From Fedora Project Wiki
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.5.fc6
--------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-415 2007-04-17 --------------------------------------------------------------------- Product : Fedora Core 6 Name : php Version : 5.1.6 Release : 3.5.fc6 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module which adds support for the PHP language to Apache HTTP Server. --------------------------------------------------------------------- Update Information: This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) --------------------------------------------------------------------- * Thu Apr 5 2007 Joe Orton <jorton redhat com> 5.1.6-3.5.fc6 - add security fixes for CVE-2007-0455, CVE-2007-1001, CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364) - package /usr/share/php (#225434) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ ba011afdd624305632629e3f4605817f8bc47ae3 SRPMS/php-5.1.6-3.5.fc6.src.rpm ba011afdd624305632629e3f4605817f8bc47ae3 noarch/php-5.1.6-3.5.fc6.src.rpm 6a69d4c8085e24c8148052a2b096d6115b9f39a8 ppc/php-xml-5.1.6-3.5.fc6.ppc.rpm a447279cb67aaf5e73fc17cde4915e3e78acee86 ppc/php-xmlrpc-5.1.6-3.5.fc6.ppc.rpm 45cdc53d7ad2ff799b0d8c7b8cd55152358eb624 ppc/php-mbstring-5.1.6-3.5.fc6.ppc.rpm 091868a36729e28571baeb2d16155add417c7c9f ppc/php-odbc-5.1.6-3.5.fc6.ppc.rpm 8092df89f00e5199a9411a265e2b408fe77b457d ppc/php-bcmath-5.1.6-3.5.fc6.ppc.rpm 99494ff22c6456475a901d8db21f18d6eb67e65f ppc/php-cli-5.1.6-3.5.fc6.ppc.rpm 8df407db61f53929a0be070af9929b2564449dc9 ppc/php-pgsql-5.1.6-3.5.fc6.ppc.rpm 2ef92a9fff750f61710b9c0f384244b87f4d9242 ppc/php-snmp-5.1.6-3.5.fc6.ppc.rpm be4779e02b0d0be468b7b1c532798256891c6a61 ppc/php-pdo-5.1.6-3.5.fc6.ppc.rpm f8b1a756826f64add7b03a6fdd202e8ae7a31ace ppc/php-dba-5.1.6-3.5.fc6.ppc.rpm da137c91ce49913eefd07f6bff216fd0305b6dc9 ppc/php-devel-5.1.6-3.5.fc6.ppc.rpm 2788c003fac688b1b4a0a76c6f431dc1ef7bbb63 ppc/php-soap-5.1.6-3.5.fc6.ppc.rpm 27017879491266d0d3738b2470d6b1814d1547ac ppc/php-mysql-5.1.6-3.5.fc6.ppc.rpm 9660ed6e6eb74a41e65e4b8979fe696afba7276a ppc/debug/php-debuginfo-5.1.6-3.5.fc6.ppc.rpm 5cecd491edf5871c3943cec7fe33bfb57664098c ppc/php-ldap-5.1.6-3.5.fc6.ppc.rpm 17011e6a2ffb4481326c282dd976620690abb4f0 ppc/php-ncurses-5.1.6-3.5.fc6.ppc.rpm 176eebec3e1c9fcbd563dd44e1c1628b3d05daa4 ppc/php-5.1.6-3.5.fc6.ppc.rpm bb79b8bfaff6d8a9f1e300102c26dde4291ab030 ppc/php-imap-5.1.6-3.5.fc6.ppc.rpm c2eef96d1d0b0fdc65feda4f5810a34455b7a3a8 ppc/php-common-5.1.6-3.5.fc6.ppc.rpm c986d51cf133c82e5f98bd8acdbc24760cf05893 ppc/php-gd-5.1.6-3.5.fc6.ppc.rpm c5cf959505453323834e669eb26ea853372c632e x86_64/php-common-5.1.6-3.5.fc6.x86_64.rpm ac85bca1403a6d064428647f9323312853b5ae03 x86_64/php-cli-5.1.6-3.5.fc6.x86_64.rpm 6555217a974ccd1c7e7ff9ef1e1d310082441a03 x86_64/php-xml-5.1.6-3.5.fc6.x86_64.rpm 143d0711da94e0b0bfe218942e7e15b1955467d8 x86_64/debug/php-debuginfo-5.1.6-3.5.fc6.x86_64.rpm abcc482d25c4e09bed05a62f916f9eff31dbcbd1 x86_64/php-gd-5.1.6-3.5.fc6.x86_64.rpm 16bdeba1a640677b54f87e573624726506196d01 x86_64/php-5.1.6-3.5.fc6.x86_64.rpm 369bb74f995633beee49a20df9f26282ee3c92e5 x86_64/php-imap-5.1.6-3.5.fc6.x86_64.rpm caad40c6edea6caa3889617663bb7c4233e90d62 x86_64/php-snmp-5.1.6-3.5.fc6.x86_64.rpm cadef18d28fdd3dce9962a453438a9820b9aab5e x86_64/php-bcmath-5.1.6-3.5.fc6.x86_64.rpm d903f3cfbe25bc6af7fd366fd1ab2e1d2c262062 x86_64/php-soap-5.1.6-3.5.fc6.x86_64.rpm 78bb21621fa9d467d0e23b99ec91ee8fa388ad09 x86_64/php-xmlrpc-5.1.6-3.5.fc6.x86_64.rpm d4a8e552d867028fffccfd69b19fe4a79e217319 x86_64/php-pgsql-5.1.6-3.5.fc6.x86_64.rpm f9a79bcb2cf6fb1040a133de146bfd416060c168 x86_64/php-odbc-5.1.6-3.5.fc6.x86_64.rpm 35df5d9f454872ef4aba17d0fbb05805bd13915f x86_64/php-devel-5.1.6-3.5.fc6.x86_64.rpm a526508c539c96332c4032c64056c6dc05a1907d x86_64/php-pdo-5.1.6-3.5.fc6.x86_64.rpm 2b46cbf4e45ccdbb0b9e07d7a8e4addded58c580 x86_64/php-ncurses-5.1.6-3.5.fc6.x86_64.rpm 43d04dc9e504fa7a4100fafd9ab49b7a6c567860 x86_64/php-dba-5.1.6-3.5.fc6.x86_64.rpm faa041477091e854580c6fa31790e7a734bc4f16 x86_64/php-mbstring-5.1.6-3.5.fc6.x86_64.rpm 9441985700ff3b54298371e172c1a1ed44324315 x86_64/php-mysql-5.1.6-3.5.fc6.x86_64.rpm a2b9b64b37d12fd1f82028af68b6983a23260fec x86_64/php-ldap-5.1.6-3.5.fc6.x86_64.rpm 5367195a555f989eb1ddbc5bd705ed162682f9f8 i386/php-pgsql-5.1.6-3.5.fc6.i386.rpm 4cc47437ac53309cb89dfea123a7e850c969b78a i386/php-snmp-5.1.6-3.5.fc6.i386.rpm bad2b66597bbd28074ace741872ae97d0398b099 i386/php-mysql-5.1.6-3.5.fc6.i386.rpm 4817d6b666313082214c1ac38d8ddd3970d749e5 i386/php-ncurses-5.1.6-3.5.fc6.i386.rpm 54fc6912d36132f2a3eae853707242256fcb0a05 i386/php-imap-5.1.6-3.5.fc6.i386.rpm 384bce7e76e014016e3a9a20fa7b56d36f973f38 i386/debug/php-debuginfo-5.1.6-3.5.fc6.i386.rpm 1f05cab5925291969629a4631c6a10fc932975f5 i386/php-odbc-5.1.6-3.5.fc6.i386.rpm aa81faf2a78f217fb17396fb6e72a7c41a230b81 i386/php-devel-5.1.6-3.5.fc6.i386.rpm b59307c9ffe18a51e6ea21437d44d42fbd9d8077 i386/php-common-5.1.6-3.5.fc6.i386.rpm 39d16e0c60d11c0155e76e0726f0b7fb6078d9f8 i386/php-xml-5.1.6-3.5.fc6.i386.rpm 958b379478fa4356c6d7d292d3ba20f257926794 i386/php-dba-5.1.6-3.5.fc6.i386.rpm 2cf9fe08fc9a24e30ec74886782012dfb1e6392f i386/php-5.1.6-3.5.fc6.i386.rpm f6cdca4e0297e2b14282d8d6f57cc76d537d284f i386/php-ldap-5.1.6-3.5.fc6.i386.rpm 76cbaf17f6f3dfc806386615f34e3acf43ea9234 i386/php-pdo-5.1.6-3.5.fc6.i386.rpm 7e422ba0219af41bd67dfb6ca12024c0cc16df47 i386/php-xmlrpc-5.1.6-3.5.fc6.i386.rpm f643d304b5e6c1a8f7869f812425e20e91c52e43 i386/php-soap-5.1.6-3.5.fc6.i386.rpm be77b675d2d0d5c6b4a0e6792a0349d580ee02b9 i386/php-gd-5.1.6-3.5.fc6.i386.rpm c6f2474f043d5e8ed6a86fb8f11f55c47d4ca3e7 i386/php-bcmath-5.1.6-3.5.fc6.i386.rpm 9e9ccbd388fad93fff8c94ffe124c2bc516c7455 i386/php-mbstring-5.1.6-3.5.fc6.i386.rpm 294389ebf2e45c7a2bc36cb5c9a29ecfe74b3379 i386/php-cli-5.1.6-3.5.fc6.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. ---------------------------------------------------------------------