Fedora Core 6 Update: php-5.1.6-3.5.fc6 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 6 Update: php-5.1.6-3.5.fc6

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285)

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-415
2007-04-17
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : php
Version     : 5.1.6
Release     : 3.5.fc6
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP
language to Apache HTTP Server.

---------------------------------------------------------------------
Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)

---------------------------------------------------------------------
* Thu Apr  5 2007 Joe Orton  5.1.6-3.5.fc6
- add security fixes for CVE-2007-0455, CVE-2007-1001, 
  CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
- package /usr/share/php (#225434)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

ba011afdd624305632629e3f4605817f8bc47ae3  SRPMS/php-5.1.6-3.5.fc6.src.rpm
ba011afdd624305632629e3f4605817f8bc47ae3  noarch/php-5.1.6-3.5.fc6.src.rpm
6a69d4c8085e24c8148052a2b096d6115b9f39a8  ppc/php-xml-5.1.6-3.5.fc6.ppc.rpm
a447279cb67aaf5e73fc17cde4915e3e78acee86  ppc/php-xmlrpc-5.1.6-3.5.fc6.ppc.rpm
45cdc53d7ad2ff799b0d8c7b8cd55152358eb624  ppc/php-mbstring-5.1.6-3.5.fc6.ppc.rpm
091868a36729e28571baeb2d16155add417c7c9f  ppc/php-odbc-5.1.6-3.5.fc6.ppc.rpm
8092df89f00e5199a9411a265e2b408fe77b457d  ppc/php-bcmath-5.1.6-3.5.fc6.ppc.rpm
99494ff22c6456475a901d8db21f18d6eb67e65f  ppc/php-cli-5.1.6-3.5.fc6.ppc.rpm
8df407db61f53929a0be070af9929b2564449dc9  ppc/php-pgsql-5.1.6-3.5.fc6.ppc.rpm
2ef92a9fff750f61710b9c0f384244b87f4d9242  ppc/php-snmp-5.1.6-3.5.fc6.ppc.rpm
be4779e02b0d0be468b7b1c532798256891c6a61  ppc/php-pdo-5.1.6-3.5.fc6.ppc.rpm
f8b1a756826f64add7b03a6fdd202e8ae7a31ace  ppc/php-dba-5.1.6-3.5.fc6.ppc.rpm
da137c91ce49913eefd07f6bff216fd0305b6dc9  ppc/php-devel-5.1.6-3.5.fc6.ppc.rpm
2788c003fac688b1b4a0a76c6f431dc1ef7bbb63  ppc/php-soap-5.1.6-3.5.fc6.ppc.rpm
27017879491266d0d3738b2470d6b1814d1547ac  ppc/php-mysql-5.1.6-3.5.fc6.ppc.rpm
9660ed6e6eb74a41e65e4b8979fe696afba7276a  ppc/debug/php-debuginfo-5.1.6-3.5.fc6.ppc.rpm
5cecd491edf5871c3943cec7fe33bfb57664098c  ppc/php-ldap-5.1.6-3.5.fc6.ppc.rpm
17011e6a2ffb4481326c282dd976620690abb4f0  ppc/php-ncurses-5.1.6-3.5.fc6.ppc.rpm
176eebec3e1c9fcbd563dd44e1c1628b3d05daa4  ppc/php-5.1.6-3.5.fc6.ppc.rpm
bb79b8bfaff6d8a9f1e300102c26dde4291ab030  ppc/php-imap-5.1.6-3.5.fc6.ppc.rpm
c2eef96d1d0b0fdc65feda4f5810a34455b7a3a8  ppc/php-common-5.1.6-3.5.fc6.ppc.rpm
c986d51cf133c82e5f98bd8acdbc24760cf05893  ppc/php-gd-5.1.6-3.5.fc6.ppc.rpm
c5cf959505453323834e669eb26ea853372c632e  x86_64/php-common-5.1.6-3.5.fc6.x86_64.rpm
ac85bca1403a6d064428647f9323312853b5ae03  x86_64/php-cli-5.1.6-3.5.fc6.x86_64.rpm
6555217a974ccd1c7e7ff9ef1e1d310082441a03  x86_64/php-xml-5.1.6-3.5.fc6.x86_64.rpm
143d0711da94e0b0bfe218942e7e15b1955467d8  x86_64/debug/php-debuginfo-5.1.6-3.5.fc6.x86_64.rpm
abcc482d25c4e09bed05a62f916f9eff31dbcbd1  x86_64/php-gd-5.1.6-3.5.fc6.x86_64.rpm
16bdeba1a640677b54f87e573624726506196d01  x86_64/php-5.1.6-3.5.fc6.x86_64.rpm
369bb74f995633beee49a20df9f26282ee3c92e5  x86_64/php-imap-5.1.6-3.5.fc6.x86_64.rpm
caad40c6edea6caa3889617663bb7c4233e90d62  x86_64/php-snmp-5.1.6-3.5.fc6.x86_64.rpm
cadef18d28fdd3dce9962a453438a9820b9aab5e  x86_64/php-bcmath-5.1.6-3.5.fc6.x86_64.rpm
d903f3cfbe25bc6af7fd366fd1ab2e1d2c262062  x86_64/php-soap-5.1.6-3.5.fc6.x86_64.rpm
78bb21621fa9d467d0e23b99ec91ee8fa388ad09  x86_64/php-xmlrpc-5.1.6-3.5.fc6.x86_64.rpm
d4a8e552d867028fffccfd69b19fe4a79e217319  x86_64/php-pgsql-5.1.6-3.5.fc6.x86_64.rpm
f9a79bcb2cf6fb1040a133de146bfd416060c168  x86_64/php-odbc-5.1.6-3.5.fc6.x86_64.rpm
35df5d9f454872ef4aba17d0fbb05805bd13915f  x86_64/php-devel-5.1.6-3.5.fc6.x86_64.rpm
a526508c539c96332c4032c64056c6dc05a1907d  x86_64/php-pdo-5.1.6-3.5.fc6.x86_64.rpm
2b46cbf4e45ccdbb0b9e07d7a8e4addded58c580  x86_64/php-ncurses-5.1.6-3.5.fc6.x86_64.rpm
43d04dc9e504fa7a4100fafd9ab49b7a6c567860  x86_64/php-dba-5.1.6-3.5.fc6.x86_64.rpm
faa041477091e854580c6fa31790e7a734bc4f16  x86_64/php-mbstring-5.1.6-3.5.fc6.x86_64.rpm
9441985700ff3b54298371e172c1a1ed44324315  x86_64/php-mysql-5.1.6-3.5.fc6.x86_64.rpm
a2b9b64b37d12fd1f82028af68b6983a23260fec  x86_64/php-ldap-5.1.6-3.5.fc6.x86_64.rpm
5367195a555f989eb1ddbc5bd705ed162682f9f8  i386/php-pgsql-5.1.6-3.5.fc6.i386.rpm
4cc47437ac53309cb89dfea123a7e850c969b78a  i386/php-snmp-5.1.6-3.5.fc6.i386.rpm
bad2b66597bbd28074ace741872ae97d0398b099  i386/php-mysql-5.1.6-3.5.fc6.i386.rpm
4817d6b666313082214c1ac38d8ddd3970d749e5  i386/php-ncurses-5.1.6-3.5.fc6.i386.rpm
54fc6912d36132f2a3eae853707242256fcb0a05  i386/php-imap-5.1.6-3.5.fc6.i386.rpm
384bce7e76e014016e3a9a20fa7b56d36f973f38  i386/debug/php-debuginfo-5.1.6-3.5.fc6.i386.rpm
1f05cab5925291969629a4631c6a10fc932975f5  i386/php-odbc-5.1.6-3.5.fc6.i386.rpm
aa81faf2a78f217fb17396fb6e72a7c41a230b81  i386/php-devel-5.1.6-3.5.fc6.i386.rpm
b59307c9ffe18a51e6ea21437d44d42fbd9d8077  i386/php-common-5.1.6-3.5.fc6.i386.rpm
39d16e0c60d11c0155e76e0726f0b7fb6078d9f8  i386/php-xml-5.1.6-3.5.fc6.i386.rpm
958b379478fa4356c6d7d292d3ba20f257926794  i386/php-dba-5.1.6-3.5.fc6.i386.rpm
2cf9fe08fc9a24e30ec74886782012dfb1e6392f  i386/php-5.1.6-3.5.fc6.i386.rpm
f6cdca4e0297e2b14282d8d6f57cc76d537d284f  i386/php-ldap-5.1.6-3.5.fc6.i386.rpm
76cbaf17f6f3dfc806386615f34e3acf43ea9234  i386/php-pdo-5.1.6-3.5.fc6.i386.rpm
7e422ba0219af41bd67dfb6ca12024c0cc16df47  i386/php-xmlrpc-5.1.6-3.5.fc6.i386.rpm
f643d304b5e6c1a8f7869f812425e20e91c52e43  i386/php-soap-5.1.6-3.5.fc6.i386.rpm
be77b675d2d0d5c6b4a0e6792a0349d580ee02b9  i386/php-gd-5.1.6-3.5.fc6.i386.rpm
c6f2474f043d5e8ed6a86fb8f11f55c47d4ca3e7  i386/php-bcmath-5.1.6-3.5.fc6.i386.rpm
9e9ccbd388fad93fff8c94ffe124c2bc516c7455  i386/php-mbstring-5.1.6-3.5.fc6.i386.rpm
294389ebf2e45c7a2bc36cb5c9a29ecfe74b3379  i386/php-cli-5.1.6-3.5.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce