LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora alert FEDORA-2006-289 (php)



From:
    	      "Joseph Orton" <jorton@redhat.com>


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora Core 5 Update: php-5.1.4-1


Date:
    	      Tue, 16 May 2006 13:56:18 -0400


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-289
2006-05-16
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : php
Version     : 5.1.4                      
Release     : 1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 5, version
5.1.4.  This release includes fixes for several security
issues and many bug fixes.

The phpinfo() PHP function did not properly sanitize long
strings. An attacker could use this to perform cross-site
scripting attacks against sites that have publicly-available
PHP scripts that call phpinfo(). (CVE-2006-0996)

The html_entity_decode() PHP function was found to not be
binary safe. An attacker could use this flaw to disclose a
certain part of the memory. In order for this issue to be
exploitable the target site would need to have a PHP script
which called the "html_entity_decode()" function with
untrusted input from the user and displayed the result.
(CVE-2006-1490)

---------------------------------------------------------------------
* Mon May  8 2006 Joe Orton <jorton@redhat.com> 5.1.4-1
- update to 5.1.4
* Thu May  4 2006 Joe Orton <jorton@redhat.com> 5.1.3-1
- update to 5.1.3
- provide mod_php = V-R (#187891)
- mark php.ini noreplace (#174251)
* Wed Apr 19 2006 Joe Orton <jorton@redhat.com> 5.1.2-5.3
- add security fixes from upstream:
 * phpinfo() XSS with long input (CVE-2006-0996)
 * binary safeness in html_decode (CVE-2006-1490)
* Fri Apr  7 2006 Joe Orton <jorton@redhat.com> 5.1.2-5.1
- fix use of LDAP on 64-bit platforms (#181518)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/u...

5d744f5b3e8507dcafa2277ab0ebfc116c0b6912  SRPMS/php-5.1.4-1.src.rpm
d2e0a85c33f61605a93047f662bc27973f19b21b  ppc/php-5.1.4-1.ppc.rpm
54c5a90f5fe2a3e0193ac7bdfd480580d7b1a771  ppc/php-devel-5.1.4-1.ppc.rpm
e808ad7456b510466617572e0bfcdfcd0208666c  ppc/php-imap-5.1.4-1.ppc.rpm
9ca3488bba2fd893b84d15c9d55c955df5a84702  ppc/php-ldap-5.1.4-1.ppc.rpm
7229aaceb219053f502a19399657959204fb0c6b  ppc/php-pdo-5.1.4-1.ppc.rpm
f500726b1b5f8445033d7bf9fa546f199786f912  ppc/php-mysql-5.1.4-1.ppc.rpm
4b1a4769b64e88e755f69f745a635efcc2bba224  ppc/php-pgsql-5.1.4-1.ppc.rpm
2ad354c437ade652237a9a4a168c15fb41e7940d  ppc/php-odbc-5.1.4-1.ppc.rpm
8125b7ff3c917a8396b32e352ed5d7de3846fc25  ppc/php-soap-5.1.4-1.ppc.rpm
d24cb2844129287f0d211605cc26da40dfc11e15  ppc/php-snmp-5.1.4-1.ppc.rpm
7057e092076b721019a166fc193a65af3e38a390  ppc/php-xml-5.1.4-1.ppc.rpm
547fc4de561bbb7c5fd2282c20ae02ae11d99e1c  ppc/php-xmlrpc-5.1.4-1.ppc.rpm
d16e4b6d914a41d15c6ee230eb44e10394b90a25  ppc/php-mbstring-5.1.4-1.ppc.rpm
9afb80625f8488f0eb3f5efbc46c9b6e7251ea1b  ppc/php-ncurses-5.1.4-1.ppc.rpm
b536bd29a230cfed3ea8cc9d1e0c157e8fc4ab2e  ppc/php-gd-5.1.4-1.ppc.rpm
910c1a11346dda093764b84b667c966a3603a306  ppc/php-bcmath-5.1.4-1.ppc.rpm
fc0d7be77aa63e8df8d093a0df0783914662ae59  ppc/php-dba-5.1.4-1.ppc.rpm
e287f7128b3c2fce7596c8baeb5e71e84c7cec1f  ppc/debug/php-debuginfo-5.1.4-1.ppc.rpm
a6444456a9c1405a2dc80b88874213e73a96dc2c  x86_64/php-5.1.4-1.x86_64.rpm
a965cc06aca4a3d26dd48aeb714960c8dafbc4e1  x86_64/php-devel-5.1.4-1.x86_64.rpm
7feaf99297550e3f5fe64fd0c0281a00525bf9e7  x86_64/php-imap-5.1.4-1.x86_64.rpm
e0d2207bd5f76b7f0cdf5bfe00da74cc1089e8e5  x86_64/php-ldap-5.1.4-1.x86_64.rpm
75e99a2a003f24d998e54ce1aa3981b683c26d8f  x86_64/php-pdo-5.1.4-1.x86_64.rpm
f216f77528936be6b20ad3323ed596e8b7ee05bd  x86_64/php-mysql-5.1.4-1.x86_64.rpm
950c64fb75457e61974771d7e40a7da27f26efa7  x86_64/php-pgsql-5.1.4-1.x86_64.rpm
7c5463377a3c3f5d9d0ed83648db46166a29d83f  x86_64/php-odbc-5.1.4-1.x86_64.rpm
176a9d3f411d794ed83339c723c488a3dcc15a31  x86_64/php-soap-5.1.4-1.x86_64.rpm
a4da0d600d48fd46a494580f3d9254ef315d0e3b  x86_64/php-snmp-5.1.4-1.x86_64.rpm
b5d4bf2b7f3cc5ffd7f344e8aaf6cab7fb1b6ac2  x86_64/php-xml-5.1.4-1.x86_64.rpm
5bdc41fef820797df2f419e2048d47eb91b909af  x86_64/php-xmlrpc-5.1.4-1.x86_64.rpm
0ef1711e03b5d90a65535d825dd2deb562375435  x86_64/php-mbstring-5.1.4-1.x86_64.rpm
b164505141aef9e048e6746de013eda92f27445e  x86_64/php-ncurses-5.1.4-1.x86_64.rpm
1d11aa28f58e04c83844390445d835299f499244  x86_64/php-gd-5.1.4-1.x86_64.rpm
d79933a96c35484cd17aaa8aa149a27fc895ca30  x86_64/php-bcmath-5.1.4-1.x86_64.rpm
009fb76219c840e3d603a3d8d9af3338e5d47318  x86_64/php-dba-5.1.4-1.x86_64.rpm
7ac106797325d4ba47a0eee5664d18a2f77f85cf  x86_64/debug/php-debuginfo-5.1.4-1.x86_64.rpm
eed7605679eafc2e19198fd88819c2999c13ac58  i386/php-5.1.4-1.i386.rpm
cb741ed0eeff0b68710ab06055b9faa3ed4e15ea  i386/php-devel-5.1.4-1.i386.rpm
e642b0c0977d0f0c6eb5c3b03c6a31609f4f1e25  i386/php-imap-5.1.4-1.i386.rpm
6d56f35d7f83785cd0b42acdeb77124f38b7da58  i386/php-ldap-5.1.4-1.i386.rpm
303b5f7d0ada7ed402faf5f9f1f5705616fcabe0  i386/php-pdo-5.1.4-1.i386.rpm
191ec7e8f1a6d66ede5990e3c801097010fef030  i386/php-mysql-5.1.4-1.i386.rpm
187b96ab0a362e50bede8236fc9607192068faaa  i386/php-pgsql-5.1.4-1.i386.rpm
9a992f00a04fc313f3a7f5e13db903f632ef8604  i386/php-odbc-5.1.4-1.i386.rpm
2a8969a53b8285cd4fbab9d276258100a8e6ca6c  i386/php-soap-5.1.4-1.i386.rpm
06aa7c3e46a4dab02a5f38bc33e26ab8de3ab647  i386/php-snmp-5.1.4-1.i386.rpm
1a93363785ff2d91506e5be5af307243b59ab51e  i386/php-xml-5.1.4-1.i386.rpm
61a9617cb245b06ef4ba2f5987cfe97ec2e74b5f  i386/php-xmlrpc-5.1.4-1.i386.rpm
6119872e72e1b25e242b8151795923fcc8d786a4  i386/php-mbstring-5.1.4-1.i386.rpm
2a153bb8e73baf00d5a2b0637da0223f290ee1ff  i386/php-ncurses-5.1.4-1.i386.rpm
f10283ce9cfb1c4f38ef328d118ac42dbfd90c94  i386/php-gd-5.1.4-1.i386.rpm
045ccf6dac4dd07d43c92dab7dae8fc3bcd32718  i386/php-bcmath-5.1.4-1.i386.rpm
c92b654bb133be7bf9f79d8412cf7d00da673a8a  i386/php-dba-5.1.4-1.i386.rpm
5eaa61ab36023c17e03103a59f331ce04c534534  i386/debug/php-debuginfo-5.1.4-1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds