checksum:     7772 c0e91e320dc7aa8612cb7ffcf67ff6f4
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    13056 9c12b7d4dc873e79ee0367b2f127974a
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    21592 347945c9d9724838b43d11d8f1d4d5d6
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_mipsel.deb
      Size/MD5 checksum:    16164 9f74e955acaf979f87665c3376c0cfba

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_powerpc.deb
      Size/MD5 checksum:  1661074 de33a92ea64c2550885a34babf3f5ae5
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_powerpc.deb
      Size/MD5 checksum:  1659118 207692feed208166db82a46f076e938d
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_powerpc.deb
      Size/MD5 checksum:  3280842 aaba5c02175be6b9aac9a0ff8d3a97aa
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_powerpc.deb
      Size/MD5 checksum:  1646628 05931feddf04a8b49a0d6949a85ec9eb
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_powerpc.deb
      Size/MD5 checksum:   167922 9186efbcb949031a5fccc92ba312ee38
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    19648 6da340b1fa5354815eaba491289986f5
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_powerpc.deb
      Size/MD5 checksum:   325250 15eea0af4ce60a1dcfe1d7ae92afc402
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    38644 b4040bf7ecfe5b637313f9bc5e882888
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    34522 2e6be18ffa1aa076263a6da66a88c27e
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    37694 507520edf8e62d12190a3784d9c5a0aa
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    21412 5cc50111e0d54a54a8ec1f2b7d0dbe30
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    19728 ba9ce16e48257a48a46a33cf341e54cb
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_powerpc.deb
      Size/MD5 checksum:     9580 00eb12058d551beb520cecc1f34e8c59
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    22604 38e4691efa7d14d4bc03837f476df8f3
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    28678 8c9c39f6f82f3392b80e14cf275aef87
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_powerpc.deb
      Size/MD5 checksum:     9288 de1312a2c4216b38eb6c1a22f5efe546
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    14962 707066edaffa958be582a9212f2a21cc
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    23042 4de2aa3b1d417f9d26e2e5bf1dd71788
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_powerpc.deb
      Size/MD5 checksum:    18272 a0efbed8f0c4b8a776c25e63f3342a8a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_s390.deb
      Size/MD5 checksum:  1709170 9617e3bbeb9446df5c1900e28cfc52b1
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_s390.deb
      Size/MD5 checksum:  1708204 22f34f5b7a54d8f3451b7fe102957734
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_s390.deb
      Size/MD5 checksum:  3359814 b023379d97ef567f2683ac4b5f890971
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_s390.deb
      Size/MD5 checksum:  1686996 505abcc5893d0a3baeafd6e2b0b0eb31
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_s390.deb
      Size/MD5 checksum:   167916 e5523c78fa26ed7407fd67100e5a83ce
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_s390.deb
      Size/MD5 checksum:    17842 eb4b8cff51d8fa622a12d44d6bd5b565
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_s390.deb
      Size/MD5 checksum:   325198 fa39ecd9bb6fd108ace01971d5d760d8
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_s390.deb
      Size/MD5 checksum:    41124 e325433c9917a0f9ed78487b809486b8
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_s390.deb
      Size/MD5 checksum:    33562 19bba35e8efcb6b6eed5902c4b65f64d
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_s390.deb
      Size/MD5 checksum:    37390 f044f6504195d0e26c70e794a7ff1c19
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_s390.deb
      Size/MD5 checksum:    21422 41504297d336bbb1980a48a5ac31a8be
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_s390.deb
      Size/MD5 checksum:    17730 9a7635d7747ec80f38678b96c1104f25
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_s390.deb
      Size/MD5 checksum:     8404 8f214c43723e76ec8b0844787f7e4c98
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_s390.deb
      Size/MD5 checksum:    22932 42e45785723a8ab3271c8314c36ef810
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_s390.deb
      Size/MD5 checksum:    28870 958a0c1ad3980cc26ba6189cdf0cc021
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_s390.deb
      Size/MD5 checksum:     8046 e809d6ba139fc24b01b9555b201a3fc8
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_s390.deb
      Size/MD5 checksum:    13896 dc37c6e85e1b356ba613b38925748228
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_s390.deb
      Size/MD5 checksum:    22268 91fbdc05c3fcf7dfadeb43b3efc9994a
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_s390.deb
      Size/MD5 checksum:    17302 bd9c0b622afb237e5de2c554fffa5b9c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-18_sparc.deb
      Size/MD5 checksum:  1623888 ee4aedd6b606aba754a303a541c77919
    http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-18_sparc.deb
      Size/MD5 checksum:  1620786 24dc831a486a402d8f136a0a5a5faecf
    http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-18_sparc.deb
      Size/MD5 checksum:  3197026 c8bc2f63cd0efd85baa0375b6efe86b0
    http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-18_sparc.deb
      Size/MD5 checksum:  1605892 78a3c37f4af1c88784c01fd851da2210
    http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-18_sparc.deb
      Size/MD5 checksum:   167940 16e45134f678a7511f3ef6b0e5ec86b9
    http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-18_sparc.deb
      Size/MD5 checksum:    18082 e11be70c03c1c1c2abe1c3c3f7cfb83d
    http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-18_sparc.deb
      Size/MD5 checksum:   325308 440df8a0434ac65f4aa1199e33015da1
    http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-18_sparc.deb
      Size/MD5 checksum:    36492 3f654fa0a80786edb8302fb23ad0c965
    http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-18_sparc.deb
      Size/MD5 checksum:    31942 cd693e51e4e75e60c7d6d827988bf721
    http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-18_sparc.deb
      Size/MD5 checksum:    36192 12252492284b653d5286098d1d2056a2
    http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-18_sparc.deb
      Size/MD5 checksum:    19286 8fb4f461f23b0e388939498c75a06055
    http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-18_sparc.deb
      Size/MD5 checksum:    17494 31449be7b22340e753e49e21106d8231
    http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-18_sparc.deb
      Size/MD5 checksum:     7874 9166cab619fd43713eec88016096bd1c
    http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-18_sparc.deb
      Size/MD5 checksum:    20672 a9b3e7d4ed1a95b16b401c7a8c0db990
    http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-18_sparc.deb
      Size/MD5 checksum:    26542 87c822f25db53c283f5ff8fb0dc6f261
    http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-18_sparc.deb
      Size/MD5 checksum:     7598 05e5f7e761f14797c0f7babd747f14c7
    http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-18_sparc.deb
      Size/MD5 checksum:    12840 59e5bf49084a5eff48987b8b884e51e3
    http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-18_sparc.deb
      Size/MD5 checksum:    20848 8eb304df470d8144050b1797d8b67b9d
    http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-18_sparc.deb
      Size/MD5 checksum:    15866 ac6ef12e44e28426818b29e94f177f48


