[SECURITY] Fedora Core 5 Update: php-5.1.6-1.1
Joseph Orton
jorton at redhat.com
Thu Oct 19 14:43:10 UTC 2006
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1024
2006-10-19
---------------------------------------------------------------------
Product : Fedora Core 5
Name : php
Version : 5.1.6
Release : 1.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
---------------------------------------------------------------------
Update Information:
This update includes the latest upstream release of PHP 5.1,
version 5.1.6, fixing a number of security vulnerabilities,
and other bugs.
An integer overflow was discovered in the PHP memory
handling routines. If a script can cause memory allocation
based on untrusted user data, a remote attacker sending a
carefully crafted request could execute arbitrary code
as the 'apache' user. (CVE-2006-4812)
A buffer overflow was discovered in the PHP sscanf()
function. If a script used the sscanf() function with
positional arguments in the format string, a remote attacker
sending a carefully crafted request could execute arbitrary
code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and
str_repeat() functions. If a script running on a 64-bit
server used either of these functions on untrusted user
data, a remote attacker sending a carefully crafted request
might be able to cause a heap overflow. (CVE-2006-4482)
A buffer overflow was discovered in the PHP gd extension. If
a script was set up to process GIF images from untrusted
sources using the gd extension, a remote attacker could
cause a heap overflow. (CVE-2006-4484)
A buffer overread was discovered in the PHP stripos()
function. If a script used the stripos() function with
untrusted user data, PHP may read past the end of a buffer,
which could allow a denial of service attack by a remote
user. (CVE-2006-4485)
An integer overflow was discovered in the PHP memory
allocation handling. On 64-bit platforms, the "memory_limit"
setting was not enforced correctly, which could allow a
denial of service attack by a remote user. (CVE-2006-4486)
---------------------------------------------------------------------
* Fri Oct 6 2006 Joe Orton <jorton at redhat.com> 5.1.6-1.1
- update to 5.1.6 (#201767, #204995)
- add fix for upstream #38801
- add security fix for CVE-2006-4812
- drop Obsoletes for mod_php (#194590)
- add php-pdo-abi versioning (#193202)
- move php{-config,ize} man pages to -devel (#199382)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/
13fc60651e178a51e7e97e55ffadf5785f76c03e SRPMS/php-5.1.6-1.1.src.rpm
13fc60651e178a51e7e97e55ffadf5785f76c03e noarch/php-5.1.6-1.1.src.rpm
0d685c075c7e513039bb7b35051da50327d5cd00 ppc/php-snmp-5.1.6-1.1.ppc.rpm
3dacacbd3eb2471868a0fe776d8abf0a8e0839fd ppc/php-dba-5.1.6-1.1.ppc.rpm
2bfb6427b079ae2be0eaeb027a6fb296943df568 ppc/php-mbstring-5.1.6-1.1.ppc.rpm
44dd62d94c39673c98f3c6544cccfbf534985f3d ppc/debug/php-debuginfo-5.1.6-1.1.ppc.rpm
3f20b94956791d29fd94277ca5dde034ff97e04d ppc/php-imap-5.1.6-1.1.ppc.rpm
b1d6528869911f81c592ac2cb71f41b14a4675db ppc/php-soap-5.1.6-1.1.ppc.rpm
348b106ca7f07538911caad5cc57a22d1f37b60f ppc/php-ldap-5.1.6-1.1.ppc.rpm
31904cf8883e658b93594d18811f7af03a815211 ppc/php-bcmath-5.1.6-1.1.ppc.rpm
e7e71fbfb897d19e5fc9f308b21f372f2abdc258 ppc/php-pdo-5.1.6-1.1.ppc.rpm
404a2b9cf082ad9ddb4769ee30709074f53428b5 ppc/php-xml-5.1.6-1.1.ppc.rpm
313134eb2ecc595b66367552937973c10920232d ppc/php-mysql-5.1.6-1.1.ppc.rpm
10f25653ca562459919330a5171cbc7c745dfb58 ppc/php-pgsql-5.1.6-1.1.ppc.rpm
c23e6156efc6e88d81895162669d1aadc5527d4e ppc/php-5.1.6-1.1.ppc.rpm
37bfdb533f6dc8617bbd293f2395c00a52eae617 ppc/php-odbc-5.1.6-1.1.ppc.rpm
c15e39d550e4e359e38b25df1489d12cad50c7b3 ppc/php-devel-5.1.6-1.1.ppc.rpm
b66a3b9c04aa296ed6f68b0e44318515cdc3c026 ppc/php-xmlrpc-5.1.6-1.1.ppc.rpm
c4292cd4ca2379631ec9f15697ad352a6e73a26e ppc/php-gd-5.1.6-1.1.ppc.rpm
7308bd5ed6589ff0f12d9ca72b3bc17777874880 ppc/php-ncurses-5.1.6-1.1.ppc.rpm
a6ec713d6124abfe85bc8f8e7dc9d0b044132fcc x86_64/php-snmp-5.1.6-1.1.x86_64.rpm
84ce1d94c33b6880f2eeaa50c989a04e65c6d28f x86_64/php-mbstring-5.1.6-1.1.x86_64.rpm
839378390c0734e2bd8ec023f9ddfe47c0ae4a1e x86_64/php-ncurses-5.1.6-1.1.x86_64.rpm
b079f58af07aebe15e2ff841c58d456fedede52f x86_64/php-ldap-5.1.6-1.1.x86_64.rpm
2f8f430318fd002243e0d66bd9b4fb4888486033 x86_64/php-xmlrpc-5.1.6-1.1.x86_64.rpm
68d3ca9aca152959d8b6fc242d2a8d313364bd48 x86_64/php-pdo-5.1.6-1.1.x86_64.rpm
d561df35f6c6572c2dd0619fa60efdf529dcff29 x86_64/debug/php-debuginfo-5.1.6-1.1.x86_64.rpm
b2ecf8efb3f404dfe745d3e9873242852c26f1ab x86_64/php-xml-5.1.6-1.1.x86_64.rpm
f297526a59bc06cfa8590e76ed0be42be0ec55ac x86_64/php-soap-5.1.6-1.1.x86_64.rpm
2941a1954f0ad6ac63a6b6b7db1e117dd7fc4db3 x86_64/php-devel-5.1.6-1.1.x86_64.rpm
ebf541ea89c6cfae93594d318e76ec48ba1e4676 x86_64/php-dba-5.1.6-1.1.x86_64.rpm
21960ae83bb8decc97401b4c6c5eff810757297e x86_64/php-imap-5.1.6-1.1.x86_64.rpm
eafb75fb91affca000aa8474efc3aedcc5f03657 x86_64/php-mysql-5.1.6-1.1.x86_64.rpm
676cfd92a2066cdb967532e60fcf8903e1ae03a0 x86_64/php-pgsql-5.1.6-1.1.x86_64.rpm
46c1a6405fd48915008a3fcaf14d67dcc1b25748 x86_64/php-gd-5.1.6-1.1.x86_64.rpm
751036f7dc5a71a29e9ea7f78dc6f5529d19962f x86_64/php-bcmath-5.1.6-1.1.x86_64.rpm
d5a4a3a6e96bf6012c0d1ba438858cda945fa30f x86_64/php-5.1.6-1.1.x86_64.rpm
dd0ba65370922dabb887558bb5f7f69edd2732c5 x86_64/php-odbc-5.1.6-1.1.x86_64.rpm
b17224f335eb83a4276fccb9ca20036e38b98667 i386/php-mysql-5.1.6-1.1.i386.rpm
1a7ee1cbed413ddf98ee6a0262d882404b16e0f1 i386/php-imap-5.1.6-1.1.i386.rpm
a572b5928202f6ee2de7d5b560e6abdb7003f5d0 i386/php-odbc-5.1.6-1.1.i386.rpm
bbabfd14ab057d72f58fd413ee18aae11cf3d3ec i386/php-snmp-5.1.6-1.1.i386.rpm
13dd3b66241d654e6c058b12bff9c811ee5ad07c i386/php-ncurses-5.1.6-1.1.i386.rpm
e6e66d7a4e5e7fc9e4f8e2bfbb72bcabfcfd14cc i386/debug/php-debuginfo-5.1.6-1.1.i386.rpm
cfd924614f1c40cb9cb76da70fdd3194daa83c62 i386/php-ldap-5.1.6-1.1.i386.rpm
bc964b29264c55cf71d409ee510f83361bc73fb1 i386/php-gd-5.1.6-1.1.i386.rpm
57e747b6924369db458da513ea00a37d498f15b7 i386/php-xmlrpc-5.1.6-1.1.i386.rpm
5e08478719478e6df8d7a4c0e03a350f69877492 i386/php-pgsql-5.1.6-1.1.i386.rpm
9541bd7c90f0e778323b35d9bc7fdfa8e47f4145 i386/php-devel-5.1.6-1.1.i386.rpm
160e1f3701282c7214427619f53e069220ff6ed9 i386/php-dba-5.1.6-1.1.i386.rpm
df1d85e3f44c9c5ee379dff721f97d3e7f4ea96d i386/php-bcmath-5.1.6-1.1.i386.rpm
c530aa19057632d0af8268be5ef7f7a493909c69 i386/php-soap-5.1.6-1.1.i386.rpm
41848c143630406eb9b4306736777865818ed2d0 i386/php-mbstring-5.1.6-1.1.i386.rpm
464224391eb1bfd05216c6038f5e94f1ba833b87 i386/php-5.1.6-1.1.i386.rpm
8fb20ec167af6531aa4a59015b2396394562e11d i386/php-pdo-5.1.6-1.1.i386.rpm
c9cfbc5cbd13e01f334c0345aea6795dc7fddcbd i386/php-xml-5.1.6-1.1.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------
More information about the Fedora-package-announce
mailing list