Fedora Core 5 Update: php-5.1.6-1.5 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: February 6th, 2012

Linux Advisory Watch: February 3rd, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 5 Update: php-5.1.6-1.5

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-455
2007-04-18
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : php
Version     : 5.1.6
Release     : 1.5
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455) 
---------------------------------------------------------------------
* Thu Apr  5 2007 Joe Orton  5.1.6-1.5
- add security fixes for CVE-2007-0455, CVE-2007-1001, 
  CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
* Fri Feb 23 2007 Joe Orton  5.1.6-1.4
- fix pdo-abi provide
* Tue Feb 20 2007 Joe Orton  5.1.6-1.3
- add security fixes for: CVE-2007-0906, CVE-2007-0907, 
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
* Fri Nov  3 2006 Joe Orton  5.1.6-1.2
- add security fix for CVE-2006-5465 (#213732)
* Fri Oct  6 2006 Joe Orton  5.1.6-1.1
- update to 5.1.6 (#201767, #204995)
- add fix for upstream #38801
- add security fix for CVE-2006-4812
- drop Obsoletes for mod_php (#194590)
- add php-pdo-abi versioning (#193202)
- move php{-config,ize} man pages to -devel (#199382)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3acc2efde826494f4403464cab0ca7657100ebfb  SRPMS/php-5.1.6-1.5.src.rpm
3acc2efde826494f4403464cab0ca7657100ebfb  noarch/php-5.1.6-1.5.src.rpm
a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab  ppc/php-imap-5.1.6-1.5.ppc.rpm
2371ff00318392511255a098abe3dc60a02afc57  ppc/php-xml-5.1.6-1.5.ppc.rpm
67fc96ee713a8b232ca2235db81ec3ff34091d5e  ppc/php-snmp-5.1.6-1.5.ppc.rpm
8a358224691dad2a5a104f85273164833e1716ed  ppc/php-ncurses-5.1.6-1.5.ppc.rpm
bb92f83ca915d03aa32c271406605a093163171b  ppc/php-bcmath-5.1.6-1.5.ppc.rpm
9a0ba2559665bce0c4d98e84e368748a39d261aa  ppc/php-5.1.6-1.5.ppc.rpm
93733fb5febe43b95945b7fb14682a7c3e50d6e6  ppc/php-pdo-5.1.6-1.5.ppc.rpm
6259e0b788eecdc623175455d99ae2795d31b43a  ppc/php-devel-5.1.6-1.5.ppc.rpm
ce67182f097f10f8f164b256058d5373b0527fe6  ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm
46412fad50c6b995e0845c937a9f66e2187d0141  ppc/php-soap-5.1.6-1.5.ppc.rpm
b648af44ace9e22057d2a42c7c874a85e6bd6a4a  ppc/php-odbc-5.1.6-1.5.ppc.rpm
0d2f2df06d1460640206cbbbb125614709792d21  ppc/php-dba-5.1.6-1.5.ppc.rpm
31528990ef677c95430426ae3334ab6666186766  ppc/php-mbstring-5.1.6-1.5.ppc.rpm
68ffe16f2bd35431bca5a5b7460013b7ef169083  ppc/php-gd-5.1.6-1.5.ppc.rpm
5fb8781025762d46e70ec8b9b8a35e3d31b5ed04  ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm
f0eadde0805284ba5c11c177de0dc79abe43d79d  ppc/php-ldap-5.1.6-1.5.ppc.rpm
d2b14eba25de2c971cb229aa049b5fff0a516068  ppc/php-mysql-5.1.6-1.5.ppc.rpm
688327e56543579c4a2492edeb23d246a835017e  ppc/php-pgsql-5.1.6-1.5.ppc.rpm
a261ef8bec5f88705133aa6d819455a43cc85bcd  x86_64/php-mysql-5.1.6-1.5.x86_64.rpm
