Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Fedora Core 5 Update: php-5.1.6-1.6 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This update fixes a number of security issues in PHP. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user.
Fedora Update Notification

Product     : Fedora Core 5
Name        : php
Version     : 5.1.6
Release     : 1.6
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

Update Information:

This update fixes a number of security issues in PHP.

A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user. Note that this
flaw does not affect PHP applications using the pure-PHP
XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script
used this extension to provide access to a private FTP
server, and passed untrusted script input directly to any
function provided by this extension, a remote attacker would
be able to send arbitrary FTP commands to the server.

A buffer overflow flaw was found in the PHP 'soap'
extension, regarding the handling of an HTTP redirect
response when using the SOAP client provided by this
extension with an untrusted SOAP server. No mechanism to
trigger this flaw remotely is known. (CVE-2007-2510)
* Wed May  9 2007 Joe Orton  5.1.6-1.6
- add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016)
* Thu Apr  5 2007 Joe Orton  5.1.6-1.5
- add security fixes for CVE-2007-0455, CVE-2007-1001, 
  CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
* Fri Feb 23 2007 Joe Orton  5.1.6-1.4
- fix pdo-abi provide
* Tue Feb 20 2007 Joe Orton  5.1.6-1.3
- add security fixes for: CVE-2007-0906, CVE-2007-0907, 
  CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
* Fri Nov  3 2006 Joe Orton  5.1.6-1.2
- add security fix for CVE-2006-5465 (#213732)
* Fri Oct  6 2006 Joe Orton  5.1.6-1.1
- update to 5.1.6 (#201767, #204995)
- add fix for upstream #38801
- add security fix for CVE-2006-4812
- drop Obsoletes for mod_php (#194590)
- add php-pdo-abi versioning (#193202)
- move php{-config,ize} man pages to -devel (#199382)

This update can be downloaded from:

82efb63b8164c8640948b7abd9dd527fce07e95f  SRPMS/php-5.1.6-1.6.src.rpm
82efb63b8164c8640948b7abd9dd527fce07e95f  noarch/php-5.1.6-1.6.src.rpm
a5710ca823e349ced47b30c798e7c5e22fcbd9ea  ppc/php-5.1.6-1.6.ppc.rpm
20b84a9539622a416aea0b8a313772ce8a977769  ppc/php-xmlrpc-5.1.6-1.6.ppc.rpm
e28986afd4df27ca1e3f82205d86ad59219c5cef  ppc/php-mbstring-5.1.6-1.6.ppc.rpm
e2c2f324e67330ee82db26ab205932be5cbf890c  ppc/php-bcmath-5.1.6-1.6.ppc.rpm
e0a686e0cf557f4686c403925b351dee3c3e3894  ppc/php-ldap-5.1.6-1.6.ppc.rpm
9126717490cb8fa5d44e97b9b720b39df55b5375  ppc/debug/php-debuginfo-5.1.6-1.6.ppc.rpm
23772d91b23207ac50160c4c5a910940b9c36d94  ppc/php-gd-5.1.6-1.6.ppc.rpm
58f9717ab0932be1acf262e46d4aab5f8776c99a  ppc/php-soap-5.1.6-1.6.ppc.rpm
ad40644efbe40306e4edb261ddb33e0f801550e0  ppc/php-ncurses-5.1.6-1.6.ppc.rpm
83aebbaaf9f69bee988cc37f69e88e40d31866a8  ppc/php-pgsql-5.1.6-1.6.ppc.rpm
02541d25b1b4ff0dca2adf7add84cfd59893e6b2  ppc/php-dba-5.1.6-1.6.ppc.rpm
23f9f51eba68f4df51e844f7b3eb04a351db5f82  ppc/php-snmp-5.1.6-1.6.ppc.rpm
53b3b1c89ef1a7904a2ff2c3d54ae9c1cdb164c6  ppc/php-xml-5.1.6-1.6.ppc.rpm
f66f442cbc97bf07b5c2eaf1b510f957c528618a  ppc/php-mysql-5.1.6-1.6.ppc.rpm
2594340c25cb5422c8daf015df5d80fe166be393  ppc/php-imap-5.1.6-1.6.ppc.rpm
5de3d50a1bb5f96da59520671dcd5bc3e7adc8a9  ppc/php-pdo-5.1.6-1.6.ppc.rpm
daa6530e8fdf1431d3a56d1b391fa239769254af  ppc/php-odbc-5.1.6-1.6.ppc.rpm
1f32c323282745d508da99931ccdfd8cec678161  ppc/php-devel-5.1.6-1.6.ppc.rpm
038c637938d291995ec10953f537f7aa7af28495  x86_64/php-pgsql-5.1.6-1.6.x86_64.rpm
a15a40b309061b87750e0616aa75a22bb50dfdf7  x86_64/php-bcmath-5.1.6-1.6.x86_64.rpm
91d24f6c318e68a4c64e21ecddcb3c28f54839cd  x86_64/php-ncurses-5.1.6-1.6.x86_64.rpm
e229637107f4c8d52b6518e32148b47156a9dbaf  x86_64/debug/php-debuginfo-5.1.6-1.6.x86_64.rpm
af25cf8a33e6dae1d55e1a200619c09b2d485ccb  x86_64/php-5.1.6-1.6.x86_64.rpm
64ee9228dedb5edf8320815e153b430d55e6ac88  x86_64/php-ldap-5.1.6-1.6.x86_64.rpm
64ef3804b62d761b2fb1f03305d9c1d81cfd1547  x86_64/php-soap-5.1.6-1.6.x86_64.rpm
970d5e920fd5251d9370fc0d750eefcbf668c699  x86_64/php-dba-5.1.6-1.6.x86_64.rpm
929168d9a3e145ed5c9c6d9f8ea73363a1036fdd  x86_64/php-gd-5.1.6-1.6.x86_64.rpm
80102cd57264aad342473eca104d18dee4171bea  x86_64/php-devel-5.1.6-1.6.x86_64.rpm
43a1f33efd279bb3a7c132d5b4c4fe1353669fc7  x86_64/php-imap-5.1.6-1.6.x86_64.rpm
8ba73e3e2aa7b2a06e0648edbf6ca49b2a39acab  x86_64/php-xml-5.1.6-1.6.x86_64.rpm
55518e43298156315ea24b3df1e1f278a84ffa36  x86_64/php-mysql-5.1.6-1.6.x86_64.rpm
758e21693582f484f45034e4208ed061f166cba0  x86_64/php-xmlrpc-5.1.6-1.6.x86_64.rpm
957963dbddf499ce0e6fd0d937337b21dd66740c  x86_64/php-pdo-5.1.6-1.6.x86_64.rpm
c6d1bdeed6e9f74ffce92897384dd73485f6c7a7  x86_64/php-mbstring-5.1.6-1.6.x86_64.rpm
a65b9f21a7ba170fc17134e201bdc7ee63962421  x86_64/php-snmp-5.1.6-1.6.x86_64.rpm
e9b8a31712be7342c2f6e439740772a7e60f3d33  x86_64/php-odbc-5.1.6-1.6.x86_64.rpm
a9a0c8b5ce548824285a1341464090dba3d551e5  i386/php-xml-5.1.6-1.6.i386.rpm
04266f1d89faf9049f5f26a53305458bd7b4486e  i386/php-pdo-5.1.6-1.6.i386.rpm
e01a54b838910252e2120dd76b5087acc7056bed  i386/php-imap-5.1.6-1.6.i386.rpm
adb9805f47c01e568011ae2cbc0e2e97de2edbe4  i386/php-xmlrpc-5.1.6-1.6.i386.rpm
c5ec295f6be39e238ca1e56af1310b859784e24f  i386/php-bcmath-5.1.6-1.6.i386.rpm
e026fa792ff7c9947b332108b8f604742e3e9fc2  i386/debug/php-debuginfo-5.1.6-1.6.i386.rpm
2c6b6afda734d05797a8edb41f23619743d65b0a  i386/php-dba-5.1.6-1.6.i386.rpm
16c8db332d6baa10cd869e3fc13fb73a69544e8a  i386/php-5.1.6-1.6.i386.rpm
88034a31f5ed88981a41e69d9f8d0bce53052d3d  i386/php-ncurses-5.1.6-1.6.i386.rpm
1d7d8705e3b57e3a0125192afcf2c5b0554616c5  i386/php-devel-5.1.6-1.6.i386.rpm
662415d12d3b5ad06da97e4eee738611edbd4a80  i386/php-mbstring-5.1.6-1.6.i386.rpm
8734486e4d593c31d03e8d50cca3187bd5cee1c4  i386/php-odbc-5.1.6-1.6.i386.rpm
d6e5c4ddba272f8eb9b1c3b246792238f76c380e  i386/php-gd-5.1.6-1.6.i386.rpm
436a33efb954dd69d4cf1fad76397e7cd0963952  i386/php-pgsql-5.1.6-1.6.i386.rpm
a5fcd1d00a7a0f765b7fcd9ff7417274c49ee071  i386/php-mysql-5.1.6-1.6.i386.rpm
c7534ef580a5eae406ac3cd7f5fb0eb610e3b1f2  i386/php-snmp-5.1.6-1.6.i386.rpm
40adab182711178dfff70c0c75a92d1b92104965  i386/php-ldap-5.1.6-1.6.i386.rpm
7ffcac7e33e1a691f4e72ac7c8d64e9885b03e6f  i386/php-soap-5.1.6-1.6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at

Fedora-package-announce mailing list
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Tech Companies, Privacy Advocates Call for NSA Reform
Google warns of unauthorized TLS certificates trusted by almost all OSes
How Kevin Mitnick hacked the audience at CeBIT 2015
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.