Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2006 > Three Mandriva Linux Security Advisories

February 2006

Three Mandriva Linux Security Advisories

ID: 00114
Ref: 112/2006
Date: 08 February 2006:14:21:52
Version: 1
Title: Three Mandriva Linux Security Advisories
Abstract:
Vendors affected: Mandriva
Operating systems affected: Mandriva
Applications affected: Mandriva
Title
=====

Three Mandriva Linux Security Advisories:

1. MDKSA-2006:035 - Updated php packages fix vulnerability

2. MDKSA-2006:036 - Updated mozilla packages to address DoS vulnerability

3. MDKSA-2006:037 - Updated mozilla-firefox packages to address DoS vulnerability

Detail
======

1. A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions via
unknown attack vectors.

2. Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)

3. Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:035
http://www.mandriva.com/security/
_______________________________________________________________________

Package : php
Date : February 7, 2006
Affected: 10.1, 10.2, Corporate 3.0, Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

A flaw in the PHP gd extension in versions prior to 4.4.1 could allow
a remote attacker to bypass safe_mode and open_basedir restrictions via
unknown attack vectors.

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391
_______________________________________________________________________

Updated Packages:

Mandriva Linux 10.1:
73fb60b80de60eac15425466e59dca39 10.1/RPMS/libphp_common432-4.3.8-3.8.101mdk.i586.rpm
b28919e0310bf29bf5866dae1ee16d98 10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.i586.rpm
d83eaac3668f09924156f177cd15f201 10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.i586.rpm
143fc214304a1c289fca9706a2a1c3a8 10.1/RPMS/php-cli-4.3.8-3.8.101mdk.i586.rpm
78c983eccc5b8423c97ef382438b2e65 10.1/RPMS/php-gd-4.3.8-2.1.101mdk.i586.rpm
677522c6ed558432f3dbf15616083610 10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
aac1a54955e947f6c15c8b8059ae4181 10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
106d6d5ca6b8f39c392bd13ec1dc42d4 x86_64/10.1/RPMS/lib64php_common432-4.3.8-3.8.101mdk.x86_64.rpm
b4c808eec06082b85642bb130f8415dc x86_64/10.1/RPMS/php432-devel-4.3.8-3.8.101mdk.x86_64.rpm
471cb69b308907e438d462c99980dea0 x86_64/10.1/RPMS/php-cgi-4.3.8-3.8.101mdk.x86_64.rpm
553db3e91f87e7a515ac135e8d7f15f0 x86_64/10.1/RPMS/php-cli-4.3.8-3.8.101mdk.x86_64.rpm
ec747cf48a3dad42141f27e44325033e x86_64/10.1/RPMS/php-gd-4.3.8-2.1.101mdk.x86_64.rpm
677522c6ed558432f3dbf15616083610 x86_64/10.1/SRPMS/php-4.3.8-3.8.101mdk.src.rpm
aac1a54955e947f6c15c8b8059ae4181 x86_64/10.1/SRPMS/php-gd-4.3.8-2.1.101mdk.src.rpm

Mandriva Linux 10.2:
13cf3adeda0a0cd1d0ccde575cbe63ec 10.2/RPMS/libphp_common432-4.3.10-7.6.102mdk.i586.rpm
18302ef915b8f1b2245b9c0f79d574aa 10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.i586.rpm
c58efdb3973bb63914463628936cf2db 10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.i586.rpm
401059a0058df93d7b8567813b082b7e 10.2/RPMS/php-cli-4.3.10-7.6.102mdk.i586.rpm
887e86064d91d133d3c98245b39335b3 10.2/RPMS/php-gd-4.3.10-5.1.102mdk.i586.rpm
b677b123040f0279e39a047aa706a853 10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
393e9bde7b571bc6aee17cf48929e0d5 10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b457eff82dcedc940afda2b137dc9058 x86_64/10.2/RPMS/lib64php_common432-4.3.10-7.6.102mdk.x86_64.rpm
6075916423066e4a026814cd38332528 x86_64/10.2/RPMS/php432-devel-4.3.10-7.6.102mdk.x86_64.rpm
4e1c918a571c85e3e4ce065edd249576 x86_64/10.2/RPMS/php-cgi-4.3.10-7.6.102mdk.x86_64.rpm
a222ddab3ffff21bcd82420fce7951da x86_64/10.2/RPMS/php-cli-4.3.10-7.6.102mdk.x86_64.rpm
ccf2d23979006f1f7bbc9d2a1efd6043 x86_64/10.2/RPMS/php-gd-4.3.10-5.1.102mdk.x86_64.rpm
b677b123040f0279e39a047aa706a853 x86_64/10.2/SRPMS/php-4.3.10-7.6.102mdk.src.rpm
393e9bde7b571bc6aee17cf48929e0d5 x86_64/10.2/SRPMS/php-gd-4.3.10-5.1.102mdk.src.rpm

Corporate 3.0:
1980e0259fe7747380a824f8d22e6547 corporate/3.0/RPMS/libphp_common432-4.3.4-4.10.C30mdk.i586.rpm
390c85972981566b353b594fe22197dc corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.i586.rpm
d9a49155ce3a80cdbc277f2412a13518 corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.i586.rpm
d0cbbd7fb891a7541929c67aa0343df6 corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.i586.rpm
238811f03e72ceecb0b91be525380cb9 corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.i586.rpm
d54f4e12d35cedbef0f718170620ace4 corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
c1a3d05a9501024102944e6820bc5501 corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
a8dce337033e676378664c0db6b469f7 x86_64/corporate/3.0/RPMS/lib64php_common432-4.3.4-4.10.C30mdk.x86_64.rpm
c7b1cfd80cd506eff43f22b80aa75de6 x86_64/corporate/3.0/RPMS/php432-devel-4.3.4-4.10.C30mdk.x86_64.rpm
1c5e085cb86ad4f7af6a0da6d05a1d62 x86_64/corporate/3.0/RPMS/php-cgi-4.3.4-4.10.C30mdk.x86_64.rpm
9eec60e7a700c07da18b4f787ad3f58c x86_64/corporate/3.0/RPMS/php-cli-4.3.4-4.10.C30mdk.x86_64.rpm
500eedf63f7cbccb7920a94e7959e7ac x86_64/corporate/3.0/RPMS/php-gd-4.3.4-1.1.C30mdk.x86_64.rpm
d54f4e12d35cedbef0f718170620ace4 x86_64/corporate/3.0/SRPMS/php-4.3.4-4.10.C30mdk.src.rpm
c1a3d05a9501024102944e6820bc5501 x86_64/corporate/3.0/SRPMS/php-gd-4.3.4-1.1.C30mdk.src.rpm

Multi Network Firewall 2.0:
505744d67c4a0d9d438eb59635a1b854 mnf/2.0/RPMS/libphp_common432-4.3.4-4.10.M20mdk.i586.rpm
415fb09281493e6b5e262b8a919b2eb9 mnf/2.0/RPMS/php432-devel-4.3.4-4.10.M20mdk.i586.rpm
71f1a80d1bf23652a8001a7e48fe139c mnf/2.0/RPMS/php-cgi-4.3.4-4.10.M20mdk.i586.rpm
5ad32b1fb9e6b12be629ea44168d5138 mnf/2.0/RPMS/php-cli-4.3.4-4.10.M20mdk.i586.rpm
0b23cfbdff6ccd70f06cd3ab13813cb5 mnf/2.0/RPMS/php-gd-4.3.4-1.1.M20mdk.i586.rpm
27c29e02d28e0aea1dadd7d149636b83 mnf/2.0/SRPMS/php-4.3.4-4.10.M20mdk.src.rpm
ca1601d0a1fa257c8916715582a1df41 mnf/2.0/SRPMS/php-gd-4.3.4-1.1.M20mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6M4NmqjQ0CJFipgRAvWSAJ0Yd7hn/GFf8yzTndtqIQyoglmadgCg5Tyo
2VeXltESjHb2bQZrROv66Ao=
=uN12
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:036
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla
Date : February 7, 2006
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)

Updated packages are patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
8d1376d6440bc1602ab2b1c74262a30c corporate/3.0/RPMS/libnspr4-1.7.8-0.7.C30mdk.i586.rpm
ceae80feec83d84891234f8bcf546247 corporate/3.0/RPMS/libnspr4-devel-1.7.8-0.7.C30mdk.i586.rpm
4be42f4a2297322ac93e6c4e635a225b corporate/3.0/RPMS/libnss3-1.7.8-0.7.C30mdk.i586.rpm
f7490d1448b0ef6fe8eaa7561066095f corporate/3.0/RPMS/libnss3-devel-1.7.8-0.7.C30mdk.i586.rpm
d3c71d0217099e4586818dc40f819308 corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.i586.rpm
5d73ae4396714d8b5bf9892090c22724 corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.i586.rpm
005998ef07bd769563084275c27928ec corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.i586.rpm
0774d333844c7d27b560146e632a33b2 corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.i586.rpm
72bda6c0dfc17eb36b5f64aced6da5a3 corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.i586.rpm
b425cbdf6b2f2261799869327527d1c7 corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.i586.rpm
a2ba40970fd46883f707979925553074 corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.i586.rpm
3f786a780a2355f4605886287fc489c3 corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.i586.rpm
4dc8edd930a75430e84520b3b2f00859 corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.i586.rpm
4f1024a56ad3c8f3aef13ff2ea881ceb corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm

Corporate 3.0/X86_64:
990fd040a970e2fe393665bc87f9d964 x86_64/corporate/3.0/RPMS/lib64nspr4-1.7.8-0.7.C30mdk.x86_64.rpm
e70615c6a988f23636f7bf3d642d2028 x86_64/corporate/3.0/RPMS/lib64nspr4-devel-1.7.8-0.7.C30mdk.x86_64.rpm
69e14625db53e49b4d1fcd9d346218db x86_64/corporate/3.0/RPMS/lib64nss3-1.7.8-0.7.C30mdk.x86_64.rpm
17f22cc0913232f4d0cd3efbffd17af1 x86_64/corporate/3.0/RPMS/lib64nss3-devel-1.7.8-0.7.C30mdk.x86_64.rpm
23d7b49cde6c2e96742f45625845d825 x86_64/corporate/3.0/RPMS/mozilla-1.7.8-0.7.C30mdk.x86_64.rpm
a14cde7bc834e298f9b1ff97d0faa04c x86_64/corporate/3.0/RPMS/mozilla-devel-1.7.8-0.7.C30mdk.x86_64.rpm
7b6a92d89e3771330e69b24eef80d02b x86_64/corporate/3.0/RPMS/mozilla-dom-inspector-1.7.8-0.7.C30mdk.x86_64.rpm
88510e96eee3232f5dd931de50ef9878 x86_64/corporate/3.0/RPMS/mozilla-enigmail-1.7.8-0.7.C30mdk.x86_64.rpm
71e44f63b296849361d5733b0e6824d1 x86_64/corporate/3.0/RPMS/mozilla-enigmime-1.7.8-0.7.C30mdk.x86_64.rpm
1740b993c3c30a35dcd37d7c88bd6187 x86_64/corporate/3.0/RPMS/mozilla-irc-1.7.8-0.7.C30mdk.x86_64.rpm
13b44d4ab0a1b80fb50ad8c881d94253 x86_64/corporate/3.0/RPMS/mozilla-js-debugger-1.7.8-0.7.C30mdk.x86_64.rpm
b9683c1834c25ab3d78606b912714780 x86_64/corporate/3.0/RPMS/mozilla-mail-1.7.8-0.7.C30mdk.x86_64.rpm
7ccb971d176e3e3a1a924bfc23f34b1e x86_64/corporate/3.0/RPMS/mozilla-spellchecker-1.7.8-0.7.C30mdk.x86_64.rpm
4f1024a56ad3c8f3aef13ff2ea881ceb x86_64/corporate/3.0/SRPMS/mozilla-1.7.8-0.7.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6SVbmqjQ0CJFipgRAtEGAKDeolBWyZSrRKa1tL4JSbkQw+z06ACgkcGr
VCmfGeobl7Qv+lFgSZbx3rE=
=NT/H
- -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:037
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla-firefox
Date : February 7, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

Mozilla and Mozilla Firefox allow remote attackers to cause a denial of
service (CPU consumption and delayed application startup) via a web
site with a large title, which is recorded in history.dat but not
processed efficiently during startup. (CVE-2005-4134)

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before
1.5.1 does not properly dereference objects, which allows remote
attackers to cause a denial of service (crash) or execute arbitrary
code via unknown attack vectors related to garbage collection.
(CVE-2006-0292)

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1,
and SeaMonkey before 1.0 does not validate the attribute name, which
allows remote attackers to execute arbitrary Javascript by injecting
RDF data into the user's localstore.rdf file. (CVE-2006-0296)

Updated packages are patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0296
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
da643268d4704d938689f5fe2cca120f 2006.0/RPMS/libnspr4-1.0.6-16.4.20060mdk.i586.rpm
b6911002ac57b7d9aa2b250362eb800a 2006.0/RPMS/libnspr4-devel-1.0.6-16.4.20060mdk.i586.rpm
f0b33d31942402c9375e28b67b5af7a1 2006.0/RPMS/libnss3-1.0.6-16.4.20060mdk.i586.rpm
44be800d89df092daf5fb2cccbbd38cc 2006.0/RPMS/libnss3-devel-1.0.6-16.4.20060mdk.i586.rpm
23f78dfcad4ffac1232ac34021312140 2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.i586.rpm
f15d9c997aea3efc48cfb04534e0710a 2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.i586.rpm
f1309fb4699a35abfb9d0ed618eae738 2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
6f7649defa3b0f2ecb7fad32a22e780b x86_64/2006.0/RPMS/lib64nspr4-1.0.6-16.4.20060mdk.x86_64.rpm
bf965382a901febf026662823158aec0 x86_64/2006.0/RPMS/lib64nspr4-devel-1.0.6-16.4.20060mdk.x86_64.rpm
34e4b253f78196e93749150263447c94 x86_64/2006.0/RPMS/lib64nss3-1.0.6-16.4.20060mdk.x86_64.rpm
1d7cf344f788454a1b151fc886b88200 x86_64/2006.0/RPMS/lib64nss3-devel-1.0.6-16.4.20060mdk.x86_64.rpm
ef97a23ece3c504332437f395dad3f77 x86_64/2006.0/RPMS/mozilla-firefox-1.0.6-16.4.20060mdk.x86_64.rpm
a9f2be464482f4cf70120f12d5ff9e58 x86_64/2006.0/RPMS/mozilla-firefox-devel-1.0.6-16.4.20060mdk.x86_64.rpm
f1309fb4699a35abfb9d0ed618eae738 x86_64/2006.0/SRPMS/mozilla-firefox-1.0.6-16.4.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD6SkBmqjQ0CJFipgRAmG6AKDLr8iRGL6o32c6ym3EhlEc9mwxMwCdG4v1
7iZEqez7JcYqPf7Be9eAEP8=
=OWST
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |