User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2007-261 (php)

From:  "Joe Orton" <jorton@redhat.com>
To:  fedora-package-announce@redhat.com
Subject:  [SECURITY] Fedora Core 6 Update: php-5.1.6-3.4.fc6
Date:  Tue, 20 Feb 2007 23:17:27 -0500

--------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-261 2007-02-20 --------------------------------------------------------------------- Product : Fedora Core 6 Name : php Version : 5.1.6 Release : 3.4.fc6 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------- Update Information: This update fixes a number of security issues in PHP. A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988) If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908) If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909) A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) The Fedora Project would like to thank Stefan Esser for his help diagnosing these issues. --------------------------------------------------------------------- * Fri Feb 16 2007 Joe Orton <jorton@redhat.com> 5.1.6-3.4.fc6 - add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011) - package /usr/share/php and append to default include_path (#225434) - add php(api), php(zend-abi) provides (#221302) - fix magic file used by mime-magic (Kir Kolyshkin, #177926) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/u... 7b9b09babaa380dc8d587a63dd8079abca2c1f47 SRPMS/php-5.1.6-3.4.fc6.src.rpm 7b9b09babaa380dc8d587a63dd8079abca2c1f47 noarch/php-5.1.6-3.4.fc6.src.rpm 9b8c93b07ce55cf46269eed4f14be2117502fa35 ppc/php-dba-5.1.6-3.4.fc6.ppc.rpm 0d3276247300e32005e63733dac8e9d8abfebf2a ppc/php-cli-5.1.6-3.4.fc6.ppc.rpm 27c273659f4876bec4a764d6c9dabd3a6d8ce47e ppc/php-common-5.1.6-3.4.fc6.ppc.rpm f8bf63002e18b2204335f0f699b21844d10ed692 ppc/php-snmp-5.1.6-3.4.fc6.ppc.rpm d2f76a00d4146beb9931bfa62a0d9133a0631725 ppc/php-pgsql-5.1.6-3.4.fc6.ppc.rpm a12fe3a9f9a21a66d773d00f01f967070dbe1db4 ppc/php-ncurses-5.1.6-3.4.fc6.ppc.rpm 406c4930f71b5ee7598972bbd5a0fad108595d87 ppc/php-odbc-5.1.6-3.4.fc6.ppc.rpm b1e3a2eccc1e004713897100964fc23ab6034332 ppc/php-soap-5.1.6-3.4.fc6.ppc.rpm c61eff9975e3759b50a2c01f9e43484bbd570673 ppc/php-devel-5.1.6-3.4.fc6.ppc.rpm 662b8cd81d18d41647fd17967ebfbf97c9e47733 ppc/php-pdo-5.1.6-3.4.fc6.ppc.rpm 06c697a807bae46bff25d19640295aa5ac6af363 ppc/php-xmlrpc-5.1.6-3.4.fc6.ppc.rpm f97ccc141d638bcb0d6ab9dc330098dd92c357aa ppc/php-5.1.6-3.4.fc6.ppc.rpm 025dc3700043b40dac0cd2ea74da2427183e2829 ppc/php-gd-5.1.6-3.4.fc6.ppc.rpm d70740454c0779318d375d4c75fa1008184adbfd ppc/php-mysql-5.1.6-3.4.fc6.ppc.rpm 7f1b6cffb8136eae282e18920a592ad0599a46b6 ppc/php-ldap-5.1.6-3.4.fc6.ppc.rpm 67bb7febc969014df3f8beb3b1ecc231c86c9067 ppc/php-xml-5.1.6-3.4.fc6.ppc.rpm a223d6c4a9bc29b9732538f0d321a1c8489c7197 ppc/php-imap-5.1.6-3.4.fc6.ppc.rpm 192b26bc0e30825d39c638065a763f452ad2c054 ppc/php-bcmath-5.1.6-3.4.fc6.ppc.rpm 4b09d78251135ddeadbba06801429cce1816aaa3 ppc/php-mbstring-5.1.6-3.4.fc6.ppc.rpm 435a2d2dec67e406b47f861a1c7e75389bb4f0ec ppc/debug/php-debuginfo-5.1.6-3.4.fc6.ppc.rpm 04f7c9846d98e2e8d1d8f4679ea6c66e140d37f3 x86_64/php-cli-5.1.6-3.4.fc6.x86_64.rpm c91d9cb9463d33703e94a0dcef8199b6df6955aa x86_64/php-dba-5.1.6-3.4.fc6.x86_64.rpm 711ca7310f0080b2cdf6d9c0c18225c090a56bf0 x86_64/debug/php-debuginfo-5.1.6-3.4.fc6.x86_64.rpm 8f823d70a331464c66b4d36158252251f4bb188b x86_64/php-xml-5.1.6-3.4.fc6.x86_64.rpm 74d5a0f5f52bbc1279ebf57335697a18b633e4bf x86_64/php-5.1.6-3.4.fc6.x86_64.rpm 2193a252d2aba8579de10edfe18b2e7c9dcea2d3 x86_64/php-snmp-5.1.6-3.4.fc6.x86_64.rpm a51a85403e132dd45a4b4154872f9f6bfab94140 x86_64/php-pgsql-5.1.6-3.4.fc6.x86_64.rpm f825093b1b80729d490e27a92add197ee177b623 x86_64/php-bcmath-5.1.6-3.4.fc6.x86_64.rpm 9eb9abb190d8409ce729fdf9b6c2b813fdbb50fb x86_64/php-common-5.1.6-3.4.fc6.x86_64.rpm 3dbb57bab24e6763524dd934cdfbc92998c28f20 x86_64/php-xmlrpc-5.1.6-3.4.fc6.x86_64.rpm 8142a27894e25cd408aeb354d136081af7980d28 x86_64/php-mysql-5.1.6-3.4.fc6.x86_64.rpm e98fbc0d4dba2f264084bb59a38fc608d9583a54 x86_64/php-ncurses-5.1.6-3.4.fc6.x86_64.rpm 7968041fe2dd3900a66e7efbd0bfe3258779ecb5 x86_64/php-ldap-5.1.6-3.4.fc6.x86_64.rpm 3639702a352af9bf361a037932232a6aa2723262 x86_64/php-pdo-5.1.6-3.4.fc6.x86_64.rpm 4baf7cb8263d29ebad74f82e7dec5e82c4a944c6 x86_64/php-soap-5.1.6-3.4.fc6.x86_64.rpm 02e78ef41299b7b453c41370054ff32a19ab45b9 x86_64/php-odbc-5.1.6-3.4.fc6.x86_64.rpm 10d43aa4413a91a50af466a93827523151e82c1b x86_64/php-mbstring-5.1.6-3.4.fc6.x86_64.rpm d89d395cb04877824d0013bf0052dc4fcc02851a x86_64/php-devel-5.1.6-3.4.fc6.x86_64.rpm 46b355db5d40d8cb1d2b37a97ff73826ad8f9b9a x86_64/php-imap-5.1.6-3.4.fc6.x86_64.rpm e4d3af22b8216172c1e6869c84560237af000a48 x86_64/php-gd-5.1.6-3.4.fc6.x86_64.rpm 8854dbd2cdac7b8c5e1b2c0df66e1a240ec94374 i386/php-ldap-5.1.6-3.4.fc6.i386.rpm 83806c3c738000dde90ad071ef099accc7bdea87 i386/php-devel-5.1.6-3.4.fc6.i386.rpm 29131458541011f152e5dd4f8fc17e0a2bb65dfe i386/php-ncurses-5.1.6-3.4.fc6.i386.rpm c7db44fc3b662517f5adc08f1abb8b6dbb2de969 i386/php-soap-5.1.6-3.4.fc6.i386.rpm afc792f641459062889556e7ddc6f58d49cddcbb i386/php-gd-5.1.6-3.4.fc6.i386.rpm 3f32c58eeffeae2d00dea03646b850c79300ff4c i386/php-mbstring-5.1.6-3.4.fc6.i386.rpm 2e40e27b0c8f4ea8ecd98263865d52d9165674cd i386/php-xml-5.1.6-3.4.fc6.i386.rpm 25994dd791746536ec68513c61093869f57869d6 i386/php-xmlrpc-5.1.6-3.4.fc6.i386.rpm fe3321e73d118822b7e96eefbcbbafef7dfab48b i386/php-common-5.1.6-3.4.fc6.i386.rpm 7166241a4dc4494a51f88ed569ff045ea43c5cff i386/debug/php-debuginfo-5.1.6-3.4.fc6.i386.rpm f867ebd1e07dbc90fe94aecff36be2d9c283af90 i386/php-odbc-5.1.6-3.4.fc6.i386.rpm 2d61834a838c8b61c41aedcfd063e8fc6083cdb0 i386/php-dba-5.1.6-3.4.fc6.i386.rpm a06e00e158acebb953808198d608da92cde271e0 i386/php-bcmath-5.1.6-3.4.fc6.i386.rpm c778f92d0d3e3ed148d57b18febe46230362aec7 i386/php-pgsql-5.1.6-3.4.fc6.i386.rpm 87c95b809a0e77dbc0400709e197ebfcb676ac97 i386/php-snmp-5.1.6-3.4.fc6.i386.rpm 60a45e08a036090767b07a174d291db30f8fc57e i386/php-5.1.6-3.4.fc6.i386.rpm ae7c85a6d029868aa83d272b1f44fa5fc2774df5 i386/php-cli-5.1.6-3.4.fc6.i386.rpm 1b25d339e8416be01e93799b01f85a3b3c165591 i386/php-mysql-5.1.6-3.4.fc6.i386.rpm 66d4277e2ae840ee87a7a8940112abc30e88206d i386/php-imap-5.1.6-3.4.fc6.i386.rpm 4808d76752ae8866198512026fdbf8debb66b7d9 i386/php-pdo-5.1.6-3.4.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds