Important: php security update for Stronghold

Advisory:	RHSA-2006:0736-4
Type:	Security Advisory
Severity:	Important
Issued on:	2006-12-11
Last updated on:	2006-12-11
Affected Products:	Red Hat Stronghold for Enterprise Linux
OVAL:	N/A
CVEs (cve.mitre.org):	CVE-2006-3016 CVE-2006-4020 CVE-2006-5465

Details

Updated PHP packages that fix multiple security issues are now available for
Stronghold 4.0 for Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the 'apache' user. (CVE-2006-5465)

A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)

A buffer overflow was discovered found in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the format
string, a remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user. (CVE-2006-4020)

Users of Stronghold should upgrade to these updated packages which contain
backported patches to correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Stronghold for Enterprise Linux

SRPMS:
stronghold-php-4.1.2-11.src.rpm File outdated by: RHSA-2007:0163	`0547c97d909dcaff9e934027534d398c`

IA-32:
stronghold-php-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`2760105ec84fe473228bab8ed2ad7e8a`
stronghold-php-devel-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`8bb06a430614ebfbee1ec915fbf65344`
stronghold-php-imap-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`fb9b6438ebc41645a28e8f536084e21f`
stronghold-php-ldap-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`06eefc1e1a22d0b8e54d1dc26c843660`
stronghold-php-manual-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`b8c3c5bbe87e737aa0dcc67f56f75307`
stronghold-php-mysql-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`ba5f1d0eb173a5273d34c022d16ed6f9`
stronghold-php-odbc-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`02ee1581128408ee4a286cc3bb83a48d`
stronghold-php-pgsql-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`5e7bf9c969b596cd51e71fc0b3424115`
stronghold-php-snmp-4.1.2-11.i386.rpm File outdated by: RHSA-2007:0163	`fe4e64dd3f415fbda35edff97dc35e37`

(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

214154 - CVE-2006-5465 PHP buffer overflow

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
http://www.hardened-php.net/advisory_132006.138.html
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/