Security Advisory php security update

Advisory: RHSA-2006:0682-6
Type: Security Advisory
Severity: Moderate
Issued on: 2006-09-21
Last updated on: 2006-09-21
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-3016
CVE-2006-4020
CVE-2006-4482
CVE-2006-4486

Details

Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)

A buffer overflow was discovered found in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the format
string, a remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)

An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the "memory_limit" setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain a
fix for a bug where certain input strings to the metaphone() function could
cause memory corruption.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
php-4.1.2-2.11.src.rpm
File outdated by:  RHSA-2008:0546		     dd5bc1563b29fde5c829bdcefc39eac4
 
IA-32:
php-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3a3d5e4ae4b3aa8a9320841783f543fc
php-devel-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     b85a26c079218ff55fe92fcf782d5be5
php-imap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     66ab7bfe501dcf33bad4a22934947e82
php-ldap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     34e203aca0a2f29b4b102cc8c48c2787
php-manual-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3752f3f4095f3262b7b119eae0ca755e
php-mysql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     6272d1bc3133f429d5faf55197881339
php-odbc-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     9c8da08015cd2611fa59286f4ed214db
php-pgsql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     a74c29a6916b0e01c2266a4c9f06616a
 
IA-64:
php-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     62d9ec481bee82602963c545d4ae270d
php-devel-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     6f6c5b533f079fde524c35ac4f909eb0
php-imap-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     8ac19aed8a568996ec99e5d37dbb222e
php-ldap-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     62f12475db39e5cb619713c1cc73e889
php-manual-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     e947e6f327da3ddca5b2db538bb44643
php-mysql-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     d1de9bf1cb6674b4edf391ddea0a1c52
php-odbc-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     6f2b3fe22330361b6bde789402403484
php-pgsql-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     30ac774ef5e207f9a5ef0cfb10ef5ce7
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
php-4.1.2-2.11.src.rpm
File outdated by:  RHSA-2008:0546		     dd5bc1563b29fde5c829bdcefc39eac4
 
IA-32:
php-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3a3d5e4ae4b3aa8a9320841783f543fc
php-devel-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     b85a26c079218ff55fe92fcf782d5be5
php-imap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     66ab7bfe501dcf33bad4a22934947e82
php-ldap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     34e203aca0a2f29b4b102cc8c48c2787
php-manual-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3752f3f4095f3262b7b119eae0ca755e
php-mysql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     6272d1bc3133f429d5faf55197881339
php-odbc-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     9c8da08015cd2611fa59286f4ed214db
php-pgsql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     a74c29a6916b0e01c2266a4c9f06616a
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
php-4.1.2-2.11.src.rpm
File outdated by:  RHSA-2008:0546		     dd5bc1563b29fde5c829bdcefc39eac4
 
IA-32:
php-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3a3d5e4ae4b3aa8a9320841783f543fc
php-devel-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     b85a26c079218ff55fe92fcf782d5be5
php-imap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     66ab7bfe501dcf33bad4a22934947e82
php-ldap-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     34e203aca0a2f29b4b102cc8c48c2787
php-manual-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     3752f3f4095f3262b7b119eae0ca755e
php-mysql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     6272d1bc3133f429d5faf55197881339
php-odbc-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     9c8da08015cd2611fa59286f4ed214db
php-pgsql-4.1.2-2.11.i386.rpm
File outdated by:  RHSA-2008:0546		     a74c29a6916b0e01c2266a4c9f06616a
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
php-4.1.2-2.11.src.rpm
File outdated by:  RHSA-2008:0546		     dd5bc1563b29fde5c829bdcefc39eac4
 
IA-64:
php-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     62d9ec481bee82602963c545d4ae270d
php-devel-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     6f6c5b533f079fde524c35ac4f909eb0
php-imap-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     8ac19aed8a568996ec99e5d37dbb222e
php-ldap-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     62f12475db39e5cb619713c1cc73e889
php-manual-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     e947e6f327da3ddca5b2db538bb44643
php-mysql-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     d1de9bf1cb6674b4edf391ddea0a1c52
php-odbc-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     6f2b3fe22330361b6bde789402403484
php-pgsql-4.1.2-2.11.ia64.rpm
File outdated by:  RHSA-2008:0546		     30ac774ef5e207f9a5ef0cfb10ef5ce7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

206934 - CVE-2006-4482 PHP heap overflow
206935 - metaphone() function causing Apache segfaults
206936 - CVE-2006-4486 PHP integer overflows in Zend
206937 - CVE-2006-4020 PHP buffer overread flaw
206964 - CVE-2006-3016 PHP session ID validation


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/