SUSE Security Announcement: php remote denial of service (SUSE-SA:2005:023)

15 Apr 2005


      -----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                php4, php5
        Announcement-ID:        SUSE-SA:2005:023
        Date:                   Fri, 15 Apr 2005 12:00:00 +0000
        Affected products:      8.2, 9.0, 9.1, 9.2, 9.3
                                SUSE Linux Enterprise Server 8, 9

        Vulnerability Type:     remote denial of service
        Severity (1-10):        5
        SUSE default package:   no
        Cross References:       CAN-2005-0524
                                CAN-2005-0525


    Content of this advisory:
        1) security vulnerability resolved:
             php4 / php5 denial of service attack
           problem description
        2) solution/workaround
        3) special instructions and notes
        4) package location and checksums
        5) pending vulnerabilities, solutions, workarounds:
            none
        6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

    This update fixes the following security issues in the PHP scripting
    language:

    - A bug in getimagesize() EXIF handling which could lead to a denial of
      service attack.

      This is tracked by the Mitre CVE IDs  CAN-2005-0524 and CAN-2005-0525.

    Additionally this non-security bug was fixed:
    - Performance problems of unserialize() caused by previous security
      fix to unserialize were fixed.

    All SUSE Linux based distributions shipping php4 and php5 were affected.

2) solution/workaround

    Please install the upgraded packages.

3) special instructions and notes

    Please make sure you restart the web server after this update.

4) package location and checksums

    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command "rpm -Fhv file.rpm" to apply
    the update.
    Our maintenance customers are being notified individually. The packages
    are being offered to install from the maintenance web.


    x86 Platform:

    SUSE Linux 9.3:
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php4-4.3.10-14.2.i586.rpm
           092b41e835df38140ce84a57a8a19291
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/apache2-mod_php5-5.0.3-14.2.i586.rpm
           859c59423121af7fc782187b67ac9eb2
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/mod_php4-servlet-4.3.10-14.2.i586.rpm
           998bb2eee2ccb49db4889f9064520212
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-4.3.10-14.2.i586.rpm
           8e5903503b80b7235e253d9b8b59904f
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-devel-4.3.10-14.2.i586.rpm
           b6e4b7080e54cb4ca2b970817d7a7202
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-fastcgi-4.3.10-14.2.i586.rpm
           5f14cca638d59b161c3db68cc378c237
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-session-4.3.10-14.2.i586.rpm
           726545e66501ea788cb278804071bfe3
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php4-sysvshm-4.3.10-14.2.i586.rpm
           c201b0e680713340312baef2b8629252
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-5.0.3-14.2.i586.rpm
           356d41447026e2c29658b4be3ba18b95
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-devel-5.0.3-14.2.i586.rpm
           63b4c9099189788fc6c6fee76d4b0d6f
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-fastcgi-5.0.3-14.2.i586.rpm
           5b5d43fc648f6d54a36dbd475c075e0d
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvmsg-5.0.3-14.2.i586.rpm
           f64d969e257eebc6756b018fd2609638
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/php5-sysvshm-5.0.3-14.2.i586.rpm
           7e70d9b50cb54250c26953ada098a381
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-32bit-9.3-7.1.x86_64.rpm
           05fad72084e61a4df8a3acd1ff08f798

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.5.i586.rpm
           30fc3c59fab61fa89944dec7db94d26e
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mod_php4-servlet-4.3.8-8.5.i586.rpm
           ba2c67dd1c709dff17168eaebd8e145f
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.5.i586.rpm
           6d4a22a613dc64a3699d27ce09f9f255
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-devel-4.3.8-8.5.i586.rpm
           fdbd8f94484d41142f51af35b18b8b97
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-fastcgi-4.3.8-8.5.i586.rpm
           78a39683a5496885464c8a7bb5ebdd82
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-session-4.3.8-8.5.i586.rpm
           70a081d38fa56e51c4e357dd0a7c3a73
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-sysvshm-4.3.8-8.5.i586.rpm
           ae7974ce3c6e62fea4687a13eefa1f43
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-32bit-9.2-200504081300.x86_64.rpm
           a9d235e734d2ac2e876048173900e392

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.28.i586.rpm
           b7aead2cb147c681e0efb34cb0012d56
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.28.i586.rpm
           bf8e4ccdcc94b8ff6aa9e50738d5652e
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-servlet-4.3.4-43.28.i586.rpm
           cbeec3026b9274969a61421ec0b5d15f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.28.i586.rpm
           65b3a8046f7622973b7a7d0b8a388a9a
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-devel-4.3.4-43.28.i586.rpm
           dc7b8514735b01887158b9666cb09cc1
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-fastcgi-4.3.4-43.28.i586.rpm
           7872f4539151e9055a0c3a05bcc53340
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-imap-4.3.4-43.28.i586.rpm
           e6c0896439221b47ac95bd5b81347030
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-mysql-4.3.4-43.28.i586.rpm
           879bb81a1e99f0f1abc9f9297ef78afb
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-recode-4.3.4-43.28.i586.rpm
           7640c6d169b4ee0bb7beace768ebd3bf
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-servlet-4.3.4-43.28.i586.rpm
           091a8ca814be21d0dca4473214151ab4
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-session-4.3.4-43.28.i586.rpm
           f836d57b333b0854f77831f947a29939
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-sysvshm-4.3.4-43.28.i586.rpm
           d0ce400b95af15df2c2ff93cefc27f6f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-wddx-4.3.4-43.28.i586.rpm
           153fe65a00f9c83ed6e3e9d8ac58bcd7
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.28.src.rpm
           6cd11704fb5dcba94fef2efe304ce6ae

    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-187.i586.rpm
           8e9e46631279dfec913dbccc3507a04d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-187.i586.rpm
           4b817d14ea8cfa471d2b7da231bc9c04
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-aolserver-4.3.3-187.i586.rpm
           01cde19877d4cdb7241183c29d799a40
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-187.i586.rpm
           2f3b9eaea64686556524d4b6a3712b44
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-devel-4.3.3-187.i586.rpm
           9ffcd67d307dac6d4d2b35c8f2e19269
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-servlet-4.3.3-187.i586.rpm
           f381038385a6634a0191daa3da1d8ea8
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-187.src.rpm
           ba28af987d39a5eb456574fc0fb95828

    SUSE Linux 8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-mod_php4-4.3.1-176.i586.rpm
           e2afaa2f21bfd29e5689fb66e87bc7c4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-4.3.1-176.i586.rpm
           7056ee242089ad9889c9109d7ba58bfa
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-aolserver-4.3.1-176.i586.rpm
           8af8e5ba3e8a69737b695f3df2886c43
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-core-4.3.1-176.i586.rpm
           cc17c23d79a92b7d73db7015343fec6f
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-devel-4.3.1-176.i586.rpm
           792e5ca40d4b7416e50a7c5d8305cc76
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mod_php4-4.3.1-176.src.rpm
           33395ed1d8a162e7bca09fc93ef6ed68
  
    x86-64 Platform:

    SUSE Linux 9.3:
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php4-4.3.10-14.2.x86_64.rpm
           121aad084e9f90b7e8d29c373b02244b
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/apache2-mod_php5-5.0.3-14.2.x86_64.rpm
           9d4dd7ba5c8d91d1457d665bcf0aebbb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/mod_php4-servlet-4.3.10-14.2.x86_64.rpm
           878e379e96e2c372963df3da299a15eb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-4.3.10-14.2.x86_64.rpm
           e00307757dcad75e470ba669a703028f
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-devel-4.3.10-14.2.x86_64.rpm
           06a496f60998c7201cf185ee474cd43d
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-fastcgi-4.3.10-14.2.x86_64.rpm
           0635a305efff157be56155c721db1cff
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-session-4.3.10-14.2.x86_64.rpm
           281d0cc5a831edfd3c50a678f0fa74ac
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php4-sysvshm-4.3.10-14.2.x86_64.rpm
           edbcb8ca2bab9aa26c799e86526386d9
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-5.0.3-14.2.x86_64.rpm
           72d4e5c520f32be6719efd1a744fad3e
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-devel-5.0.3-14.2.x86_64.rpm
           c7a90df0de9500399421a565c2828d9c
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-fastcgi-5.0.3-14.2.x86_64.rpm
           8cdb9d138bb757dff6906e5bd44eda68
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvmsg-5.0.3-14.2.x86_64.rpm
           06152a5ab1352458a8a339813df012b0
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/php5-sysvshm-5.0.3-14.2.x86_64.rpm
           fbb8306bf72ee918ec6b7a5804f52857
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php4-4.3.10-14.2.src.rpm
           2623d3f94ea8e6bd801249f7b79c0e09
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/php5-5.0.3-14.2.src.rpm
           9026dde16cdf291cfae85d8a8e5b266b

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.5.x86_64.rpm
           74e80d4996883b92ae30b1aea5a24d3d
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/mod_php4-servlet-4.3.8-8.5.x86_64.rpm
           b7e113e58096dee64975ad09075b058e
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-4.3.8-8.5.x86_64.rpm
           dc2697c70c101c3c16133e45aad4eb05
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-devel-4.3.8-8.5.x86_64.rpm
           0904155bbb6b3bf8a275bd7a7780c356
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-fastcgi-4.3.8-8.5.x86_64.rpm
           472e3a708e7f6f1774dce421d1c06067
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-session-4.3.8-8.5.x86_64.rpm
           4f1402d04098100f10a7910685b17d45
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/php4-sysvshm-4.3.8-8.5.x86_64.rpm
           ae473a3e1e8177d711a98d7f85a43db1
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.5.src.rpm
           be3087c034218ea830c64dfcfc20fd5d

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.28.x86_64.rpm
           8aedd4ae5089b6ad1628a46e962e10c5
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.28.x86_64.rpm
           bd38471abb2b27c6e0f104a05ae3dec5
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-servlet-4.3.4-43.28.x86_64.rpm
           6db8f9c47c5c3df1acfeb874b87b87af
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.28.x86_64.rpm
           83acb944933f86d8752eb1c0b79d51fd
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-devel-4.3.4-43.28.x86_64.rpm
           eb10c12b4dda00a723fd2481cb0d9431
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-fastcgi-4.3.4-43.28.x86_64.rpm
           6f0f093744f78d3a01f22ee750ee41b9
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-imap-4.3.4-43.28.x86_64.rpm
           be1d5285711535911577202e61eea27f
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-mysql-4.3.4-43.28.x86_64.rpm
           0e7c2f8ee85bac2b33d0669004c93781
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-recode-4.3.4-43.28.x86_64.rpm
           e614abf4e2de40ce21bd05a6c0e7b4da
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-servlet-4.3.4-43.28.x86_64.rpm
           e769eeaa2674e0090abfd8e97f4a6cb7
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-session-4.3.4-43.28.x86_64.rpm
           eb9953ae01fbdaae89b1010d8bb89fbd
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-sysvshm-4.3.4-43.28.x86_64.rpm
           0a5fd6e2d6caa31edd14e7bb87d45a90
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-wddx-4.3.4-43.28.x86_64.rpm
           6507908da0b26e98739bc21d3af623fe
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.28.src.rpm
           2ce604b9c1f50575bae7fdcf1736e40a
 
    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-187.x86_64.rpm
           adb3475c4da5623ae3a83e82f0369340
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-187.x86_64.rpm
           082261652c7fa03cd2dda0101c03e2a7
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-aolserver-4.3.3-187.x86_64.rpm
           c4cd316278e841f0a9ea8c3448fe0c63
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-187.x86_64.rpm
           427d132d1682e628abf972d353e30113
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-devel-4.3.3-187.x86_64.rpm
           5a5e7041c2d74a6736cc07a095764b4b
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-servlet-4.3.3-187.x86_64.rpm
           76cf3f75df2341b03c58b7ddaeb4bad4
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-187.src.rpm
           b9b4f1b5fa5edac29c606ca3b03c041c


______________________________________________________________________________

5)  Pending vulnerabilities in SUSE Distributions and Workarounds:

    none
______________________________________________________________________________

6)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum <name-of-the-file.rpm>
       after you downloaded the file from a SUSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@suse.de),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig <file.rpm>
       to verify the signature of the package, where <file.rpm> is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an un-installed rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SUSE in rpm packages for SUSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SUSE Linux distributions version 7.1 and thereafter install the
           key "build@suse.de" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the top-level directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    =====================================================================
    SUSE's security contact is <security@suse.com> or <security@suse.de>.
    The <security@suse.de> public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular,
    it is desired that the clear-text signature shows proof of the
    authenticity of the text.
    SUSE Linux AG makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQl+NaXey5gA9JdPZAQEdHAgAgJIFuGro3aYnRFmDZ2+MDt+mTFko//kZ
RzAd1P8100crlmL/3wpVrPjZnKuQGdSgqAh/4QK7ONXsIFrUm/bno1r2nF6eeOz6
SBeN7WMAWpRD8Eauol6J8kMLEmBQQFIWP2WtFLU7RVriwlFFaTxY9RpxsP6y6F0I
PbqCqh5kIzypeSDv7zIN3jFAMG7Ohyrjx+L7l6O65AaMF5effGFZNDGNoTel/8/9
RxhAXfHyLVTSz4oZD1/1epKRJ7uSzdXPhLzFkd9rol41gJ7BKI4d92NJzkGz2VBI
ov/nW9vFvDznkk5fudzSHB3/b6j/SVXgHmNQlprWneiAXHVpCS1Dew==
=OJbv
-----END PGP SIGNATURE-----

SUSE Security Announcement: php remote denial of service (SUSE-SA:2005:023)

Marcus Meissner