Security Advisory Updated PHP packages available for Red Hat Linux 5.2, 6.x, and 7

Advisory: RHSA-2000:136-11
Type: Security Advisory
Severity: N/A
Issued on: 2000-12-20
Last updated on: 2001-01-25
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
OVAL: N/A
CVEs (cve.mitre.org): CVE-2001-0108
CVE-2001-1385

Details

Updated PHP packages are now available for Red Hat Linux 5.2, 6.x, and 7.

Clients uploading "multipart/form-data" information with form requests
could cause PHP 3.0.17 to crash. The GD module was not compiled into the
previously-issued PHP 4.0.3pl1 errata packages. The php-mysql package is
linked against an older version of the libmysqlclient shared library, which
was obsoleted by a previous MySQL errata. Security holes in versions 4.0.0
through 4.0.4 of the PHP Apache module have been found.


Solution

Because of dependencies, the packages must be installed as a group. No
update for the mod_php package is provided for Red Hat Linux 7; it has been
merged into the updated php package.

After downloading all RPMs needed for your particular architecture, run:

rpm -Fvh php*

Then restart your web server:

/etc/rc.d/init.d/httpd restart

Updated packages

Red Hat Linux 6.2
alpha:
ftp://updates.redhat.com/6.2/alpha/php-3.0.18-1.6.x.alpha.rpm
Missing file		     ce0b8c6d8be5db195b70c3631e75e200
ftp://updates.redhat.com/6.2/alpha/php-imap-3.0.18-1.6.x.alpha.rpm
Missing file		     42e64510ed0fcce493cc20181eafd419
ftp://updates.redhat.com/6.2/alpha/php-ldap-3.0.18-1.6.x.alpha.rpm
Missing file		     53ac23e30083ae09d3a0aee04039e666
ftp://updates.redhat.com/6.2/alpha/php-manual-3.0.18-1.6.x.alpha.rpm
Missing file		     39491a3833a9bd926b81fdc500e9a39f
ftp://updates.redhat.com/6.2/alpha/php-pgsql-3.0.18-1.6.x.alpha.rpm
Missing file		     85aeccf83a08e9d69c5464c17fc9c445
 
i386:
ftp://updates.redhat.com/6.2/i386/php-3.0.18-1.6.x.i386.rpm
Missing file		     13998f321e1787af7bac4f01e9e01b81
ftp://updates.redhat.com/6.2/i386/php-imap-3.0.18-1.6.x.i386.rpm
Missing file		     d7a6f3e9d64c1edbeb10a1170e0d90b2
ftp://updates.redhat.com/6.2/i386/php-ldap-3.0.18-1.6.x.i386.rpm
Missing file		     bd3d6c413faf3ca0e271c7195fe5c2b1
ftp://updates.redhat.com/6.2/i386/php-manual-3.0.18-1.6.x.i386.rpm
Missing file		     9e19cc6e58fbeff7095abcd02120174f
ftp://updates.redhat.com/6.2/i386/php-pgsql-3.0.18-1.6.x.i386.rpm
Missing file		     adf510253a012e01d0cc1bb631fd423f
 
sparc:
ftp://updates.redhat.com/6.2/sparc/php-3.0.18-1.6.x.sparc.rpm
Missing file		     9f54bf780fbef67a03d7065a6d69f762
ftp://updates.redhat.com/6.2/sparc/php-imap-3.0.18-1.6.x.sparc.rpm
Missing file		     d17460149d0375a991773bf6f296957a
ftp://updates.redhat.com/6.2/sparc/php-ldap-3.0.18-1.6.x.sparc.rpm
Missing file		     d4c00495db0fbb0014697afc25cc3eca
ftp://updates.redhat.com/6.2/sparc/php-manual-3.0.18-1.6.x.sparc.rpm
Missing file		     9ffb47a272984fd2757e09747e859695
ftp://updates.redhat.com/6.2/sparc/php-pgsql-3.0.18-1.6.x.sparc.rpm
Missing file		     09acd6bbd4c19a57c0bbf64fcd64f2b8
 
Red Hat Linux 7.0
alpha:
ftp://updates.redhat.com/7.0/alpha/php-4.0.4pl1-3.alpha.rpm
Missing file		     4f7b7d6c57c3d58595b394a6b69b0830
ftp://updates.redhat.com/7.0/alpha/php-imap-4.0.4pl1-3.alpha.rpm
Missing file		     bc11c5346d930ac12236856b8c64f33c
ftp://updates.redhat.com/7.0/alpha/php-ldap-4.0.4pl1-3.alpha.rpm
Missing file		     8d98cdcf391c251d96685d5dce7fe588
ftp://updates.redhat.com/7.0/alpha/php-manual-4.0.4pl1-3.alpha.rpm
Missing file		     92ad775f67ff1d74fae764aa592e1103
ftp://updates.redhat.com/7.0/alpha/php-mysql-4.0.4pl1-3.alpha.rpm
Missing file		     26b438a4f276cbdec1a22591214f4ad6
ftp://updates.redhat.com/7.0/alpha/php-pgsql-4.0.4pl1-3.alpha.rpm
Missing file		     ef1cd2ed0bf74a2dd491fe34c686f8b5
 
i386:
ftp://updates.redhat.com/7.0/i386/php-4.0.4pl1-3.i386.rpm
Missing file		     2946e063efcb2be68f789624168b1a8b
ftp://updates.redhat.com/7.0/i386/php-imap-4.0.4pl1-3.i386.rpm
Missing file		     fdb049b4572bff635b5327cdbfae1266
ftp://updates.redhat.com/7.0/i386/php-ldap-4.0.4pl1-3.i386.rpm
Missing file		     4408734b5dd1c60d325d95216999f938
ftp://updates.redhat.com/7.0/i386/php-manual-4.0.4pl1-3.i386.rpm
Missing file		     502a66f4e11d98cd3f266bd1f897f9d7
ftp://updates.redhat.com/7.0/i386/php-mysql-4.0.4pl1-3.i386.rpm
Missing file		     066bcf976c3f930d16f191813473218c
ftp://updates.redhat.com/7.0/i386/php-pgsql-4.0.4pl1-3.i386.rpm
Missing file		     1660362c37dd4b603aa733f2d92c2e94
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1385
http://www.securityfocus.com/bid/2205
http://bugs.php.net/bugs-php3.php?id=7719

Keywords

engine

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/