User: Password:
|
|
Subscribe / Log in / New account

Yellow Dog alert YDU-20030710-2 (php)

From:  Terra Soft Security Team <security@terrasoftsolutions.com>
To:  yellowdog-updates@lists.terrasoftsolutions.com
Subject:  Yellow Dog Linux Security Advisory: YDU-20030710-2
Date:  Fri, 11 Jul 2003 14:38:21 -0600

Yellow Dog Linux Security Announcement -------------------------------------- Package: php Issue Date: Jul 10,2003 Priority: medium Advisory ID: YDU-20030710-2 1. Topic: Updated php packages are available. 2. Problem: "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. This update contains fixes for a number of bugs that include the use of a PHP script as an ErrorDocument and possible POST body corruption in some configurations. Also included is a fix for a minor security problem. In PHP version 4.3.1 and earlier, when transparent session ID support is enabled using the "session.use_trans_sid" option, the session ID is not escaped before use. This allows a Cross Site Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0442 to this issue. All users of PHP are advised to upgrade to these erratum packages, which contain back-ported patches to correct these issues." From Red Hat Advisory 3. Solution: a) Updating via yum... We suggest that you use the yum program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: yum update php b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-3.0/ ppc/php-ldap-4.2.2-17.2.ppc.rpm ppc/php-imap-4.2.2-17.2.ppc.rpm ppc/php-devel-4.2.2-17.2.ppc.rpm ppc/php-4.2.2-17.2.ppc.rpm ppc/php-snmp-4.2.2-17.2.ppc.rpm ppc/php-pgsql-4.2.2-17.2.ppc.rpm ppc/php-odbc-4.2.2-17.2.ppc.rpm ppc/php-mysql-4.2.2-17.2.ppc.rpm ppc/php-manual-4.2.2-17.2.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- e1f7e637f3af099274fe0b308ad4bfb4 SRPMS/php-4.2.2-17.2.src.rpm ff542cf922f52d77dce780204391994f ppc/php-ldap-4.2.2-17.2.ppc.rpm 830a49c10596d6b1c25d178ea7333a11 ppc/php-imap-4.2.2-17.2.ppc.rpm fea908ee0d1b2837b6e94bcf9b5287bf ppc/php-devel-4.2.2-17.2.ppc.rpm 1bb2a1d60dad727edbca5f3a45b8210c ppc/php-4.2.2-17.2.ppc.rpm 327ad818fb9d2ea7f23c5bfd87cedfce ppc/php-snmp-4.2.2-17.2.ppc.rpm 749ff5d07cd60d2e53ad28bf9a3b881f ppc/php-pgsql-4.2.2-17.2.ppc.rpm 67669cd41d2ff5a33898b03847bfcd58 ppc/php-odbc-4.2.2-17.2.ppc.rpm 10378ac22a3d5c23a08780a6df4c895b ppc/php-mysql-4.2.2-17.2.ppc.rpm fa8569028c11bace1a88ff54176ce9e5 ppc/php-manual-4.2.2-17.2.ppc.rpm If you wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: md5sum <filename> 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of yum, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/yum.shtml _______________________________________________ yellowdog-updates mailing list yellowdog-updates@lists.terrasoftsolutions.com http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-updates


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds