Fedora Core 5 Update: php-5.1.6-1.5
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
This update fixes a number of security issues in PHP.
A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)
- add security fixes for CVE-2007-0455, CVE-2007-1001,
CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
* Fri Feb 23 2007 Joe Orton
- fix pdo-abi provide
* Tue Feb 20 2007 Joe Orton
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
* Fri Nov 3 2006 Joe Orton
- add security fix for CVE-2006-5465 (#213732)
* Fri Oct 6 2006 Joe Orton
- update to 5.1.6 (#201767, #204995)
- add fix for upstream #38801
- add security fix for CVE-2006-4812
- drop Obsoletes for mod_php (#194590)
- add php-pdo-abi versioning (#193202)
- move php{-config,ize} man pages to -devel (#199382)
3acc2efde826494f4403464cab0ca7657100ebfb SRPMS/php-5.1.6-1.5.src.rpm
3acc2efde826494f4403464cab0ca7657100ebfb noarch/php-5.1.6-1.5.src.rpm
a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab ppc/php-imap-5.1.6-1.5.ppc.rpm
2371ff00318392511255a098abe3dc60a02afc57 ppc/php-xml-5.1.6-1.5.ppc.rpm
67fc96ee713a8b232ca2235db81ec3ff34091d5e ppc/php-snmp-5.1.6-1.5.ppc.rpm
8a358224691dad2a5a104f85273164833e1716ed ppc/php-ncurses-5.1.6-1.5.ppc.rpm
bb92f83ca915d03aa32c271406605a093163171b ppc/php-bcmath-5.1.6-1.5.ppc.rpm
9a0ba2559665bce0c4d98e84e368748a39d261aa ppc/php-5.1.6-1.5.ppc.rpm
93733fb5febe43b95945b7fb14682a7c3e50d6e6 ppc/php-pdo-5.1.6-1.5.ppc.rpm
6259e0b788eecdc623175455d99ae2795d31b43a ppc/php-devel-5.1.6-1.5.ppc.rpm
ce67182f097f10f8f164b256058d5373b0527fe6 ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm
46412fad50c6b995e0845c937a9f66e2187d0141 ppc/php-soap-5.1.6-1.5.ppc.rpm
b648af44ace9e22057d2a42c7c874a85e6bd6a4a ppc/php-odbc-5.1.6-1.5.ppc.rpm
0d2f2df06d1460640206cbbbb125614709792d21 ppc/php-dba-5.1.6-1.5.ppc.rpm
31528990ef677c95430426ae3334ab6666186766 ppc/php-mbstring-5.1.6-1.5.ppc.rpm
68ffe16f2bd35431bca5a5b7460013b7ef169083 ppc/php-gd-5.1.6-1.5.ppc.rpm
5fb8781025762d46e70ec8b9b8a35e3d31b5ed04 ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm
f0eadde0805284ba5c11c177de0dc79abe43d79d ppc/php-ldap-5.1.6-1.5.ppc.rpm
d2b14eba25de2c971cb229aa049b5fff0a516068 ppc/php-mysql-5.1.6-1.5.ppc.rpm
688327e56543579c4a2492edeb23d246a835017e ppc/php-pgsql-5.1.6-1.5.ppc.rpm
a261ef8bec5f88705133aa6d819455a43cc85bcd x86_64/php-mysql-5.1.6-1.5.x86_64.rpm
ec119d6df73f337e4c77f89824c1c71fcb41f148 x86_64/php-xml-5.1.6-1.5.x86_64.rpm
395d8f9d19755138343e8c29de0ecd633bfe1894 x86_64/php-soap-5.1.6-1.5.x86_64.rpm
7995f07ffd64492ea2b3164bfb3c091c69657703 x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm
13c77b3cbf07db7881f885e85a74dde07c910b57 x86_64/php-5.1.6-1.5.x86_64.rpm
f285207c77e8d119fc741399c22af7ada04821db x86_64/php-pdo-5.1.6-1.5.x86_64.rpm
612314a9dcc3fd058fc89dde4140b47af5587eca x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm
780e74eb7233c6caaab6d3b0013f0fb3425bcdfb x86_64/php-ldap-5.1.6-1.5.x86_64.rpm
bda586c6d3129cd4ec3a954def127b5b5a74d7c4 x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm
c4545ee4c0c266222d2767edc70a6c1890cefc26 x86_64/php-dba-5.1.6-1.5.x86_64.rpm
97b9935c912432ccac25185a5d1b61c282c574c9 x86_64/php-odbc-5.1.6-1.5.x86_64.rpm
77f7ada0f37bd8ee02c01438572d833e8bdace0f x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm
971ddb46656a97d7936baffa3f048d57591a5ea9 x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm
f61bdeda008058af56ae95bb7b4095df619ea696 x86_64/php-devel-5.1.6-1.5.x86_64.rpm
8d33b1406833a0f9e291e69adeea2fd382708ec9 x86_64/php-snmp-5.1.6-1.5.x86_64.rpm
