- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: PHP security update
Advisory ID:       RHSA-2005:406-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2005:406.html
Issue date:        2005-05-04
Updated on:        2005-05-04
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1392 CAN-2005-0524 CAN-2005-0525 CAN-2005-1042 CAN-2005-1043
- ---------------------------------------------------------------------1. Summary:

Updated PHP packages that fix various security issues are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of time
by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2005-0524 and CAN-2005-0525 to these issues.

A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in such
a way it could execute arbitrary instructions when processed by PHP. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1042 to this issue.

A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an infinite
loop for a short period of time by supplying a carefully crafted image file
to PHP for processing. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.

Several bug fixes are also included in this update:

- - some performance issues in the unserialize() function have been fixed

- - the behaviour of the interpreter when handling integer overflow during
conversion of a floating variable to an integer has been reverted to match
the behaviour used upstream; the integer will now be wrapped rather than
truncated

- - a fix for the virtual() function in the Apache httpd module which would
flush the response prematurely

- - the hard-coded default "safe mode" setting is now "disabled" rather than
"enabled"; to match the default /etc/php.ini setting

- - in the curl extension, safe mode was not enforced for 'file:///' URL
lookups (CAN-2004-1392).

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

153140 - CAN-2005-0524 PHP getimagesize() Multiple Denial of Service Vulnerabilities CAN-2005-0525
154021 - CAN-2005-1042 PHP exif buffer overflow
154025 - CAN-2005-1043 PHP exif infinite stack recursion
153108 - Error in configure prevents php SRPM rebuild on x86_64 w/ mssql module

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
d5fe9ec64d9b088d33fba6b422692759  php-4.3.9-3.6.src.rpm

i386:
e6b3dec49276a9f55f649ee11ad9a57f  php-4.3.9-3.6.i386.rpm
dec68f32f7b6a81ef65eba621fa1a0d9  php-devel-4.3.9-3.6.i386.rpm
c477c8715216df92374dd2eb8a413a1c  php-domxml-4.3.9-3.6.i386.rpm
b280f4af2d6f4f22fe4166b551fd555f  php-gd-4.3.9-3.6.i386.rpm
388d1fd84b71b73d08e1760c1c7631b0  php-imap-4.3.9-3.6.i386.rpm
68596bd50cf862b05f06aea2a50840fc  php-ldap-4.3.9-3.6.i386.rpm
161ee9a99f1de705b0c29039433c5860  php-mbstring-4.3.9-3.6.i386.rpm
dd619659f914b0bb2b529953e96bc4c3  php-mysql-4.3.9-3.6.i386.rpm
f9c79b705fdf2cb6094c364de136dad1  php-ncurses-4.3.9-3.6.i386.rpm
6a6fa57c82b88efbbac814e85f87a437  php-odbc-4.3.9-3.6.i386.rpm
7a27e0a44227fc28f4f6359efea74ac0  php-pear-4.3.9-3.6.i386.rpm
f9af896be1f91ce5a86761c59abb5724  php-pgsql-4.3.9-3.6.i386.rpm
42c9c29f2a458e6135272129107d254a  php-snmp-4.3.9-3.6.i386.rpm
b6358e214ce0b6fcd55326fe01f5b283  php-xmlrpc-4.3.9-3.6.i386.rpm

ia64:
ca48b359773117e4ac25c13674b8239a  php-4.3.9-3.6.ia64.rpm
edf8a6473c645a320e56db25ee5c5f77  php-devel-4.3.9-3.6.ia64.rpm
b506cff6040c02c458614709f93deb72  php-domxml-4.3.9-3.6.ia64.rpm
5b996f675e56b1fd9c41728369d2f695  php-gd-4.3.9-3.6.ia64.rpm
8f51d934a3565e140eea30c606f9578b  php-imap-4.3.9-3.6.ia64.rpm
8c53a9213e712ee18c732703315c70f2  php-ldap-4.3.9-3.6.ia64.rpm
702bd6a773d83bf3cad7a6ed88053a20  php-mbstring-4.3.9-3.6.ia64.rpm
4cbcc793616a3efe929a27ed97ac5dc7  php-mysql-4.3.9-3.6.ia64.rpm
a6d4bebfdb50cb47d5c63b8e9e9fb067  php-ncurses-4.3.9-3.6.ia64.rpm
d84ce81aba2c288106c581fa860779f6  php-odbc-4.3.9-3.6.ia64.rpm
5a9ffec4e4d66303f6fb798fefb2cc92  php-pear-4.3.9-3.6.ia64.rpm
c3a8e95043607e36cc58c2c4231ec182  php-pgsql-4.3.9-3.6.ia64.rpm
d3a77b7803e095d07ebbc302e1d2375c  php-snmp-4.3.9-3.6.ia64.rpm
c82f852d1d085813add96006b57b72f9  php-xmlrpc-4.3.9-3.6.ia64.rpm

ppc:
ede8214fb515e266ad136e0b1b09e32d  php-4.3.9-3.6.ppc.rpm
eef46e64ddfc55cfbf7222097db2a7cc  php-devel-4.3.9-3.6.ppc.rpm
46f381bc8a436d716f85929cae872d1e  php-domxml-4.3.9-3.6.ppc.rpm
a4150d0a17884105b01fa3d22d0d7167  php-gd-4.3.9-3.6.ppc.rpm
a370de5427bae762e7df6b82fb6be871  php-imap-4.3.9-3.6.ppc.rpm
7ae574dea5a63d621b58cea3adff2389  php-ldap-4.3.9-3.6.ppc.rpm
4782b4e5bc81da7a38f6afd33b30fff4  php-mbstring-4.3.9-3.6.ppc.rpm
ac87e3535affd8cc4d2df68e6459cadf  php-mysql-4.3.9-3.6.ppc.rpm
dbf229c34dcd81904992f9e8c8850c8b  php-ncurses-4.3.9-3.6.ppc.rpm
5323449a1500ce2967dea7b6c1071b99  php-odbc-4.3.9-3.6.ppc.rpm
6f71d37033929f5a365953dac0061d44  php-pear-4.3.9-3.6.ppc.rpm
a5b319e2e00b379bf4046a34fa97ee0b  php-pgsql-4.3.9-3.6.ppc.rpm
d2f65ab2a6d501c92192924a6c07a7fe  php-snmp-4.3.9-3.6.ppc.rpm
5bf06ac7bc707b606f6692ff991cef12  php-xmlrpc-4.3.9-3.6.ppc.rpm

s390:
510fa9fa6249b9da36e0e642a4b4c65b  php-4.3.9-3.6.s390.rpm
ba5b1804681cd24b7db772775fbba22e  php-devel-4.3.9-3.6.s390.rpm
8cc4e9be48f3ef0571b3354bcaffbd95  php-domxml-4.3.9-3.6.s390.rpm
625509481232205bdb863e1e6e22afae  php-gd-4.3.9-3.6.s390.rpm
7983b29819c09a252e47172190c80d81  php-imap-4.3.9-3.6.s390.rpm
567ec382643db941f83abf8f16edc6c0  php-ldap-4.3.9-3.6.s390.rpm
05d4f05fc4c4094a06f1b8207f9ad89d  php-mbstring-4.3.9-3.6.s390.rpm
d53ffa2d6e0923e7166c8022bbc30a4d  php-mysql-4.3.9-3.6.s390.rpm
a89757eeb6436209123b2036d749a764  php-ncurses-4.3.9-3.6.s390.rpm
c682bf5b7279171e62f8d87cb70be19d  php-odbc-4.3.9-3.6.s390.rpm
45384794b6a55f3d1b8a3ea21df42426  php-pear-4.3.9-3.6.s390.rpm
da312b4db79a2f9afe110e2fcbc56192  php-pgsql-4.3.9-3.6.s390.rpm
085d9f402800236a472f019735a11f50  php-snmp-4.3.9-3.6.s390.rpm
c605a266583b2df2f1c1c91dafb83754  php-xmlrpc-4.3.9-3.6.s390.rpm

s390x:
902564cdf58b6cb0f89cd5f38623a8ab  php-4.3.9-3.6.s390x.rpm
e080ca24c93f9a18dbb38e9d24d3611d  php-devel-4.3.9-3.6.s390x.rpm
86985195834fed37a74cce10dc27e5f0  php-domxml-4.3.9-3.6.s390x.rpm
f957b6e31cd779e40af80ec2df8edd80  php-gd-4.3.9-3.6.s390x.rpm
c07157fa45efa675c4d5a0756556744e  php-imap-4.3.9-3.6.s390x.rpm
7f294299196a582156b00e024203db11  php-ldap-4.3.9-3.6.s390x.rpm
8945c474ccb0d4bd9c075b70a35d4f61  php-mbstring-4.3.9-3.6.s390x.rpm
37ea59a51039caa0598b499386dcb9e8  php-mysql-4.3.9-3.6.s390x.rpm
fab10b9b14e2198173f05bc558707426  php-ncurses-4.3.9-3.6.s390x.rpm
01b6987c00cd409792ed892edf6af0e9  php-odbc-4.3.9-3.6.s390x.rpm
3859d5435c30ecbf81a91a475c7cc884  php-pear-4.3.9-3.6.s390x.rpm
8aca4a1314205f0d5b27d750f5b81aaf  php-pgsql-4.3.9-3.6.s390x.rpm
03367720dabc350dd390ce9381009978  php-snmp-4.3.9-3.6.s390x.rpm
bcef904a595e3426e89a811d95e1e2cf  php-xmlrpc-4.3.9-3.6.s390x.rpm

x86_64:
36ad952143370c9681749219bfcc29b9  php-4.3.9-3.6.x86_64.rpm
4929a11c872deafc1ba16d6b50655979  php-devel-4.3.9-3.6.x86_64.rpm
24afded4f53e74ed856506525c259139  php-domxml-4.3.9-3.6.x86_64.rpm
f8c965c5c51f5b0d3878c4c0d4ac8c9b  php-gd-4.3.9-3.6.x86_64.rpm
0465b619b7c336fa93bcfcf5efe4f1df  php-imap-4.3.9-3.6.x86_64.rpm
a9d50a65606a521692f644a74a68ca62  php-ldap-4.3.9-3.6.x86_64.rpm
4d4bb76106ffc2e6681e392d399f1794  php-mbstring-4.3.9-3.6.x86_64.rpm
7de7ccad652ca3a20f3008c8d6114292  php-mysql-4.3.9-3.6.x86_64.rpm
cab9624b284fd3d48b0ddd8f79a6e9cb  php-ncurses-4.3.9-3.6.x86_64.rpm
4ea2d7abdc356e4f2774fc015c61a780  php-odbc-4.3.9-3.6.x86_64.rpm
4ddb8fd7521302a6fdfdf64532f03097  php-pear-4.3.9-3.6.x86_64.rpm
c5d2da0d469a4b07914fbe7acbf8dd7f  php-pgsql-4.3.9-3.6.x86_64.rpm
0a3316402b15ee07e8426840ca266f0a  php-snmp-4.3.9-3.6.x86_64.rpm
191ae444e1a69424e6663ba1bc559e34  php-xmlrpc-4.3.9-3.6.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
d5fe9ec64d9b088d33fba6b422692759  php-4.3.9-3.6.src.rpm

i386:
e6b3dec49276a9f55f649ee11ad9a57f  php-4.3.9-3.6.i386.rpm
dec68f32f7b6a81ef65eba621fa1a0d9  php-devel-4.3.9-3.6.i386.rpm
c477c8715216df92374dd2eb8a413a1c  php-domxml-4.3.9-3.6.i386.rpm
b280f4af2d6f4f22fe4166b551fd555f  php-gd-4.3.9-3.6.i386.rpm
388d1fd84b71b73d08e1760c1c7631b0  php-imap-4.3.9-3.6.i386.rpm
68596bd50cf862b05f06aea2a50840fc  php-ldap-4.3.9-3.6.i386.rpm
161ee9a99f1de705b0c29039433c5860  php-mbstring-4.3.9-3.6.i386.rpm
dd619659f914b0bb2b529953e96bc4c3  php-mysql-4.3.9-3.6.i386.rpm
f9c79b705fdf2cb6094c364de136dad1  php-ncurses-4.3.9-3.6.i386.rpm
6a6fa57c82b88efbbac814e85f87a437  php-odbc-4.3.9-3.6.i386.rpm
7a27e0a44227fc28f4f6359efea74ac0  php-pear-4.3.9-3.6.i386.rpm
f9af896be1f91ce5a86761c59abb5724  php-pgsql-4.3.9-3.6.i386.rpm
42c9c29f2a458e6135272129107d254a  php-snmp-4.3.9-3.6.i386.rpm
b6358e214ce0b6fcd55326fe01f5b283  php-xmlrpc-4.3.9-3.6.i386.rpm

x86_64:
36ad952143370c9681749219bfcc29b9  php-4.3.9-3.6.x86_64.rpm
4929a11c872deafc1ba16d6b50655979  php-devel-4.3.9-3.6.x86_64.rpm
24afded4f53e74ed856506525c259139  php-domxml-4.3.9-3.6.x86_64.rpm
f8c965c5c51f5b0d3878c4c0d4ac8c9b  php-gd-4.3.9-3.6.x86_64.rpm
0465b619b7c336fa93bcfcf5efe4f1df  php-imap-4.3.9-3.6.x86_64.rpm
a9d50a65606a521692f644a74a68ca62  php-ldap-4.3.9-3.6.x86_64.rpm
4d4bb76106ffc2e6681e392d399f1794  php-mbstring-4.3.9-3.6.x86_64.rpm
7de7ccad652ca3a20f3008c8d6114292  php-mysql-4.3.9-3.6.x86_64.rpm
cab9624b284fd3d48b0ddd8f79a6e9cb  php-ncurses-4.3.9-3.6.x86_64.rpm
4ea2d7abdc356e4f2774fc015c61a780  php-odbc-4.3.9-3.6.x86_64.rpm
4ddb8fd7521302a6fdfdf64532f03097  php-pear-4.3.9-3.6.x86_64.rpm
c5d2da0d469a4b07914fbe7acbf8dd7f  php-pgsql-4.3.9-3.6.x86_64.rpm
0a3316402b15ee07e8426840ca266f0a  php-snmp-4.3.9-3.6.x86_64.rpm
191ae444e1a69424e6663ba1bc559e34  php-xmlrpc-4.3.9-3.6.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
d5fe9ec64d9b088d33fba6b422692759  php-4.3.9-3.6.src.rpm

i386:
e6b3dec49276a9f55f649ee11ad9a57f  php-4.3.9-3.6.i386.rpm
dec68f32f7b6a81ef65eba621fa1a0d9  php-devel-4.3.9-3.6.i386.rpm
c477c8715216df92374dd2eb8a413a1c  php-domxml-4.3.9-3.6.i386.rpm
b280f4af2d6f4f22fe4166b551fd555f  php-gd-4.3.9-3.6.i386.rpm
388d1fd84b71b73d08e1760c1c7631b0  php-imap-4.3.9-3.6.i386.rpm
68596bd50cf862b05f06aea2a50840fc  php-ldap-4.3.9-3.6.i386.rpm
161ee9a99f1de705b0c29039433c5860  php-mbstring-4.3.9-3.6.i386.rpm
dd619659f914b0bb2b529953e96bc4c3  php-mysql-4.3.9-3.6.i386.rpm
f9c79b705fdf2cb6094c364de136dad1  php-ncurses-4.3.9-3.6.i386.rpm
6a6fa57c82b88efbbac814e85f87a437  php-odbc-4.3.9-3.6.i386.rpm
7a27e0a44227fc28f4f6359efea74ac0  php-pear-4.3.9-3.6.i386.rpm
f9af896be1f91ce5a86761c59abb5724  php-pgsql-4.3.9-3.6.i386.rpm
42c9c29f2a458e6135272129107d254a  php-snmp-4.3.9-3.6.i386.rpm
b6358e214ce0b6fcd55326fe01f5b283  php-xmlrpc-4.3.9-3.6.i386.rpm

ia64:
ca48b359773117e4ac25c13674b8239a  php-4.3.9-3.6.ia64.rpm
edf8a6473c645a320e56db25ee5c5f77  php-devel-4.3.9-3.6.ia64.rpm
b506cff6040c02c458614709f93deb72  php-domxml-4.3.9-3.6.ia64.rpm
5b996f675e56b1fd9c41728369d2f695  php-gd-4.3.9-3.6.ia64.rpm
8f51d934a3565e140eea30c606f9578b  php-imap-4.3.9-3.6.ia64.rpm
8c53a9213e712ee18c732703315c70f2  php-ldap-4.3.9-3.6.ia64.rpm
702bd6a773d83bf3cad7a6ed88053a20  php-mbstring-4.3.9-3.6.ia64.rpm
4cbcc793616a3efe929a27ed97ac5dc7  php-mysql-4.3.9-3.6.ia64.rpm
a6d4bebfdb50cb47d5c63b8e9e9fb067  php-ncurses-4.3.9-3.6.ia64.rpm
d84ce81aba2c288106c581fa860779f6  php-odbc-4.3.9-3.6.ia64.rpm
5a9ffec4e4d66303f6fb798fefb2cc92  php-pear-4.3.9-3.6.ia64.rpm
c3a8e95043607e36cc58c2c4231ec182  php-pgsql-4.3.9-3.6.ia64.rpm
d3a77b7803e095d07ebbc302e1d2375c  php-snmp-4.3.9-3.6.ia64.rpm
c82f852d1d085813add96006b57b72f9  php-xmlrpc-4.3.9-3.6.ia64.rpm

x86_64:
36ad952143370c9681749219bfcc29b9  php-4.3.9-3.6.x86_64.rpm
4929a11c872deafc1ba16d6b50655979  php-devel-4.3.9-3.6.x86_64.rpm
24afded4f53e74ed856506525c259139  php-domxml-4.3.9-3.6.x86_64.rpm
f8c965c5c51f5b0d3878c4c0d4ac8c9b  php-gd-4.3.9-3.6.x86_64.rpm
0465b619b7c336fa93bcfcf5efe4f1df  php-imap-4.3.9-3.6.x86_64.rpm
a9d50a65606a521692f644a74a68ca62  php-ldap-4.3.9-3.6.x86_64.rpm
4d4bb76106ffc2e6681e392d399f1794  php-mbstring-4.3.9-3.6.x86_64.rpm
7de7ccad652ca3a20f3008c8d6114292  php-mysql-4.3.9-3.6.x86_64.rpm
cab9624b284fd3d48b0ddd8f79a6e9cb  php-ncurses-4.3.9-3.6.x86_64.rpm
4ea2d7abdc356e4f2774fc015c61a780  php-odbc-4.3.9-3.6.x86_64.rpm
4ddb8fd7521302a6fdfdf64532f03097  php-pear-4.3.9-3.6.x86_64.rpm
c5d2da0d469a4b07914fbe7acbf8dd7f  php-pgsql-4.3.9-3.6.x86_64.rpm
0a3316402b15ee07e8426840ca266f0a  php-snmp-4.3.9-3.6.x86_64.rpm
191ae444e1a69424e6663ba1bc559e34  php-xmlrpc-4.3.9-3.6.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
d5fe9ec64d9b088d33fba6b422692759  php-4.3.9-3.6.src.rpm

i386:
e6b3dec49276a9f55f649ee11ad9a57f  php-4.3.9-3.6.i386.rpm
dec68f32f7b6a81ef65eba621fa1a0d9  php-devel-4.3.9-3.6.i386.rpm
c477c8715216df92374dd2eb8a413a1c  php-domxml-4.3.9-3.6.i386.rpm
b280f4af2d6f4f22fe4166b551fd555f  php-gd-4.3.9-3.6.i386.rpm
388d1fd84b71b73d08e1760c1c7631b0  php-imap-4.3.9-3.6.i386.rpm
68596bd50cf862b05f06aea2a50840fc  php-ldap-4.3.9-3.6.i386.rpm
161ee9a99f1de705b0c29039433c5860  php-mbstring-4.3.9-3.6.i386.rpm
dd619659f914b0bb2b529953e96bc4c3  php-mysql-4.3.9-3.6.i386.rpm
f9c79b705fdf2cb6094c364de136dad1  php-ncurses-4.3.9-3.6.i386.rpm
6a6fa57c82b88efbbac814e85f87a437  php-odbc-4.3.9-3.6.i386.rpm
7a27e0a44227fc28f4f6359efea74ac0  php-pear-4.3.9-3.6.i386.rpm
f9af896be1f91ce5a86761c59abb5724  php-pgsql-4.3.9-3.6.i386.rpm
42c9c29f2a458e6135272129107d254a  php-snmp-4.3.9-3.6.i386.rpm
b6358e214ce0b6fcd55326fe01f5b283  php-xmlrpc-4.3.9-3.6.i386.rpm

ia64:
ca48b359773117e4ac25c13674b8239a  php-4.3.9-3.6.ia64.rpm
edf8a6473c645a320e56db25ee5c5f77  php-devel-4.3.9-3.6.ia64.rpm
b506cff6040c02c458614709f93deb72  php-domxml-4.3.9-3.6.ia64.rpm
5b996f675e56b1fd9c41728369d2f695  php-gd-4.3.9-3.6.ia64.rpm
8f51d934a3565e140eea30c606f9578b  php-imap-4.3.9-3.6.ia64.rpm
8c53a9213e712ee18c732703315c70f2  php-ldap-4.3.9-3.6.ia64.rpm
702bd6a773d83bf3cad7a6ed88053a20  php-mbstring-4.3.9-3.6.ia64.rpm
4cbcc793616a3efe929a27ed97ac5dc7  php-mysql-4.3.9-3.6.ia64.rpm
a6d4bebfdb50cb47d5c63b8e9e9fb067  php-ncurses-4.3.9-3.6.ia64.rpm
d84ce81aba2c288106c581fa860779f6  php-odbc-4.3.9-3.6.ia64.rpm
5a9ffec4e4d66303f6fb798fefb2cc92  php-pear-4.3.9-3.6.ia64.rpm
c3a8e95043607e36cc58c2c4231ec182  php-pgsql-4.3.9-3.6.ia64.rpm
d3a77b7803e095d07ebbc302e1d2375c  php-snmp-4.3.9-3.6.ia64.rpm
c82f852d1d085813add96006b57b72f9  php-xmlrpc-4.3.9-3.6.ia64.rpm

x86_64:
36ad952143370c9681749219bfcc29b9  php-4.3.9-3.6.x86_64.rpm
4929a11c872deafc1ba16d6b50655979  php-devel-4.3.9-3.6.x86_64.rpm
24afded4f53e74ed856506525c259139  php-domxml-4.3.9-3.6.x86_64.rpm
f8c965c5c51f5b0d3878c4c0d4ac8c9b  php-gd-4.3.9-3.6.x86_64.rpm
0465b619b7c336fa93bcfcf5efe4f1df  php-imap-4.3.9-3.6.x86_64.rpm
a9d50a65606a521692f644a74a68ca62  php-ldap-4.3.9-3.6.x86_64.rpm
4d4bb76106ffc2e6681e392d399f1794  php-mbstring-4.3.9-3.6.x86_64.rpm
7de7ccad652ca3a20f3008c8d6114292  php-mysql-4.3.9-3.6.x86_64.rpm
cab9624b284fd3d48b0ddd8f79a6e9cb  php-ncurses-4.3.9-3.6.x86_64.rpm
4ea2d7abdc356e4f2774fc015c61a780  php-odbc-4.3.9-3.6.x86_64.rpm
4ddb8fd7521302a6fdfdf64532f03097  php-pear-4.3.9-3.6.x86_64.rpm
c5d2da0d469a4b07914fbe7acbf8dd7f  php-pgsql-4.3.9-3.6.x86_64.rpm
0a3316402b15ee07e8426840ca266f0a  php-snmp-4.3.9-3.6.x86_64.rpm
191ae444e1a69424e6663ba1bc559e34  php-xmlrpc-4.3.9-3.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

RedHat: Moderate: PHP security update

Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Summary



Summary

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. Several bug fixes are also included in this update: - - some performance issues in the unserialize() function have been fixed - - the behaviour of the interpreter when handling integer overflow during conversion of a floating variable to an integer has been reverted to match the behaviour used upstream; the integer will now be wrapped rather than truncated - - a fix for the virtual() function in the Apache httpd module which would flush the response prematurely - - the hard-coded default "safe mode" setting is now "disabled" rather than "enabled"; to match the default /etc/php.ini setting - - in the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392). Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
153140 - CAN-2005-0524 PHP getimagesize() Multiple Denial of Service Vulnerabilities CAN-2005-0525 154021 - CAN-2005-1042 PHP exif buffer overflow 154025 - CAN-2005-1043 PHP exif infinite stack recursion 153108 - Error in configure prevents php SRPM rebuild on x86_64 w/ mssql module
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: d5fe9ec64d9b088d33fba6b422692759 php-4.3.9-3.6.src.rpm
i386: e6b3dec49276a9f55f649ee11ad9a57f php-4.3.9-3.6.i386.rpm dec68f32f7b6a81ef65eba621fa1a0d9 php-devel-4.3.9-3.6.i386.rpm c477c8715216df92374dd2eb8a413a1c php-domxml-4.3.9-3.6.i386.rpm b280f4af2d6f4f22fe4166b551fd555f php-gd-4.3.9-3.6.i386.rpm 388d1fd84b71b73d08e1760c1c7631b0 php-imap-4.3.9-3.6.i386.rpm 68596bd50cf862b05f06aea2a50840fc php-ldap-4.3.9-3.6.i386.rpm 161ee9a99f1de705b0c29039433c5860 php-mbstring-4.3.9-3.6.i386.rpm dd619659f914b0bb2b529953e96bc4c3 php-mysql-4.3.9-3.6.i386.rpm f9c79b705fdf2cb6094c364de136dad1 php-ncurses-4.3.9-3.6.i386.rpm 6a6fa57c82b88efbbac814e85f87a437 php-odbc-4.3.9-3.6.i386.rpm 7a27e0a44227fc28f4f6359efea74ac0 php-pear-4.3.9-3.6.i386.rpm f9af896be1f91ce5a86761c59abb5724 php-pgsql-4.3.9-3.6.i386.rpm 42c9c29f2a458e6135272129107d254a php-snmp-4.3.9-3.6.i386.rpm b6358e214ce0b6fcd55326fe01f5b283 php-xmlrpc-4.3.9-3.6.i386.rpm
ia64: ca48b359773117e4ac25c13674b8239a php-4.3.9-3.6.ia64.rpm edf8a6473c645a320e56db25ee5c5f77 php-devel-4.3.9-3.6.ia64.rpm b506cff6040c02c458614709f93deb72 php-domxml-4.3.9-3.6.ia64.rpm 5b996f675e56b1fd9c41728369d2f695 php-gd-4.3.9-3.6.ia64.rpm 8f51d934a3565e140eea30c606f9578b php-imap-4.3.9-3.6.ia64.rpm 8c53a9213e712ee18c732703315c70f2 php-ldap-4.3.9-3.6.ia64.rpm 702bd6a773d83bf3cad7a6ed88053a20 php-mbstring-4.3.9-3.6.ia64.rpm 4cbcc793616a3efe929a27ed97ac5dc7 php-mysql-4.3.9-3.6.ia64.rpm a6d4bebfdb50cb47d5c63b8e9e9fb067 php-ncurses-4.3.9-3.6.ia64.rpm d84ce81aba2c288106c581fa860779f6 php-odbc-4.3.9-3.6.ia64.rpm 5a9ffec4e4d66303f6fb798fefb2cc92 php-pear-4.3.9-3.6.ia64.rpm c3a8e95043607e36cc58c2c4231ec182 php-pgsql-4.3.9-3.6.ia64.rpm d3a77b7803e095d07ebbc302e1d2375c php-snmp-4.3.9-3.6.ia64.rpm c82f852d1d085813add96006b57b72f9 php-xmlrpc-4.3.9-3.6.ia64.rpm
ppc: ede8214fb515e266ad136e0b1b09e32d php-4.3.9-3.6.ppc.rpm eef46e64ddfc55cfbf7222097db2a7cc php-devel-4.3.9-3.6.ppc.rpm 46f381bc8a436d716f85929cae872d1e php-domxml-4.3.9-3.6.ppc.rpm a4150d0a17884105b01fa3d22d0d7167 php-gd-4.3.9-3.6.ppc.rpm a370de5427bae762e7df6b82fb6be871 php-imap-4.3.9-3.6.ppc.rpm 7ae574dea5a63d621b58cea3adff2389 php-ldap-4.3.9-3.6.ppc.rpm 4782b4e5bc81da7a38f6afd33b30fff4 php-mbstring-4.3.9-3.6.ppc.rpm ac87e3535affd8cc4d2df68e6459cadf php-mysql-4.3.9-3.6.ppc.rpm dbf229c34dcd81904992f9e8c8850c8b php-ncurses-4.3.9-3.6.ppc.rpm 5323449a1500ce2967dea7b6c1071b99 php-odbc-4.3.9-3.6.ppc.rpm 6f71d37033929f5a365953dac0061d44 php-pear-4.3.9-3.6.ppc.rpm a5b319e2e00b379bf4046a34fa97ee0b php-pgsql-4.3.9-3.6.ppc.rpm d2f65ab2a6d501c92192924a6c07a7fe php-snmp-4.3.9-3.6.ppc.rpm 5bf06ac7bc707b606f6692ff991cef12 php-xmlrpc-4.3.9-3.6.ppc.rpm
s390: 510fa9fa6249b9da36e0e642a4b4c65b php-4.3.9-3.6.s390.rpm ba5b1804681cd24b7db772775fbba22e php-devel-4.3.9-3.6.s390.rpm 8cc4e9be48f3ef0571b3354bcaffbd95 php-domxml-4.3.9-3.6.s390.rpm 625509481232205bdb863e1e6e22afae php-gd-4.3.9-3.6.s390.rpm 7983b29819c09a252e47172190c80d81 php-imap-4.3.9-3.6.s390.rpm 567ec382643db941f83abf8f16edc6c0 php-ldap-4.3.9-3.6.s390.rpm 05d4f05fc4c4094a06f1b8207f9ad89d php-mbstring-4.3.9-3.6.s390.rpm d53ffa2d6e0923e7166c8022bbc30a4d php-mysql-4.3.9-3.6.s390.rpm a89757eeb6436209123b2036d749a764 php-ncurses-4.3.9-3.6.s390.rpm c682bf5b7279171e62f8d87cb70be19d php-odbc-4.3.9-3.6.s390.rpm 45384794b6a55f3d1b8a3ea21df42426 php-pear-4.3.9-3.6.s390.rpm da312b4db79a2f9afe110e2fcbc56192 php-pgsql-4.3.9-3.6.s390.rpm 085d9f402800236a472f019735a11f50 php-snmp-4.3.9-3.6.s390.rpm c605a266583b2df2f1c1c91dafb83754 php-xmlrpc-4.3.9-3.6.s390.rpm
s390x: 902564cdf58b6cb0f89cd5f38623a8ab php-4.3.9-3.6.s390x.rpm e080ca24c93f9a18dbb38e9d24d3611d php-devel-4.3.9-3.6.s390x.rpm 86985195834fed37a74cce10dc27e5f0 php-domxml-4.3.9-3.6.s390x.rpm f957b6e31cd779e40af80ec2df8edd80 php-gd-4.3.9-3.6.s390x.rpm c07157fa45efa675c4d5a0756556744e php-imap-4.3.9-3.6.s390x.rpm 7f294299196a582156b00e024203db11 php-ldap-4.3.9-3.6.s390x.rpm 8945c474ccb0d4bd9c075b70a35d4f61 php-mbstring-4.3.9-3.6.s390x.rpm 37ea59a51039caa0598b499386dcb9e8 php-mysql-4.3.9-3.6.s390x.rpm fab10b9b14e2198173f05bc558707426 php-ncurses-4.3.9-3.6.s390x.rpm 01b6987c00cd409792ed892edf6af0e9 php-odbc-4.3.9-3.6.s390x.rpm 3859d5435c30ecbf81a91a475c7cc884 php-pear-4.3.9-3.6.s390x.rpm 8aca4a1314205f0d5b27d750f5b81aaf php-pgsql-4.3.9-3.6.s390x.rpm 03367720dabc350dd390ce9381009978 php-snmp-4.3.9-3.6.s390x.rpm bcef904a595e3426e89a811d95e1e2cf php-xmlrpc-4.3.9-3.6.s390x.rpm
x86_64: 36ad952143370c9681749219bfcc29b9 php-4.3.9-3.6.x86_64.rpm 4929a11c872deafc1ba16d6b50655979 php-devel-4.3.9-3.6.x86_64.rpm 24afded4f53e74ed856506525c259139 php-domxml-4.3.9-3.6.x86_64.rpm f8c965c5c51f5b0d3878c4c0d4ac8c9b php-gd-4.3.9-3.6.x86_64.rpm 0465b619b7c336fa93bcfcf5efe4f1df php-imap-4.3.9-3.6.x86_64.rpm a9d50a65606a521692f644a74a68ca62 php-ldap-4.3.9-3.6.x86_64.rpm 4d4bb76106ffc2e6681e392d399f1794 php-mbstring-4.3.9-3.6.x86_64.rpm 7de7ccad652ca3a20f3008c8d6114292 php-mysql-4.3.9-3.6.x86_64.rpm cab9624b284fd3d48b0ddd8f79a6e9cb php-ncurses-4.3.9-3.6.x86_64.rpm 4ea2d7abdc356e4f2774fc015c61a780 php-odbc-4.3.9-3.6.x86_64.rpm 4ddb8fd7521302a6fdfdf64532f03097 php-pear-4.3.9-3.6.x86_64.rpm c5d2da0d469a4b07914fbe7acbf8dd7f php-pgsql-4.3.9-3.6.x86_64.rpm 0a3316402b15ee07e8426840ca266f0a php-snmp-4.3.9-3.6.x86_64.rpm 191ae444e1a69424e6663ba1bc559e34 php-xmlrpc-4.3.9-3.6.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: d5fe9ec64d9b088d33fba6b422692759 php-4.3.9-3.6.src.rpm
i386: e6b3dec49276a9f55f649ee11ad9a57f php-4.3.9-3.6.i386.rpm dec68f32f7b6a81ef65eba621fa1a0d9 php-devel-4.3.9-3.6.i386.rpm c477c8715216df92374dd2eb8a413a1c php-domxml-4.3.9-3.6.i386.rpm b280f4af2d6f4f22fe4166b551fd555f php-gd-4.3.9-3.6.i386.rpm 388d1fd84b71b73d08e1760c1c7631b0 php-imap-4.3.9-3.6.i386.rpm 68596bd50cf862b05f06aea2a50840fc php-ldap-4.3.9-3.6.i386.rpm 161ee9a99f1de705b0c29039433c5860 php-mbstring-4.3.9-3.6.i386.rpm dd619659f914b0bb2b529953e96bc4c3 php-mysql-4.3.9-3.6.i386.rpm f9c79b705fdf2cb6094c364de136dad1 php-ncurses-4.3.9-3.6.i386.rpm 6a6fa57c82b88efbbac814e85f87a437 php-odbc-4.3.9-3.6.i386.rpm 7a27e0a44227fc28f4f6359efea74ac0 php-pear-4.3.9-3.6.i386.rpm f9af896be1f91ce5a86761c59abb5724 php-pgsql-4.3.9-3.6.i386.rpm 42c9c29f2a458e6135272129107d254a php-snmp-4.3.9-3.6.i386.rpm b6358e214ce0b6fcd55326fe01f5b283 php-xmlrpc-4.3.9-3.6.i386.rpm
x86_64: 36ad952143370c9681749219bfcc29b9 php-4.3.9-3.6.x86_64.rpm 4929a11c872deafc1ba16d6b50655979 php-devel-4.3.9-3.6.x86_64.rpm 24afded4f53e74ed856506525c259139 php-domxml-4.3.9-3.6.x86_64.rpm f8c965c5c51f5b0d3878c4c0d4ac8c9b php-gd-4.3.9-3.6.x86_64.rpm 0465b619b7c336fa93bcfcf5efe4f1df php-imap-4.3.9-3.6.x86_64.rpm a9d50a65606a521692f644a74a68ca62 php-ldap-4.3.9-3.6.x86_64.rpm 4d4bb76106ffc2e6681e392d399f1794 php-mbstring-4.3.9-3.6.x86_64.rpm 7de7ccad652ca3a20f3008c8d6114292 php-mysql-4.3.9-3.6.x86_64.rpm cab9624b284fd3d48b0ddd8f79a6e9cb php-ncurses-4.3.9-3.6.x86_64.rpm 4ea2d7abdc356e4f2774fc015c61a780 php-odbc-4.3.9-3.6.x86_64.rpm 4ddb8fd7521302a6fdfdf64532f03097 php-pear-4.3.9-3.6.x86_64.rpm c5d2da0d469a4b07914fbe7acbf8dd7f php-pgsql-4.3.9-3.6.x86_64.rpm 0a3316402b15ee07e8426840ca266f0a php-snmp-4.3.9-3.6.x86_64.rpm 191ae444e1a69424e6663ba1bc559e34 php-xmlrpc-4.3.9-3.6.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: d5fe9ec64d9b088d33fba6b422692759 php-4.3.9-3.6.src.rpm
i386: e6b3dec49276a9f55f649ee11ad9a57f php-4.3.9-3.6.i386.rpm dec68f32f7b6a81ef65eba621fa1a0d9 php-devel-4.3.9-3.6.i386.rpm c477c8715216df92374dd2eb8a413a1c php-domxml-4.3.9-3.6.i386.rpm b280f4af2d6f4f22fe4166b551fd555f php-gd-4.3.9-3.6.i386.rpm 388d1fd84b71b73d08e1760c1c7631b0 php-imap-4.3.9-3.6.i386.rpm 68596bd50cf862b05f06aea2a50840fc php-ldap-4.3.9-3.6.i386.rpm 161ee9a99f1de705b0c29039433c5860 php-mbstring-4.3.9-3.6.i386.rpm dd619659f914b0bb2b529953e96bc4c3 php-mysql-4.3.9-3.6.i386.rpm f9c79b705fdf2cb6094c364de136dad1 php-ncurses-4.3.9-3.6.i386.rpm 6a6fa57c82b88efbbac814e85f87a437 php-odbc-4.3.9-3.6.i386.rpm 7a27e0a44227fc28f4f6359efea74ac0 php-pear-4.3.9-3.6.i386.rpm f9af896be1f91ce5a86761c59abb5724 php-pgsql-4.3.9-3.6.i386.rpm 42c9c29f2a458e6135272129107d254a php-snmp-4.3.9-3.6.i386.rpm b6358e214ce0b6fcd55326fe01f5b283 php-xmlrpc-4.3.9-3.6.i386.rpm
ia64: ca48b359773117e4ac25c13674b8239a php-4.3.9-3.6.ia64.rpm edf8a6473c645a320e56db25ee5c5f77 php-devel-4.3.9-3.6.ia64.rpm b506cff6040c02c458614709f93deb72 php-domxml-4.3.9-3.6.ia64.rpm 5b996f675e56b1fd9c41728369d2f695 php-gd-4.3.9-3.6.ia64.rpm 8f51d934a3565e140eea30c606f9578b php-imap-4.3.9-3.6.ia64.rpm 8c53a9213e712ee18c732703315c70f2 php-ldap-4.3.9-3.6.ia64.rpm 702bd6a773d83bf3cad7a6ed88053a20 php-mbstring-4.3.9-3.6.ia64.rpm 4cbcc793616a3efe929a27ed97ac5dc7 php-mysql-4.3.9-3.6.ia64.rpm a6d4bebfdb50cb47d5c63b8e9e9fb067 php-ncurses-4.3.9-3.6.ia64.rpm d84ce81aba2c288106c581fa860779f6 php-odbc-4.3.9-3.6.ia64.rpm 5a9ffec4e4d66303f6fb798fefb2cc92 php-pear-4.3.9-3.6.ia64.rpm c3a8e95043607e36cc58c2c4231ec182 php-pgsql-4.3.9-3.6.ia64.rpm d3a77b7803e095d07ebbc302e1d2375c php-snmp-4.3.9-3.6.ia64.rpm c82f852d1d085813add96006b57b72f9 php-xmlrpc-4.3.9-3.6.ia64.rpm
x86_64: 36ad952143370c9681749219bfcc29b9 php-4.3.9-3.6.x86_64.rpm 4929a11c872deafc1ba16d6b50655979 php-devel-4.3.9-3.6.x86_64.rpm 24afded4f53e74ed856506525c259139 php-domxml-4.3.9-3.6.x86_64.rpm f8c965c5c51f5b0d3878c4c0d4ac8c9b php-gd-4.3.9-3.6.x86_64.rpm 0465b619b7c336fa93bcfcf5efe4f1df php-imap-4.3.9-3.6.x86_64.rpm a9d50a65606a521692f644a74a68ca62 php-ldap-4.3.9-3.6.x86_64.rpm 4d4bb76106ffc2e6681e392d399f1794 php-mbstring-4.3.9-3.6.x86_64.rpm 7de7ccad652ca3a20f3008c8d6114292 php-mysql-4.3.9-3.6.x86_64.rpm cab9624b284fd3d48b0ddd8f79a6e9cb php-ncurses-4.3.9-3.6.x86_64.rpm 4ea2d7abdc356e4f2774fc015c61a780 php-odbc-4.3.9-3.6.x86_64.rpm 4ddb8fd7521302a6fdfdf64532f03097 php-pear-4.3.9-3.6.x86_64.rpm c5d2da0d469a4b07914fbe7acbf8dd7f php-pgsql-4.3.9-3.6.x86_64.rpm 0a3316402b15ee07e8426840ca266f0a php-snmp-4.3.9-3.6.x86_64.rpm 191ae444e1a69424e6663ba1bc559e34 php-xmlrpc-4.3.9-3.6.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: d5fe9ec64d9b088d33fba6b422692759 php-4.3.9-3.6.src.rpm
i386: e6b3dec49276a9f55f649ee11ad9a57f php-4.3.9-3.6.i386.rpm dec68f32f7b6a81ef65eba621fa1a0d9 php-devel-4.3.9-3.6.i386.rpm c477c8715216df92374dd2eb8a413a1c php-domxml-4.3.9-3.6.i386.rpm b280f4af2d6f4f22fe4166b551fd555f php-gd-4.3.9-3.6.i386.rpm 388d1fd84b71b73d08e1760c1c7631b0 php-imap-4.3.9-3.6.i386.rpm 68596bd50cf862b05f06aea2a50840fc php-ldap-4.3.9-3.6.i386.rpm 161ee9a99f1de705b0c29039433c5860 php-mbstring-4.3.9-3.6.i386.rpm dd619659f914b0bb2b529953e96bc4c3 php-mysql-4.3.9-3.6.i386.rpm f9c79b705fdf2cb6094c364de136dad1 php-ncurses-4.3.9-3.6.i386.rpm 6a6fa57c82b88efbbac814e85f87a437 php-odbc-4.3.9-3.6.i386.rpm 7a27e0a44227fc28f4f6359efea74ac0 php-pear-4.3.9-3.6.i386.rpm f9af896be1f91ce5a86761c59abb5724 php-pgsql-4.3.9-3.6.i386.rpm 42c9c29f2a458e6135272129107d254a php-snmp-4.3.9-3.6.i386.rpm b6358e214ce0b6fcd55326fe01f5b283 php-xmlrpc-4.3.9-3.6.i386.rpm
ia64: ca48b359773117e4ac25c13674b8239a php-4.3.9-3.6.ia64.rpm edf8a6473c645a320e56db25ee5c5f77 php-devel-4.3.9-3.6.ia64.rpm b506cff6040c02c458614709f93deb72 php-domxml-4.3.9-3.6.ia64.rpm 5b996f675e56b1fd9c41728369d2f695 php-gd-4.3.9-3.6.ia64.rpm 8f51d934a3565e140eea30c606f9578b php-imap-4.3.9-3.6.ia64.rpm 8c53a9213e712ee18c732703315c70f2 php-ldap-4.3.9-3.6.ia64.rpm 702bd6a773d83bf3cad7a6ed88053a20 php-mbstring-4.3.9-3.6.ia64.rpm 4cbcc793616a3efe929a27ed97ac5dc7 php-mysql-4.3.9-3.6.ia64.rpm a6d4bebfdb50cb47d5c63b8e9e9fb067 php-ncurses-4.3.9-3.6.ia64.rpm d84ce81aba2c288106c581fa860779f6 php-odbc-4.3.9-3.6.ia64.rpm 5a9ffec4e4d66303f6fb798fefb2cc92 php-pear-4.3.9-3.6.ia64.rpm c3a8e95043607e36cc58c2c4231ec182 php-pgsql-4.3.9-3.6.ia64.rpm d3a77b7803e095d07ebbc302e1d2375c php-snmp-4.3.9-3.6.ia64.rpm c82f852d1d085813add96006b57b72f9 php-xmlrpc-4.3.9-3.6.ia64.rpm
x86_64: 36ad952143370c9681749219bfcc29b9 php-4.3.9-3.6.x86_64.rpm 4929a11c872deafc1ba16d6b50655979 php-devel-4.3.9-3.6.x86_64.rpm 24afded4f53e74ed856506525c259139 php-domxml-4.3.9-3.6.x86_64.rpm f8c965c5c51f5b0d3878c4c0d4ac8c9b php-gd-4.3.9-3.6.x86_64.rpm 0465b619b7c336fa93bcfcf5efe4f1df php-imap-4.3.9-3.6.x86_64.rpm a9d50a65606a521692f644a74a68ca62 php-ldap-4.3.9-3.6.x86_64.rpm 4d4bb76106ffc2e6681e392d399f1794 php-mbstring-4.3.9-3.6.x86_64.rpm 7de7ccad652ca3a20f3008c8d6114292 php-mysql-4.3.9-3.6.x86_64.rpm cab9624b284fd3d48b0ddd8f79a6e9cb php-ncurses-4.3.9-3.6.x86_64.rpm 4ea2d7abdc356e4f2774fc015c61a780 php-odbc-4.3.9-3.6.x86_64.rpm 4ddb8fd7521302a6fdfdf64532f03097 php-pear-4.3.9-3.6.x86_64.rpm c5d2da0d469a4b07914fbe7acbf8dd7f php-pgsql-4.3.9-3.6.x86_64.rpm 0a3316402b15ee07e8426840ca266f0a php-snmp-4.3.9-3.6.x86_64.rpm 191ae444e1a69424e6663ba1bc559e34 php-xmlrpc-4.3.9-3.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043

Package List


Severity
Advisory ID: RHSA-2005:406-01
Advisory URL: https://access.redhat.com/errata/RHSA-2005:406.html
Issued Date: : 2005-05-04
Updated on: 2005-05-04
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1392 CAN-2005-0524 CAN-2005-0525 CAN-2005-1042 CAN-2005-1043 Updated PHP packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved