Debian Security Advisory

DSA-1331-1 php4 -- several vulnerabilities

Date Reported:

07 Jul 2007

Affected Packages:

php4

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2006-4486, CVE-2006-0207, CVE-2007-1864.

More information:

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0207
Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge).
CVE-2006-4486
Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures.
CVE-2007-1864
It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.

For the oldstable distribution (sarge) these problems have been fixed in version 4.3.10-22.

For the stable distribution (etch) these problems have been fixed in version 4.4.4-8+etch4.

The unstable distribution (sid) no longer contains php4.

We recommend that you upgrade your PHP packages. Sarge packages for hppa, mips and powerpc are not yet available, due to problems on the build hosts. They will be provided later.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:: http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22.dsc; http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22.diff.gz; http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-22_all.deb; http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-22_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_ia64.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_m68k.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_m68k.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_mipsel.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-22_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-22_sparc.deb

Debian GNU/Linux 4.0 (etch)

Source:: http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4.dsc; http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4.diff.gz; http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4.orig.tar.gz
Architecture-independent component:: http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.4.4-8+etch4_all.deb; http://security.debian.org/pool/updates/main/p/php4/php4_4.4.4-8+etch4_all.deb
Alpha:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_alpha.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_amd64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_arm.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_arm.deb
HPPA:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_hppa.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_hppa.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-interbase_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_i386.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_ia64.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_ia64.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_mipsel.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_powerpc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_s390.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-common_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mcrypt_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pgsql_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-pspell_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.4.4-8+etch4_sparc.deb; http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.4.4-8+etch4_sparc.deb

MD5 checksums of the listed files are available in the original advisory.