5dd0f84a2f6be21bed6db74292b617fd88a0f502 x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm
7739c9ebafc087eb5e550be208c93e3e0782463c x86_64/php-imap-5.1.6-1.5.x86_64.rpm
b8b31652e28d3ee2d31c644b2685639c161843f1 x86_64/php-gd-5.1.6-1.5.x86_64.rpm
5182fd38d92865263c2334b4889eb85eadf2d1be i386/php-mbstring-5.1.6-1.5.i386.rpm
04f3f2f49ba7bfafdc4b6edfa87023f48d94f168 i386/php-xmlrpc-5.1.6-1.5.i386.rpm
80a526ca1f9a88a6acd2e307b8c297ffd77c4268 i386/php-dba-5.1.6-1.5.i386.rpm
a63ccf9714d62794eb43f3cd649eb55ddd932139 i386/php-devel-5.1.6-1.5.i386.rpm
fb29c291bddfbc1edbc22198308cc85248d79d58 i386/php-mysql-5.1.6-1.5.i386.rpm
8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060 i386/php-snmp-5.1.6-1.5.i386.rpm
95fda6708a4456c0d35c9392e52cb294af3da7e5 i386/php-xml-5.1.6-1.5.i386.rpm
1a6285aae244b6c57a1ecb439b958a409276e45a i386/php-pgsql-5.1.6-1.5.i386.rpm
766d8b6740ee93bf80123d6861fd7ff3fcbf1223 i386/php-bcmath-5.1.6-1.5.i386.rpm
9d5f62294afc525b6d0adcc22faab62ad9d9f290 i386/php-imap-5.1.6-1.5.i386.rpm
562d315769c26db6b75825993e854ecc73e816fa i386/php-pdo-5.1.6-1.5.i386.rpm
fe3298930192b04874edd49f513cf6a1617e5f2f i386/php-odbc-5.1.6-1.5.i386.rpm
5f00f0bdb98693b10410af42681b6909128c1ce1 i386/php-gd-5.1.6-1.5.i386.rpm
259da340d4e9c240e3a0577334e274461a6e6189 i386/php-5.1.6-1.5.i386.rpm
8867d1852d6fbe2178034840c651c14301982af5 i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm
5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f i386/php-soap-5.1.6-1.5.i386.rpm
72693d70434fc6fc8281be8f85f6dcc3eb53a4a5 i386/php-ncurses-5.1.6-1.5.i386.rpm
9b3a6d07c3580034204654008fe8898a4e24c84c i386/php-ldap-5.1.6-1.5.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
FEDORA-2007-455 2007-04-18 Name : php Version : 5.1.6 Release : 1.5 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. This update fixes a number of security issues in PHP. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) - add security fixes for CVE-2007-0455, CVE-2007-1001, CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364) * Fri Feb 23 2007 Joe Orton 5.1.6-1.4 - fix pdo-abi provide * Tue Feb 20 2007 Joe Orton 5.1.6-1.3 - add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011) * Fri Nov 3 2006 Joe Orton 5.1.6-1.2 - add security fix for CVE-2006-5465 (#213732) * Fri Oct 6 2006 Joe Orton 5.1.6-1.1 - update to 5.1.6 (#201767, #204995) - add fix for upstream #38801 - add security fix for CVE-2006-4812 - drop Obsoletes for mod_php (#194590) - add php-pdo-abi versioning (#193202) - move php{-config,ize} man pages to -devel (#199382) 3acc2efde826494f4403464cab0ca7657100ebfb SRPMS/php-5.1.6-1.5.src.rpm 3acc2efde826494f4403464cab0ca7657100ebfb noarch/php-5.1.6-1.5.src.rpm a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab ppc/php-imap-5.1.6-1.5.ppc.rpm 2371ff00318392511255a098abe3dc60a02afc57 ppc/php-xml-5.1.6-1.5.ppc.rpm 67fc96ee713a8b232ca2235db81ec3ff34091d5e ppc/php-snmp-5.1.6-1.5.ppc.rpm 8a358224691dad2a5a104f85273164833e1716ed ppc/php-ncurses-5.1.6-1.5.ppc.rpm bb92f83ca915d03aa32c271406605a093163171b ppc/php-bcmath-5.1.6-1.5.ppc.rpm 9a0ba2559665bce0c4d98e84e368748a39d261aa ppc/php-5.1.6-1.5.ppc.rpm 93733fb5febe43b95945b7fb14682a7c3e50d6e6 ppc/php-pdo-5.1.6-1.5.ppc.rpm 6259e0b788eecdc623175455d99ae2795d31b43a ppc/php-devel-5.1.6-1.5.ppc.rpm ce67182f097f10f8f164b256058d5373b0527fe6 ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm 46412fad50c6b995e0845c937a9f66e2187d0141 ppc/php-soap-5.1.6-1.5.ppc.rpm b648af44ace9e22057d2a42c7c874a85e6bd6a4a ppc/php-odbc-5.1.6-1.5.ppc.rpm 