-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-3848 2009-04-21 23:56:05 --------------------------------------------------------------------------------
Name : maniadrive Product : Fedora 9 Version : 1.2 Release : 13.fc9 URL : http://maniadrive.raydium.org/ Summary : 3D stunt driving game Description : ManiaDrive is an arcade car game on acrobatic tracks, with a quick and nervous gameplay (tracks almost never exceed one minute). Features: Complex car physics, Challenging "story mode", LAN and Internet mode, Live scores, Track editor, Dedicated server with HTTP interface and More than 30 blocks. -------------------------------------------------------------------------------- Update Information: Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap library by the PHP "imap" extension. This could cause the PHP interpreter to crash if the "imap" extension was used to read specially-crafted mail messages with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php http://www.php.net/ChangeLog-5.php#5.2.9 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2009 Remi Collet <[email protected]> - 1.2-13 - Rebuild for php 5.2.9 * Sun Feb 15 2009 Hans de Goede <[email protected]> 1.2-12 - Fix maniadrive crashing with php 5.2.8 (and later) - Fix maniadrive triggering an assert in the latest ode * Wed Dec 17 2008 Hans de Goede <[email protected]> 1.2-11 - Rebuild for new php version * Mon Sep 15 2008 Hans de Goede <[email protected]> 1.2-10 - Rebuild for new ode * Sat Jun 21 2008 Hans de Goede <[email protected]> 1.2-9 - Rebuild for new php version -------------------------------------------------------------------------------- References: [ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=478425 [ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode() https://bugzilla.redhat.com/show_bug.cgi?id=494530 [ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension https://bugzilla.redhat.com/show_bug.cgi?id=459529 [ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension https://bugzilla.redhat.com/show_bug.cgi?id=459572 [ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=452808 [ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=474824 [ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution) https://bugzilla.redhat.com/show_bug.cgi?id=478848 [ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service https://bugzilla.redhat.com/show_bug.cgi?id=479272 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update maniadrive' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list [email protected] http://www.redhat.com/mailman/listinfo/fedora-package-announce
