An updated version of PHP that addresses several security issues is now
available for Stronghold 4.0 for Enterprise Linux.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PHP is an HTML-embedded scripting language. Several security issues were
found in the PHP package in Stronghold 4.0:
The wordwrap() PHP function did not properly check for integer overflow in
the way the "break" parameter was handled. An attacker who could control a
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)
The phpinfo() PHP function did not properly sanitize long strings. This
could allow an attacker to perform cross-site scripting attacks against
sites that had publicly-available PHP scripts that called phpinfo().
(CVE-2006-0996)
The error handling output was found to improperly escape HTML output in
certain cases. This could allow an attacker to perform cross-site
scripting attacks against sites where both display_errors and html_errors
were enabled. (CVE-2006-0208)
A flaw in the way PHP registered global variables during a file upload
request was discovered. A remote attacker could submit a carefully crafted
multipart/form-data POST request that could overwrite the $GLOBALS array,
which could alter expected script behavior and possibly lead to the
execution of arbitrary PHP commands. Note that this vulnerability only
affects installations which have register_globals enabled in the PHP
configuration file, which is neither a default nor recommended option.
(CVE-2005-3390)
A flaw in the PHP parse_str() function was discovered. If a PHP script
passed only one argument to the parse_str() function, and the script was
forced to abort execution during operation (for example, due to the
memory_limit setting), the register_globals may be enabled even if it was
disabled in the PHP configuration file. This vulnerability only affects
installations that have PHP scripts using the parse_str function in this
way. (CVE-2005-3389)
A Cross-Site Scripting flaw in the phpinfo() function was discovered. If a
victim was tricked into following a malicious URL to a site with a page
displaying the phpinfo() output, it was possible to inject javascript or
HTML content into the displayed page or steal data such as cookies. This
vulnerability only affects installations that allow users to view the
output of the phpinfo() function. As the phpinfo() function outputs a large
amount of information about the current state of PHP, it should only be
used during debugging or if protected by authentication. (CVE-2005-3388)
A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. (CVE-2005-2933)
A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the "register_globals" setting.
"register_globals" is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)
A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)
Users of Stronghold are advised to upgrade to this update, which
contains backported patches to correct these issues.
| Red Hat Stronghold for Enterprise Linux |
|
| SRPMS: |
stronghold-php-4.1.2-9.src.rpm
File outdated by: RHSA-2007:0163 |
d22065ad3e957d673719176ae00f2d7e |
| |
| IA-32: |
stronghold-php-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
07a9549948f27ab54c4300d98dc6a976 |
stronghold-php-devel-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
b7f6f8c575a54c4c39a2a2ee5e715dec |
stronghold-php-imap-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
7fe4822d4e6f9a96e5852271090d50de |
stronghold-php-ldap-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
4125b4d4cdd4fab3d44b4399eec4b1cd |
stronghold-php-manual-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
32ce1b5c0a73dd0558800f6dba661d7d |
stronghold-php-mysql-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
2dde2610b7dc1a9a96da4f4edbd5c2e4 |
stronghold-php-odbc-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
ea97373f731d0f3ba563f96bbeaba2a5 |
stronghold-php-pgsql-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
3786304b809470230a9833ce9ecf7652 |
stronghold-php-snmp-4.1.2-9.i386.rpm
File outdated by: RHSA-2007:0163 |
7df062e4094cd22ec726040f99d257fe |
| |
190520 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw
190525 - CVE-2005-2933 imap buffer overflow
190527 - CVE-2006-0996 phpinfo() XSS issue
195880 - CVE-2005-3388 multiple PHP issues (CVE-2006-1990 CVE-2005-3389 CVE-2005-3390)
196258 - CVE-2006-3017 zend_hash_del bug
197500 - CVE-2006-1494 PHP tempname open_basedir issue
php security update for Stronghold