0d2f2df06d1460640206cbbbb125614709792d21 ppc/php-dba-5.1.6-1.5.ppc.rpm 31528990ef677c95430426ae3334ab6666186766 ppc/php-mbstring-5.1.6-1.5.ppc.rpm 68ffe16f2bd35431bca5a5b7460013b7ef169083 ppc/php-gd-5.1.6-1.5.ppc.rpm 5fb8781025762d46e70ec8b9b8a35e3d31b5ed04 ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm f0eadde0805284ba5c11c177de0dc79abe43d79d ppc/php-ldap-5.1.6-1.5.ppc.rpm d2b14eba25de2c971cb229aa049b5fff0a516068 ppc/php-mysql-5.1.6-1.5.ppc.rpm 688327e56543579c4a2492edeb23d246a835017e ppc/php-pgsql-5.1.6-1.5.ppc.rpm a261ef8bec5f88705133aa6d819455a43cc85bcd x86_64/php-mysql-5.1.6-1.5.x86_64.rpm ec119d6df73f337e4c77f89824c1c71fcb41f148 x86_64/php-xml-5.1.6-1.5.x86_64.rpm 395d8f9d19755138343e8c29de0ecd633bfe1894 x86_64/php-soap-5.1.6-1.5.x86_64.rpm 7995f07ffd64492ea2b3164bfb3c091c69657703 x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm 13c77b3cbf07db7881f885e85a74dde07c910b57 x86_64/php-5.1.6-1.5.x86_64.rpm f285207c77e8d119fc741399c22af7ada04821db x86_64/php-pdo-5.1.6-1.5.x86_64.rpm 612314a9dcc3fd058fc89dde4140b47af5587eca x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm 780e74eb7233c6caaab6d3b0013f0fb3425bcdfb x86_64/php-ldap-5.1.6-1.5.x86_64.rpm bda586c6d3129cd4ec3a954def127b5b5a74d7c4 x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm c4545ee4c0c266222d2767edc70a6c1890cefc26 x86_64/php-dba-5.1.6-1.5.x86_64.rpm 97b9935c912432ccac25185a5d1b61c282c574c9 x86_64/php-odbc-5.1.6-1.5.x86_64.rpm 77f7ada0f37bd8ee02c01438572d833e8bdace0f x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm 971ddb46656a97d7936baffa3f048d57591a5ea9 x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm f61bdeda008058af56ae95bb7b4095df619ea696 x86_64/php-devel-5.1.6-1.5.x86_64.rpm 8d33b1406833a0f9e291e69adeea2fd382708ec9 x86_64/php-snmp-5.1.6-1.5.x86_64.rpm 5dd0f84a2f6be21bed6db74292b617fd88a0f502 x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm 7739c9ebafc087eb5e550be208c93e3e0782463c x86_64/php-imap-5.1.6-1.5.x86_64.rpm b8b31652e28d3ee2d31c644b2685639c161843f1 x86_64/php-gd-5.1.6-1.5.x86_64.rpm 5182fd38d92865263c2334b4889eb85eadf2d1be i386/php-mbstring-5.1.6-1.5.i386.rpm 04f3f2f49ba7bfafdc4b6edfa87023f48d94f168 i386/php-xmlrpc-5.1.6-1.5.i386.rpm 80a526ca1f9a88a6acd2e307b8c297ffd77c4268 i386/php-dba-5.1.6-1.5.i386.rpm a63ccf9714d62794eb43f3cd649eb55ddd932139 i386/php-devel-5.1.6-1.5.i386.rpm fb29c291bddfbc1edbc22198308cc85248d79d58 i386/php-mysql-5.1.6-1.5.i386.rpm 8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060 i386/php-snmp-5.1.6-1.5.i386.rpm 95fda6708a4456c0d35c9392e52cb294af3da7e5 i386/php-xml-5.1.6-1.5.i386.rpm 1a6285aae244b6c57a1ecb439b958a409276e45a i386/php-pgsql-5.1.6-1.5.i386.rpm 766d8b6740ee93bf80123d6861fd7ff3fcbf1223 i386/php-bcmath-5.1.6-1.5.i386.rpm 9d5f62294afc525b6d0adcc22faab62ad9d9f290 i386/php-imap-5.1.6-1.5.i386.rpm 562d315769c26db6b75825993e854ecc73e816fa i386/php-pdo-5.1.6-1.5.i386.rpm fe3298930192b04874edd49f513cf6a1617e5f2f i386/php-odbc-5.1.6-1.5.i386.rpm 5f00f0bdb98693b10410af42681b6909128c1ce1 i386/php-gd-5.1.6-1.5.i386.rpm 259da340d4e9c240e3a0577334e274461a6e6189 i386/php-5.1.6-1.5.i386.rpm 8867d1852d6fbe2178034840c651c14301982af5 i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm 5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f i386/php-soap-5.1.6-1.5.i386.rpm 72693d70434fc6fc8281be8f85f6dcc3eb53a4a5 i386/php-ncurses-5.1.6-1.5.i386.rpm 9b3a6d07c3580034204654008fe8898a4e24c84c i386/php-ldap-5.1.6-1.5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce
Change Log
References
Update Instructions
