SuSE Update for php4,php5 SUSE-SA:2007:020

Impact
remote code execution
Solution
Please Install the Updated Packages.
Insight
Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions (5) stream filters and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2007-0909: Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows attackers to &quot clobber&quot certain super-global variables via unspecified vectors. CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a &quot &quot in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. This security update also fixes some bugs reported by the Month of PHP bugs project: MOPB-10-2007 / CVE-2007-1380: The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. MOPB-16-2007 / CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. Note that this problem is caught by the FORTIFY SOURCE extension in SUSE Linux 10.0 and newer products and just leads to a controlled abort of the PHP interpreter.
Affected
php4,php5 on SUSE LINUX 10.1, openSUSE 10.2, SuSE Linux Enterprise Server 8, SUSE SLES 9, Open Enterprise Server, Novell Linux POS 9, SUSE SLES 10
References