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFT3rkXm3vHE4uyloRAnziAJ4tJNdtfI9rDkneckmOJGXpLEm9cQCdHKit
9yUJXxts03rf3LLMSnpHWJE=
=XS7G
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F44321)

Apple Security Advisory 2006-03-01 (PacketStormID:F44321)
2006-03-03 00:00:00
Apple  apple.com
advisory,perl,vulnerability
apple,osx
CVE-2005-3319,CVE-2005-3353,CVE-2005-3391,CVE-2005-3392,CVE-2006-0384,CVE-2006-0391,CVE-2005-2713,CVE-2005-2714,CVE-2006-0386,CVE-2006-0383,CVE-2005-3706,CVE-2006-0395,CVE-2005-4217,CVE-2005-3712,CVE-2005-4504,CVE-2006-0387,CVE-2006-0388,CVE-2006-0394
[点击下载]

APPLE-SA-2006-03-01 Security Update 2006-001 - A new update has been released for Mac OS X that addresses vulnerabilities in apache_mod_php, automount, COM, Directory Services, FileVault, IPSec, LibSystem, Mail, perl, rsync, Safari, LaunchServices, and Syndication.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2006-03-01 Security Update 2006-001

Security Update 2006-001 is now available and addresses the following
issues:

apache_mod_php
CVE-ID:  CVE-2005-3319, CVE-2005-3353, CVE-2005-3391, CVE-2005-3392
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Multiple security issues in PHP 4.4
Description:  PHP 4.4.1 fixes several security issues in the Apache
module and scripting environment. Details of the fixes are
available via the PHP web site (www.php.net). PHP ships with Mac OS
X but is disabled by default.

automount
CVE-ID:  CVE-2006-0384
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Malicious network servers may cause a denial of service or
arbitrary code execution
Description:  File servers on the local network may be able to cause
Mac OS X systems to mount file systems with reserved names. This
could cause the systems to become unresponsive, or possibly allow
arbitrary code delivered from the file servers to run on the target
system.

BOM
CVE-ID:  CVE-2006-0391
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Directory traversal may occur while unpacking archives with
BOM
Description:  The BOM framework handles the unpacking of certain
types of archives. This framework is vulnerable to a directory
traversal attack that can allow archived files to be unpacked into
arbitrary locations that are writable by the current user. This
update addresses the issue by properly sanitizing those paths.
Credit to Stephane Kardas of CERTA for reporting this issue.

Directory Services
CVE-ID:  CVE-2005-2713, CVE-2005-2714
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Malicious local users may create and manipulate files as
root
Description:  The passwd program is vulnerable to temporary file
attacks. This could lead to privilege elevation. This update
addresses the issue by anticipating a hostile environment and by
creating temporary files securely. Credit to Ilja van Sprundel of
Suresec LTD, vade79, and iDefense (idefense.com) for reporting this
issue.

FileVault
CVE-ID:  CVE-2006-0386
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  FileVault may permit access to files during when it is
first enabled
Description:  User directories are mounted in an unsafe fashion when
a FileVault image is created. This update secures the method in
which a FileVault image is created.

IPSec
CVE-ID:  CVE-2006-0383
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Remote denial of service against VPN connections
Description:  Incorrect handling of error conditions for virtual
private networks based on IPSec may allow a remote attacker to
cause a service interruption. This update addresses the issues by
correctly handling the conditions that may cause crashes. Credit to
OUSPG from the University of Oulu, NISCC, and CERT-FI for
coordinating and reporting this issue.

LibSystem
CVE-ID:  CVE-2005-3706
Available for:  Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact:  Attackers may cause crashes or arbitrary code execution
depending upon the application
Description:  An attacker able to cause an application to make
requests for large amounts of memory may also be able to trigger a
heap buffer overflow. This could cause the targeted application to
crash or execute arbitrary code. This update addresses the issue by
correctly handling these memory requests. This issue does not
affect systems prior to Mac OS X v10.4. Credit to Neil Archibald of
Suresec LTD for reporting this issue.

Mail
CVE-ID:  CVE-2006-0395
Available for:  Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact:  Download Validation fails to warn about unsafe file types
Description:  In Mac OS X v10.4 Tiger, when an email attachment is
double-clicked in Mail, Download Validation is used to warn the
user if the file type is not "safe". Certain techniques can be used
to disguise the file's type so that Download Validation is
bypassed. This update addresses the issue by presenting Download
Validation with the entire file, providing more information for
Download Validation to detect unknown or unsafe file types in
attachments.

perl
CVE-ID:  CVE-2005-4217
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9
Impact:  Perl programs may fail to drop privileges
Description:  When a perl program running as root attempts to switch
to another user ID, the operation may fail without notification to
the program. This may cause a program to continue to run with root
privileges, assuming they have been dropped. This can cause
security issues in third-party tools. This update addresses the
issue by preventing such applications from continuing if the
operation fails. This issue does not affect Mac OS X v10.4 or later
systems. Credit to Jason Self for reporting this issue.

rsync
CVE-ID:  CVE-2005-3712
Available for:  Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact:  Authenticated users may cause an rsync server to crash or
execute arbitrary code
Description:  A heap-based buffer overflow may be triggered when the
rsync server is used with the flag that allows extended attributes
to be transferred. It may be possible for a malicious user with
access to an rsync server to cause denial of service or code
execution. This update addresses the problem by ensuring that the
destination buffer is large enough to hold the extended attributes.
This issue does not affect systems prior to Mac OS X v10.4. Credit
to Jan-Derk Bakker for reporting this issue.

Safari
CVE-ID:  CVE-2005-4504
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Viewing a maliciously-crafted web page may result in
arbitrary code execution
Description:  A heap-based buffer overflow in WebKit's handling of
certain HTML could allow a malicious web site to cause a crash or
execute arbitrary code as the user viewing the site. This update
addresses the issue by preventing the condition causing the
overflow. Credit to Suresec LTD for reporting this issue.

Safari
CVE-ID:  CVE-2006-0387
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Viewing a malicious web page may cause arbitrary code
execution
Description:  By preparing a web page including specially-crafted
JavaScript, an attacker may trigger a stack buffer overflow that
could lead to arbitrary code execution with the privileges of the
user. This update addresses the issue by performing additional
bounds checking.

Safari
CVE-ID:  CVE-2006-0388
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Remote web sites can redirect to local resources, allowing
JavaScript to execute in the local domain
Description:  Safari's security model prevents remote resources from
causing redirection to local resources. An issue involving HTTP
redirection can cause the browser to access a local file, bypassing
certain restrictions. This update addresses the issue by preventing
cross-domain HTTP redirects.

Safari, LaunchServices
CVE-ID:  CVE-2006-0394
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.5, Mac OS X Server v10.4.5
Impact:  Viewing a malicious web site may result in arbitrary code
execution
Description:  It is possible to construct a file which appears to be
a safe file type, such as an image or movie, but is actually an
application. When the "Open `safe' files after downloading" option
is enabled in Safari's General preferences, visiting a malicious
web site may result in the automatic download and execution of such
a file. A proof-of-concept has been detected on public web sites
that demonstrates the automatic execution of shell scripts. This
update addresses the issue by performing additional download
validation so that the user is warned (in Mac OS X v10.4.5) or the
download is not automatically opened (in Mac OS X v10.3.9).

Syndication
CVE-ID:  CVE-2006-0389
Available for:  Mac OS X v10.4.5, Mac OS X Server v10.4.5
Impact:  Subscriptions to malicious RSS content can lead to
cross-site scripting
Description:  Syndication (Safari RSS) may allow JavaScript code
embedded in feeds to run within the context of the RSS reader
document, allowing malicious feeds to circumvent Safari's security
model. This update addresses the issue by properly removing
JavaScript code from feeds. Syndication is only available in Mac OS
X v10.4 and later.

The following security enhancements are also included in this update:

FileVault: AES-128 encrypted FileVault disk images are now created
with more restrictive operating system permissions. Credit to Eric
Hall of DarkArt Consulting Services for reporting this issue.

iChat: A malicious application named Leap.A that attempts to
propagate using iChat has been detected. With this update for Mac
OS X v10.4.5 and Mac OS X Server v10.4.5, iChat now uses Download
Validation to warn of unknown or unsafe file types during file
transfers.

Users should use caution when opening files that are obtained from
the network. Further information is available via:
http://docs.info.apple.com/article.html?artnum=108009

Security Update 2006-001 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.5 (PowerPC) and Mac OS X Server v10.4.5
The download file is named:  "SecUpd2006-001Ti.dmg"
Its SHA-1 digest is:  999b73a54951b4e0a7f873fecf75f92840e8b439

For Mac OS X v10.4.5 (Intel)
The download file is named:  "SecUpd2006-001Intel.dmg"
Its SHA-1 digest is:  473f94264876fa49fa15a8b6bb4bc30956502ad5

For Mac OS X v10.3.9
The download file is named:  "SecUpd2006-001Pan.dmg"
Its SHA-1 digest is:  b6a000d451a1b1696726ff60142fc3da08042433

For Mac OS X Server v10.3.9
The download file is named:  "SecUpdSrvr2006-001Pan.dmg"
Its SHA-1 digest is:  2299380d72a61eadcbd0a5c6f46c924600ff5a9c

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)

iQEVAwUBRAYYVoHaV5ucd/HdAQJQWggApQmizj2t3+/87Fqun66/HCEkFt2YhUoe
cmel0/KwJhWrk+LV+CYvixbDvKuGIjP8CWB9/s78YN93pOI5WcfyTKd07rEQYkT4
i8KPrM9QjdvgIjKd6O/VAOkzBc3DqV7KNVR2Hewa3jOigTm7Yxil9o/nZt1TLxAI
9TN0uduc13WHC8WE2N41I8MQ+VdGTX3ANZkfgR90lua4A2E1ab9kCN2qbg+E7Cus
SkwsKp0qSH7bl8v0/R6c1hsYG0T1RwSWU6arAEliqzrrIbCm0Yxtgwp/CYFWC46j
TQNCcppNgcr/pVPojACy8WFtQ3wEb6rJ4ZjH1C5nOem2EoCBh10WFw==
=1Ww0
-----END PGP SIGNATURE-----
    

- 漏洞信息

21492
PHP exif_read_data Malformed JPEG DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability
Design Error 15358
Yes No
2005-11-08 12:00:00 2007-01-15 06:00:00
This issue was announced in the referenced RedHat Fedora advisories.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
TransSoft Broker FTP Server 8.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
SGI ProPack 3.0
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
PHP PHP 5.0.4
PHP PHP 4.3.10
PHP PHP 4.3.9
PHP PHP 4.3.8
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
PHP PHP 4.3.3
PHP PHP 4.3.2
PHP PHP 4.3.1
PHP PHP 4.3
PEAR PEAR 1.4.2
PEAR PEAR 1.4.1
PEAR PEAR 1.4
Peachtree Linux release 1
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
HP System Management Homepage 2.1.4
HP System Management Homepage 2.1.3 .132
HP System Management Homepage 2.1.3
HP System Management Homepage 2.1.2
HP System Management Homepage 2.1.1
HP System Management Homepage 2.1
HP System Management Homepage 2.0.2
HP System Management Homepage 2.0.1
HP System Management Homepage 2.0
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Conectiva Linux 9.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
PHP PHP 4.3.11
PEAR PEAR 1.4.3
HP System Management Homepage 2.1.5

- 不受影响的程序版本

PHP PHP 4.3.11
PEAR PEAR 1.4.3
HP System Management Homepage 2.1.5

- 漏洞讨论

PHP is prone to a denial-of-service vulnerability.

This issue occurs when parsing EXIF image data in corrupt JPEG files.

An attacker can exploit this vulnerability to crash the system, effectively denying service to legitimate users.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for further information.


PEAR PEAR 1.4.2

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X Server 10.4.1

Apple Mac OS X Server 10.4.5

HP System Management Homepage 2.0.2

HP System Management Homepage 2.1

HP System Management Homepage 2.1.1

HP System Management Homepage 2.1.2

HP System Management Homepage 2.1.4

PHP PHP 4.3

PHP PHP 4.3.2

PHP PHP 4.3.5

PHP PHP 4.3.6

PHP PHP 4.3.8

PHP PHP 4.3.9

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站