[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora Core 6 Update: php-5.1.6-3.5.fc6



---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-415
2007-04-17
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : php
Version     : 5.1.6
Release     : 3.5.fc6
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP
language to Apache HTTP Server.

---------------------------------------------------------------------
Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)

---------------------------------------------------------------------
* Thu Apr  5 2007 Joe Orton <jorton redhat com> 5.1.6-3.5.fc6
- add security fixes for CVE-2007-0455, CVE-2007-1001, 
  CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
- package /usr/share/php (#225434)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

ba011afdd624305632629e3f4605817f8bc47ae3  SRPMS/php-5.1.6-3.5.fc6.src.rpm
ba011afdd624305632629e3f4605817f8bc47ae3  noarch/php-5.1.6-3.5.fc6.src.rpm
6a69d4c8085e24c8148052a2b096d6115b9f39a8  ppc/php-xml-5.1.6-3.5.fc6.ppc.rpm
a447279cb67aaf5e73fc17cde4915e3e78acee86  ppc/php-xmlrpc-5.1.6-3.5.fc6.ppc.rpm
45cdc53d7ad2ff799b0d8c7b8cd55152358eb624  ppc/php-mbstring-5.1.6-3.5.fc6.ppc.rpm
091868a36729e28571baeb2d16155add417c7c9f  ppc/php-odbc-5.1.6-3.5.fc6.ppc.rpm
8092df89f00e5199a9411a265e2b408fe77b457d  ppc/php-bcmath-5.1.6-3.5.fc6.ppc.rpm
99494ff22c6456475a901d8db21f18d6eb67e65f  ppc/php-cli-5.1.6-3.5.fc6.ppc.rpm
8df407db61f53929a0be070af9929b2564449dc9  ppc/php-pgsql-5.1.6-3.5.fc6.ppc.rpm
2ef92a9fff750f61710b9c0f384244b87f4d9242  ppc/php-snmp-5.1.6-3.5.fc6.ppc.rpm
be4779e02b0d0be468b7b1c532798256891c6a61  ppc/php-pdo-5.1.6-3.5.fc6.ppc.rpm
f8b1a756826f64add7b03a6fdd202e8ae7a31ace  ppc/php-dba-5.1.6-3.5.fc6.ppc.rpm
da137c91ce49913eefd07f6bff216fd0305b6dc9  ppc/php-devel-5.1.6-3.5.fc6.ppc.rpm
2788c003fac688b1b4a0a76c6f431dc1ef7bbb63  ppc/php-soap-5.1.6-3.5.fc6.ppc.rpm
27017879491266d0d3738b2470d6b1814d1547ac  ppc/php-mysql-5.1.6-3.5.fc6.ppc.rpm
9660ed6e6eb74a41e65e4b8979fe696afba7276a  ppc/debug/php-debuginfo-5.1.6-3.5.fc6.ppc.rpm
5cecd491edf5871c3943cec7fe33bfb57664098c  ppc/php-ldap-5.1.6-3.5.fc6.ppc.rpm
17011e6a2ffb4481326c282dd976620690abb4f0  ppc/php-ncurses-5.1.6-3.5.fc6.ppc.rpm
176eebec3e1c9fcbd563dd44e1c1628b3d05daa4  ppc/php-5.1.6-3.5.fc6.ppc.rpm
bb79b8bfaff6d8a9f1e300102c26dde4291ab030  ppc/php-imap-5.1.6-3.5.fc6.ppc.rpm
c2eef96d1d0b0fdc65feda4f5810a34455b7a3a8  ppc/php-common-5.1.6-3.5.fc6.ppc.rpm
c986d51cf133c82e5f98bd8acdbc24760cf05893  ppc/php-gd-5.1.6-3.5.fc6.ppc.rpm
c5cf959505453323834e669eb26ea853372c632e  x86_64/php-common-5.1.6-3.5.fc6.x86_64.rpm
ac85bca1403a6d064428647f9323312853b5ae03  x86_64/php-cli-5.1.6-3.5.fc6.x86_64.rpm
6555217a974ccd1c7e7ff9ef1e1d310082441a03  x86_64/php-xml-5.1.6-3.5.fc6.x86_64.rpm
143d0711da94e0b0bfe218942e7e15b1955467d8  x86_64/debug/php-debuginfo-5.1.6-3.5.fc6.x86_64.rpm
abcc482d25c4e09bed05a62f916f9eff31dbcbd1  x86_64/php-gd-5.1.6-3.5.fc6.x86_64.rpm
16bdeba1a640677b54f87e573624726506196d01  x86_64/php-5.1.6-3.5.fc6.x86_64.rpm
369bb74f995633beee49a20df9f26282ee3c92e5  x86_64/php-imap-5.1.6-3.5.fc6.x86_64.rpm
caad40c6edea6caa3889617663bb7c4233e90d62  x86_64/php-snmp-5.1.6-3.5.fc6.x86_64.rpm
cadef18d28fdd3dce9962a453438a9820b9aab5e  x86_64/php-bcmath-5.1.6-3.5.fc6.x86_64.rpm
d903f3cfbe25bc6af7fd366fd1ab2e1d2c262062  x86_64/php-soap-5.1.6-3.5.fc6.x86_64.rpm
78bb21621fa9d467d0e23b99ec91ee8fa388ad09  x86_64/php-xmlrpc-5.1.6-3.5.fc6.x86_64.rpm
d4a8e552d867028fffccfd69b19fe4a79e217319  x86_64/php-pgsql-5.1.6-3.5.fc6.x86_64.rpm
f9a79bcb2cf6fb1040a133de146bfd416060c168  x86_64/php-odbc-5.1.6-3.5.fc6.x86_64.rpm
35df5d9f454872ef4aba17d0fbb05805bd13915f  x86_64/php-devel-5.1.6-3.5.fc6.x86_64.rpm
a526508c539c96332c4032c64056c6dc05a1907d  x86_64/php-pdo-5.1.6-3.5.fc6.x86_64.rpm
2b46cbf4e45ccdbb0b9e07d7a8e4addded58c580  x86_64/php-ncurses-5.1.6-3.5.fc6.x86_64.rpm
43d04dc9e504fa7a4100fafd9ab49b7a6c567860  x86_64/php-dba-5.1.6-3.5.fc6.x86_64.rpm
faa041477091e854580c6fa31790e7a734bc4f16  x86_64/php-mbstring-5.1.6-3.5.fc6.x86_64.rpm
9441985700ff3b54298371e172c1a1ed44324315  x86_64/php-mysql-5.1.6-3.5.fc6.x86_64.rpm
a2b9b64b37d12fd1f82028af68b6983a23260fec  x86_64/php-ldap-5.1.6-3.5.fc6.x86_64.rpm
5367195a555f989eb1ddbc5bd705ed162682f9f8  i386/php-pgsql-5.1.6-3.5.fc6.i386.rpm
4cc47437ac53309cb89dfea123a7e850c969b78a  i386/php-snmp-5.1.6-3.5.fc6.i386.rpm
bad2b66597bbd28074ace741872ae97d0398b099  i386/php-mysql-5.1.6-3.5.fc6.i386.rpm
4817d6b666313082214c1ac38d8ddd3970d749e5  i386/php-ncurses-5.1.6-3.5.fc6.i386.rpm
54fc6912d36132f2a3eae853707242256fcb0a05  i386/php-imap-5.1.6-3.5.fc6.i386.rpm
384bce7e76e014016e3a9a20fa7b56d36f973f38  i386/debug/php-debuginfo-5.1.6-3.5.fc6.i386.rpm
1f05cab5925291969629a4631c6a10fc932975f5  i386/php-odbc-5.1.6-3.5.fc6.i386.rpm
aa81faf2a78f217fb17396fb6e72a7c41a230b81  i386/php-devel-5.1.6-3.5.fc6.i386.rpm
b59307c9ffe18a51e6ea21437d44d42fbd9d8077  i386/php-common-5.1.6-3.5.fc6.i386.rpm
39d16e0c60d11c0155e76e0726f0b7fb6078d9f8  i386/php-xml-5.1.6-3.5.fc6.i386.rpm
958b379478fa4356c6d7d292d3ba20f257926794  i386/php-dba-5.1.6-3.5.fc6.i386.rpm
2cf9fe08fc9a24e30ec74886782012dfb1e6392f  i386/php-5.1.6-3.5.fc6.i386.rpm
f6cdca4e0297e2b14282d8d6f57cc76d537d284f  i386/php-ldap-5.1.6-3.5.fc6.i386.rpm
76cbaf17f6f3dfc806386615f34e3acf43ea9234  i386/php-pdo-5.1.6-3.5.fc6.i386.rpm
7e422ba0219af41bd67dfb6ca12024c0cc16df47  i386/php-xmlrpc-5.1.6-3.5.fc6.i386.rpm
f643d304b5e6c1a8f7869f812425e20e91c52e43  i386/php-soap-5.1.6-3.5.fc6.i386.rpm
be77b675d2d0d5c6b4a0e6792a0349d580ee02b9  i386/php-gd-5.1.6-3.5.fc6.i386.rpm
c6f2474f043d5e8ed6a86fb8f11f55c47d4ca3e7  i386/php-bcmath-5.1.6-3.5.fc6.i386.rpm
9e9ccbd388fad93fff8c94ffe124c2bc516c7455  i386/php-mbstring-5.1.6-3.5.fc6.i386.rpm
294389ebf2e45c7a2bc36cb5c9a29ecfe74b3379  i386/php-cli-5.1.6-3.5.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]