Debian DSA-1940-1 : php5 - multiple issues

High Nessus Plugin ID 44805

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems :

The following issues have been fixed in both the stable (lenny) and the oldstable (etch) distributions :

- CVE-2009-2687 CVE-2009-3292 The exif module did not properly handle malformed jpeg files, allowing an attacker to cause a segfault, resulting in a denial of service.

- CVE-2009-3291 The php_openssl_apply_verification_policy() function did not properly perform certificate validation.

- No CVE id yet

Bogdan Calin discovered that a remote attacker could cause a denial of service by uploading a large number of files in using multipart/ form-data requests, causing the creation of a large number of temporary files.

To address this issue, the max_file_uploads option introduced in PHP 5.3.1 has been backported. This option limits the maximum number of files uploaded per request. The default value for this new option is 50. See NEWS.Debian for more information.

The following issue has been fixed in the stable (lenny) distribution :

- CVE-2009-2626 A flaw in the ini_restore() function could lead to a memory disclosure, possibly leading to the disclosure of sensitive data.

In the oldstable (etch) distribution, this update also fixes a regression introduced by the fix for CVE-2008-5658 in DSA-1789-1 (bug #527560).

Solution

Upgrade the php5 packages.

For the stable distribution (lenny), these problems have been fixed in version 5.2.6.dfsg.1-1+lenny4.

The oldstable distribution (etch), these problems have been fixed in version 5.2.0+dfsg-8+etch16.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535888

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540605

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527560

https://security-tracker.debian.org/tracker/CVE-2009-2687

https://security-tracker.debian.org/tracker/CVE-2009-3292

https://security-tracker.debian.org/tracker/CVE-2009-3291

https://security-tracker.debian.org/tracker/CVE-2009-2626

https://security-tracker.debian.org/tracker/CVE-2008-5658

https://www.debian.org/security/2009/dsa-1940

Plugin Details

Severity: High

ID: 44805

File Name: debian_DSA-1940.nasl

Version: 1.13

Type: local

Agent: unix

Published: 2010/02/24

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:php5, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/11/25

Reference Information

CVE: CVE-2008-5658, CVE-2009-2626, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292

BID: 35440, 36449, 37079

DSA: 1940

CWE: 20, 22