ec119d6df73f337e4c77f89824c1c71fcb41f148  x86_64/php-xml-5.1.6-1.5.x86_64.rpm
395d8f9d19755138343e8c29de0ecd633bfe1894  x86_64/php-soap-5.1.6-1.5.x86_64.rpm
7995f07ffd64492ea2b3164bfb3c091c69657703  x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm
13c77b3cbf07db7881f885e85a74dde07c910b57  x86_64/php-5.1.6-1.5.x86_64.rpm
f285207c77e8d119fc741399c22af7ada04821db  x86_64/php-pdo-5.1.6-1.5.x86_64.rpm
612314a9dcc3fd058fc89dde4140b47af5587eca  x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm
780e74eb7233c6caaab6d3b0013f0fb3425bcdfb  x86_64/php-ldap-5.1.6-1.5.x86_64.rpm
bda586c6d3129cd4ec3a954def127b5b5a74d7c4  x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm
c4545ee4c0c266222d2767edc70a6c1890cefc26  x86_64/php-dba-5.1.6-1.5.x86_64.rpm
97b9935c912432ccac25185a5d1b61c282c574c9  x86_64/php-odbc-5.1.6-1.5.x86_64.rpm
77f7ada0f37bd8ee02c01438572d833e8bdace0f  x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm
971ddb46656a97d7936baffa3f048d57591a5ea9  x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm
f61bdeda008058af56ae95bb7b4095df619ea696  x86_64/php-devel-5.1.6-1.5.x86_64.rpm
8d33b1406833a0f9e291e69adeea2fd382708ec9  x86_64/php-snmp-5.1.6-1.5.x86_64.rpm
5dd0f84a2f6be21bed6db74292b617fd88a0f502  x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm
7739c9ebafc087eb5e550be208c93e3e0782463c  x86_64/php-imap-5.1.6-1.5.x86_64.rpm
b8b31652e28d3ee2d31c644b2685639c161843f1  x86_64/php-gd-5.1.6-1.5.x86_64.rpm
5182fd38d92865263c2334b4889eb85eadf2d1be  i386/php-mbstring-5.1.6-1.5.i386.rpm
04f3f2f49ba7bfafdc4b6edfa87023f48d94f168  i386/php-xmlrpc-5.1.6-1.5.i386.rpm
80a526ca1f9a88a6acd2e307b8c297ffd77c4268  i386/php-dba-5.1.6-1.5.i386.rpm
a63ccf9714d62794eb43f3cd649eb55ddd932139  i386/php-devel-5.1.6-1.5.i386.rpm
fb29c291bddfbc1edbc22198308cc85248d79d58  i386/php-mysql-5.1.6-1.5.i386.rpm
8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060  i386/php-snmp-5.1.6-1.5.i386.rpm
95fda6708a4456c0d35c9392e52cb294af3da7e5  i386/php-xml-5.1.6-1.5.i386.rpm
1a6285aae244b6c57a1ecb439b958a409276e45a  i386/php-pgsql-5.1.6-1.5.i386.rpm
766d8b6740ee93bf80123d6861fd7ff3fcbf1223  i386/php-bcmath-5.1.6-1.5.i386.rpm
9d5f62294afc525b6d0adcc22faab62ad9d9f290  i386/php-imap-5.1.6-1.5.i386.rpm
562d315769c26db6b75825993e854ecc73e816fa  i386/php-pdo-5.1.6-1.5.i386.rpm
fe3298930192b04874edd49f513cf6a1617e5f2f  i386/php-odbc-5.1.6-1.5.i386.rpm
5f00f0bdb98693b10410af42681b6909128c1ce1  i386/php-gd-5.1.6-1.5.i386.rpm
259da340d4e9c240e3a0577334e274461a6e6189  i386/php-5.1.6-1.5.i386.rpm
8867d1852d6fbe2178034840c651c14301982af5  i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm
5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f  i386/php-soap-5.1.6-1.5.i386.rpm
72693d70434fc6fc8281be8f85f6dcc3eb53a4a5  i386/php-ncurses-5.1.6-1.5.i386.rpm
9b3a6d07c3580034204654008fe8898a4e24c84c  i386/php-ldap-5.1.6-1.5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce