[SEGURANÇA][DSA-020-1] Novas versões do PHP4 liberadas
----------------------------------------------------------------------------
Informativo de Segurança do Debian DSA-020-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
25 de Janeiro de 2001
----------------------------------------------------------------------------
Pacote : php4
Vulnerabilidade : DOS remoto e vazamento remoto de informações
Específico do Debian: não
O pessoal da Zend achou uma vulnerabilidade em versões antigas do PHP4
(o informativo original fala da versão 4.0.4 enquanto que os bugs também
estão presentes na versão 4.0.3). É possível especificar diretivas do
PHP por diretório, o que pode levar um atacante remoto a modelar um
pedido HTTP que causaria a próxima página a ser servida com os valores
errados para essas diretivas. E também mesmo se o PHP está instalado,
ele pode ser ativado e desativado por diretório ou por hosts virtuais,
usando a diretiva "engine=on" ou "engine=off". Essa configuração pode
vazar para outros hosts virtuais na mesma máquina, efetivamente
desabilitando o PHP para estes hosts e resultando em código-fonte PHP
sendo enviado ao cliente ao invés de ser executado pelo servidor.
Nós recomendamos que você atualize seus pacotes php4.
wget url
baixará o arquivo para você
dpkg -i arquivo.deb
instalará o arquivo mencionado.
Você pode fazer uma atualização automática utilizando as instruções do
rodapé dessa mensagem.
Debian GNU/Linux 2.2 codinome potato
- ------------------------------------
Potato foi liberado para as arquiteturas alpha, arm, i386, m68k,
powerpc e sparc. PHP4 não está disponível para a arquitetura arm nessa
versão.
Arquivos do código-fonte:
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.diff.gz
MD5 checksum: a15f5cf60f0927d827b80af1d2962ebc
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1-0potato1.1.dsc
MD5 checksum: ac81451c06e1e5e70197bde98068f861
http://security.debian.org/dists/stable/updates/main/source/php4_4.0.3pl1.orig.tar.gz
MD5 checksum: e65b706a7fc4469d1ccd564ef8a2c534
Arquitetura Intel ia32:
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-gd_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 3b0325c598699e6c89d9033296afa40e
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-imap_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 3d281b9589d0fe4ec2c381e99818d8fe
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-ldap_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: d8c5514768bd923165297693bce59b67
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mhash_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: ea4dd2afdf874b96afd8e56c8fda5eea
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-mysql_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: eac99f5f9bd8b63c7011d749e9293d5c
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-pgsql_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 8b197654fd01e7e4ad09851af3a89bb8
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-snmp_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 721683a357df004a95611d32181cd603
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi-xml_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 5920fa740a7168788b406766a4a8e2f4
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-cgi_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 0d7643d41a69b5756dc797a277c4f93c
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-gd_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 4ea06d61ac4fd092c200a978a77c5547
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-imap_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 2b36fcab957f44eea531c87d122d02aa
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-ldap_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 250547415edaadd196456ab6b3b54a47
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mhash_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 29781f14c2971c77bdcd6e2f767c9598
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-mysql_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: e4b486363b40f0dbbcc239a665ad2422
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-pgsql_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 49817c930561faddf2a5ef8f53fbfdd8
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-snmp_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 9da83993a886cf6c8c53341086cbc2c0
http://security.debian.org/dists/stable/updates/main/binary-i386/php4-xml_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 1fee10c42fc22091bdfcd854d05803cd
http://security.debian.org/dists/stable/updates/main/binary-i386/php4_4.0.3pl1-0potato1.1_i386.deb
MD5 checksum: 04b33b287972e2a15dbaa89bfae20080
Arquitetura Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-gd_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: e993097320098832ac5dbbf130ec57cd
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-imap_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: bcced2d00d25ad9cba59886f60dbf935
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-ldap_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: b8106cdd4a6d0f6bda23839df4e8bf59
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mhash_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 6102013e7dfefa61eeca9f1a831cd27e
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 75fca59f289226c6aac7dc863328aa6b
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-mysql_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 2596e62882aed9e7b2b2bf9fc24303f7
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-pgsql_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: abb21d358a8a47418ad2b863f9223bca
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-snmp_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: ac105724634f8feb78c265c62d3ca721
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-cgi-xml_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 6c4b56e3c797b991ecf43b12b207c9b0
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-gd_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: e98ec97cac2055ae5a08080be53ae2e8
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-imap_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 8d1622eeb294df005fd04086ee4cc8e9
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-ldap_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 358f383f0e0b76083768b67ce09b5e44
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mhash_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 2ccb0a9072a6aa94d4d9ed2b061d39d8
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-mysql_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: f5892b4b5da2aa31d086ac1af03ce82f
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-pgsql_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 53d0699a9179fb9e5d6a302d0f89ab07
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-snmp_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 8069e9b68faf4c20847f0035ec32e1ed
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4-xml_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: ecd8f11252cdcb259f61ebfa9d0db8c3
http://security.debian.org/dists/stable/updates/main/binary-m68k/php4_4.0.3pl1-0potato1.1_m68k.deb
MD5 checksum: 21990572dc2396958cd529e8db4247a2
Arquitetura Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-gd_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 3bb90a8cb90824c0863fa54907d70844
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-imap_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 51a773eb1634d1d73b051382a91411b6
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-ldap_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 91a8ca72c6a3ae00abb3f6a0bdb961fd
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mhash_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 81f7a37ebd7481109e0b270426790537
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-mysql_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: aebccbe3b1ccc2c3fda3619a61f27f5f
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 0170246116c6babfc31c780a9b7ed145
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-snmp_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: dc2844130fd1704bcb83b568ede35cac
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi-xml_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: bfdf332a97e6c9886af3d7fed549762d
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-cgi_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 7ccd53b96c7fe8d9d0ee227a3d30fcb8
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-gd_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 40593b1f23054c1f4dea44dab3c3ac7e
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-imap_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: e6c9837f637876aa9bd4601f3bd50150
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-ldap_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 74c4f3703584939a83c2a677cd088360
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mhash_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 4a60ee2fcde09d2a0c53a68827f8cf22
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-mysql_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 777a7765cfdd0c60e4099cc50d102396
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-pgsql_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: a30473a4a9aa0d6e9f5e42d0465c2e81
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-snmp_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: e831ebdab6d28f80133dc3c76acd1fff
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4-xml_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: ef08ca6c104f686c108593124749e73f
http://security.debian.org/dists/stable/updates/main/binary-sparc/php4_4.0.3pl1-0potato1.1_sparc.deb
MD5 checksum: 06c5b526104360cc6f2418418bd0dd8a
Arquitetura Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-gd_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: c38b89bad8a368527593b44511d676e2
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-imap_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 2a4e1b2020486e55c40172666f84544f
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-ldap_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: baf56bbe91cf80b44a4bfc93b03a5155
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mhash_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 5bb4e6c247fc762464003f161658ed70
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-mysql_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 4c2400fdfaafba4b1c88407958bf4bde
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-pgsql_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 76e5610edea32d3b1ce6368137beed02
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-snmp_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 6446d314c959ca4f6274efc369981d93
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi-xml_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 70e42898bb108868190f453b003485d2
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-cgi_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 67ef428c048ea69049de1b2564c2e131
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-gd_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 356415806db04c1af47c2c3879a32056
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-imap_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 8c3e5f384156c16ae4be4eeed506b100
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-ldap_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 26ec819797d98d94f4ddc118050e016e
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mhash_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 92467a81541759cc96ba43d22f3f090a
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-mysql_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: db250e1b917732e56ba24300b8b0de4b
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-pgsql_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 68d8997c8ad41eec8fd57fdaa935555d
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-snmp_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 801fc0b590e7cf48352ae3856f174c36
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4-xml_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: fa2a5dc876c83b7762330868f481f5e4
http://security.debian.org/dists/stable/updates/main/binary-alpha/php4_4.0.3pl1-0potato1.1_alpha.deb
MD5 checksum: 3937b11080e12826d92f6135a004b9e8
Arquitetura PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-gd_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: a9fd9a9acdd3ff34e28f4bbd67e7e6d2
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-imap_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: a2d72c2158c7b0e042de5f25528ed22b
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-ldap_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 752ef5452377ab0bdad5cb41b49fe69b
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mhash_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 26cd828f3a887723bd8f85d40267d0f2
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-mysql_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 72172ec423522ed0152216ad969194ee
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 10e9d53d216e332bd3898a3bab868e02
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-snmp_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: e6f90e67f24235c8cedb772f15b330cb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi-xml_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 6a673ef2cf5ec2d772ff8ee2fe17377b
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-cgi_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 26696cb238de45d5c03ef4661fce9a3b
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-gd_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 0e98eb32ac8dc72a6d916534c4ebfe3d
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-imap_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: cec1d7f3d594a4ba70f787a32df1b77a
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-ldap_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: ea2b0763adba1a760dee559e61be5212
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mhash_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 51bbb3e05a10702037bc7e86c41b3437
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-mysql_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 07100cd72c4910b84e9ac6b0f0f3730a
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-pgsql_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: bf57819400fbcaee6af521c41df8677d
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-snmp_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 104b50678486bebe3b7442f4c63c68c8
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4-xml_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 4c659d2d4de794c965c8f4a7c7614aad
http://security.debian.org/dists/stable/updates/main/binary-powerpc/php4_4.0.3pl1-0potato1.1_powerpc.deb
MD5 checksum: 6bdc83efc3dca66ed98610e615de75e6
Independente de arquitetura:
http://security.debian.org/dists/stable/updates/main/binary-all/php4-dev_4.0.3pl1-0potato1.1_all.deb
MD5 checksum: ac1dafcac90095f7d5a7e43f45fd5024
Esses arquivos serão movidos para
ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ em breve.
Para arquiteturas que ainda não foi liberado favor consultar o diretório
apropriado ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
-
----------------------------------------------------------------------------
No apt-get: deb http://security.debian.org/ stable/updates main
No dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Lista de mensagens: debian-security-announce@lists.debian.org
Informações sobre o pacote: `apt-cache show <pacote>' e
http://packages.debian.org/<pacote>
Reply to: