Security Advisory php security update

Advisory: RHSA-2006:0501-6
Type: Security Advisory
Severity: Moderate
Issued on: 2006-05-23
Last updated on: 2006-05-23
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-2215
CVE-2003-1302
CVE-2003-1303
CVE-2005-2933
CVE-2006-0208
CVE-2006-0996
CVE-2006-1990

Details

Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The error handling output was found to not properly escape HTML output in
certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and html_errors
are enabled. (CVE-2006-0208)

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. (CVE-2005-2933)

The wordwrap() PHP function did not properly check for integer overflow in
the handling of the "break" parameter. An attacker who could control the
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
php-4.1.2-2.6.src.rpm
File outdated by:  RHSA-2008:0546		     45a9fe88de571c85e3081199bed74270
 
IA-32:
php-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     14f4090b987d3a53ebd5278f88aba75e
php-devel-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     bd0c6ce444d08bf6002fd26afefa1bc6
php-imap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     c391602eaa50cd5e8901930cf818ac3f
php-ldap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     e15c85a1b5e27a040517e05c1c34b6d9
php-manual-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     87d7b10bc154c5621a361e07aa18a4e7
php-mysql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     897ddcd4b93844382675a755758b58b3
php-odbc-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     0d51b96ef16708abdfe404131de8efd5
php-pgsql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     4516d7c5ed4925fe7c83456954bee094
 
IA-64:
php-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     e01b0e9ee6b70a1b4abe4232b7744b5e
php-devel-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     33b846c0a0b290eacab2020211d409c7
php-imap-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     743bd48d892450eaabc2b33b73d1ff05
php-ldap-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     3d9e92ff7fbcb55430ce028b3b445d9a
php-manual-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     165923a244da4768d11b4135dc405c7d
php-mysql-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     9af447bf493c788ebc77e2cd6748e9ca
php-odbc-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     dc3a195e812eff951c380ba68d62c81e
php-pgsql-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     e3e9126c718e3595278a9d435f2081d7
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
php-4.1.2-2.6.src.rpm
File outdated by:  RHSA-2008:0546		     45a9fe88de571c85e3081199bed74270
 
IA-32:
php-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     14f4090b987d3a53ebd5278f88aba75e
php-devel-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     bd0c6ce444d08bf6002fd26afefa1bc6
php-imap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     c391602eaa50cd5e8901930cf818ac3f
php-ldap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     e15c85a1b5e27a040517e05c1c34b6d9
php-manual-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     87d7b10bc154c5621a361e07aa18a4e7
php-mysql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     897ddcd4b93844382675a755758b58b3
php-odbc-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     0d51b96ef16708abdfe404131de8efd5
php-pgsql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     4516d7c5ed4925fe7c83456954bee094
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
php-4.1.2-2.6.src.rpm
File outdated by:  RHSA-2008:0546		     45a9fe88de571c85e3081199bed74270
 
IA-32:
php-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     14f4090b987d3a53ebd5278f88aba75e
php-devel-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     bd0c6ce444d08bf6002fd26afefa1bc6
php-imap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     c391602eaa50cd5e8901930cf818ac3f
php-ldap-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     e15c85a1b5e27a040517e05c1c34b6d9
php-manual-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     87d7b10bc154c5621a361e07aa18a4e7
php-mysql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     897ddcd4b93844382675a755758b58b3
php-odbc-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     0d51b96ef16708abdfe404131de8efd5
php-pgsql-4.1.2-2.6.i386.rpm
File outdated by:  RHSA-2008:0546		     4516d7c5ed4925fe7c83456954bee094
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
php-4.1.2-2.6.src.rpm
File outdated by:  RHSA-2008:0546		     45a9fe88de571c85e3081199bed74270
 
IA-64:
php-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     e01b0e9ee6b70a1b4abe4232b7744b5e
php-devel-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     33b846c0a0b290eacab2020211d409c7
php-imap-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     743bd48d892450eaabc2b33b73d1ff05
php-ldap-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     3d9e92ff7fbcb55430ce028b3b445d9a
php-manual-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     165923a244da4768d11b4135dc405c7d
php-mysql-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     9af447bf493c788ebc77e2cd6748e9ca
php-odbc-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     dc3a195e812eff951c380ba68d62c81e
php-pgsql-4.1.2-2.6.ia64.rpm
File outdated by:  RHSA-2008:0546		     e3e9126c718e3595278a9d435f2081d7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

104249 - php SRPM has silent IMAP dependency
190519 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw
190524 - CVE-2005-2933 imap buffer overflow
190526 - CVE-2006-0996 phpinfo() XSS issue
191474 - CVE-2006-1990 php wordwrap integer overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2215
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/