Security Advisory Important: php security update

Advisory: RHSA-2007:0082-5
Type: Security Advisory
Severity: Important
Issued on: 2007-03-13
Last updated on: 2007-03-14
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
OVAL: com.redhat.rhsa-20070082.xml
CVEs (cve.mitre.org): CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
CVE-2007-1285
CVE-2007-1380
CVE-2007-1701
CVE-2007-1825

Details

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer
overflow could occur in memory allocation. If a script used the
imap_mail_compose() function to create a new MIME message based on an
input body from an untrusted source, it could result in a heap overflow.
An attacker with access to a PHP application affected by any these issues
could trigger the flaws and possibly execute arbitrary code as the
'apache' user. (CVE-2007-0906)

When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop, consuming
CPU resources for a limited time, until the script timeout alarm aborted
execution of the script. (CVE-2007-0988)

If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)

If the odbc_result_all() function was used to display data from a
database, and the database table contents were under an attacker's
control, a format string vulnerability was possible which could allow
arbitrary code execution. (CVE-2007-0909)

A one byte memory read always occurs before the beginning of a buffer.
This could be triggered, for example, by any use of the header() function
in a script. However it is unlikely that this would have any effect.
(CVE-2007-0907)

Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. (CVE-2007-0910)

An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.
(CVE-2007-1285)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
php-5.1.6-7.el5.src.rpm
File outdated by:  RHSA-2009:0338		     d346826e0a542ea5f6a0c21ec5c0de89
 
IA-32:
php-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     a769b8752da878a65ad0991e5f35f1f3
php-bcmath-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     26c852cd82b4a12e69fda6cc8a915ff2
php-cli-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     091678f9d2328099ef5e04fc97df370b
php-common-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     d41ed2907aec10d018e934c0c24c3ef6
php-dba-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     97be9e8c8bfd86eead518ca713160b09
php-devel-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     c5d05e5fc1b528ffdb140c9d6a6e273d
php-gd-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     7d341380dc2fcbc68acb88c950e91aaa
php-imap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     269b687f020b595b6a9447a1c361c559
php-ldap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     34f13e8e682038c7b4523a1db3507b17
php-mbstring-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     926de31a1232612a801e75ffda10a922
php-mysql-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     60bf1b4f73996c34a2e2533925b58799
php-ncurses-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     ed479d680c6766b3f21a8ee3340c4cc6
php-odbc-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     795129d527b17823d1b9ac0fb612a397
php-pdo-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     0c57393535d5823010d992dabcebe745
php-pgsql-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     753ace56f59708f10e4ad03d466d0471
php-snmp-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     31d5fe411fc3d13715c61da09e8a3b34
php-soap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     3778e27df82016b0726b54febaed59cb
php-xml-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     9d091c7a236f7a3c465899ee787e94a8
php-xmlrpc-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     b5d9236d70e76d14cac5acda60275d0c
 
x86_64:
php-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     71badbd6e44d51cfba34a32a23cd95b2
php-bcmath-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     960ae9a9d0e00cd547da7eec1955a5d9
php-cli-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     c9d24ac66104b4d096acb6822fb9f8c6
php-common-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     1cd6237e2d51c55c19d6d3b7e2f81f5e
php-dba-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     b079b7af288906711ccd3bf02b1a0027
php-devel-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     6c69af2c7ed239a43c518b272c6cd3c8
php-gd-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     f2c4004d69f4eb094e80f5829fb33fc3
php-imap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     26c944eb0a556ba0d6a634613b7f67bb
php-ldap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     eff06352104b02ccc24a85e68714a9e2
php-mbstring-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     39592d7a4e4c48323ba426f48a56647d
php-mysql-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     a5224c1cc1b10ebe5e4173e933ae5767
php-ncurses-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     d3c8038ca9e8ac81aab049a2147b50b7
php-odbc-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     67e7ee807842e2c6963b0fe558b8f311
php-pdo-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     c89b0119f58fd306ac673f338cc15b5f
php-pgsql-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     55338806427f9d63e7400410ab563198
php-snmp-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     b4c50e81b595e80ef9aa09f53c7c5eed
php-soap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     dd23b2ff36947c8bfe99e089837f664f
php-xml-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     71ea5f61663fd7e3d5c344eb7bfdce9a
php-xmlrpc-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     98ad623c7547160267c38608882c4109
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
php-5.1.6-7.el5.src.rpm
File outdated by:  RHSA-2009:0338		     d346826e0a542ea5f6a0c21ec5c0de89
 
IA-32:
php-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     a769b8752da878a65ad0991e5f35f1f3
php-bcmath-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     26c852cd82b4a12e69fda6cc8a915ff2
php-cli-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     091678f9d2328099ef5e04fc97df370b
php-common-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     d41ed2907aec10d018e934c0c24c3ef6
php-dba-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     97be9e8c8bfd86eead518ca713160b09
php-devel-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     c5d05e5fc1b528ffdb140c9d6a6e273d
php-gd-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     7d341380dc2fcbc68acb88c950e91aaa
php-imap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     269b687f020b595b6a9447a1c361c559
php-ldap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     34f13e8e682038c7b4523a1db3507b17
php-mbstring-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     926de31a1232612a801e75ffda10a922
php-mysql-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     60bf1b4f73996c34a2e2533925b58799
php-ncurses-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     ed479d680c6766b3f21a8ee3340c4cc6
php-odbc-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     795129d527b17823d1b9ac0fb612a397
php-pdo-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     0c57393535d5823010d992dabcebe745
php-pgsql-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     753ace56f59708f10e4ad03d466d0471
php-snmp-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     31d5fe411fc3d13715c61da09e8a3b34
php-soap-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     3778e27df82016b0726b54febaed59cb
php-xml-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     9d091c7a236f7a3c465899ee787e94a8
php-xmlrpc-5.1.6-7.el5.i386.rpm
File outdated by:  RHSA-2009:0338		     b5d9236d70e76d14cac5acda60275d0c
 
IA-64:
php-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     59deca45db02df88f078a90d4b63a5e0
php-bcmath-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     78724383db37df0b5b6d3238d0546a4b
php-cli-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     35a4becee4cba77a326cb5065e518aac
php-common-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     81211a5929b97c9b61f768ef7afa59fa
php-dba-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     a30941ed55d65041bd2fc02da0b4eec5
php-devel-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     44c8d443ec2c792f7645492956795d8c
php-gd-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     956d3a5cfad2ced91d9abd53c2d54d2e
php-imap-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     7d1dc114f00391a3ed80b7abce52bd42
php-ldap-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     c9f494abcaccb0dc69f5da39b5ef6e3c
php-mbstring-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     54c5bf8b6188859ccf89bd8ee5f1479c
php-mysql-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     cdd50f81d23f0970cbf6676943024e27
php-ncurses-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     363ef052d679f52e52060596971d984e
php-odbc-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     8e74366714aa43bca1ee3d7523e3308d
php-pdo-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     a31e6f3cb40333d91cfea4cc1dc31be5
php-pgsql-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     c8a9283cb3b466074f8e2b5b71695cf9
php-snmp-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     54b5685395b3e38507253f6fceb3ad7a
php-soap-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     4fa28d4d0eea108631ae11dc24c507a7
php-xml-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     f3b3cf435a9a27ea4508508b52be5e51
php-xmlrpc-5.1.6-7.el5.ia64.rpm
File outdated by:  RHSA-2009:0338		     ba31d4201e6ba1c47a2be5d205ea320b
 
PPC:
php-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     b1431b1febce8f6a0da1b706b3e4a65d
php-bcmath-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     f6a464c2ee63ce883b41b6bd06c2525d
php-cli-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     9c08683931c05da19969c88ed37dfa20
php-common-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     976bc9b3bef1c643d5f2bc4f4889263c
php-dba-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     41f8e6c1d21bf2aaecbd5f99aef96fc8
php-devel-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     56718bdd1283ebcf7d8e482e9b4bb45e
php-gd-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     a884ad0bb5c9ccddb2aa48e5ec84b0ea
php-imap-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     966418dde96d45630db83ab784a07b23
php-ldap-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     d13978e5285271326934106918a6c272
php-mbstring-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     d1e1122d2723ce66af63298629703d49
php-mysql-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     292b11fbcc67e277e0971758a55a60e1
php-ncurses-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     57763f1feff7a785191d5224a1ae9290
php-odbc-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     aac7f53adff7b9173fc581be6809cedc
php-pdo-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     6aec0a62b0305cd4a887bb3d54b6ab91
php-pgsql-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     91a79293698ccafcea817a49576b6b1c
php-snmp-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     8176898811a0e898bfb0158adcd1228f
php-soap-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     cd324c31c751ce87d5e2875811979d7e
php-xml-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     8374aaa3195e80cf03f21970aacdea06
php-xmlrpc-5.1.6-7.el5.ppc.rpm
File outdated by:  RHSA-2009:0338		     1699a4cede424374f53db51a40d6c23f
 
s390x:
php-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     b4a2955f08aa005731c012c813801d5b
php-bcmath-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     b56b3928b80aeabef61cbe3198e482d2
php-cli-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     7443d3356b3d062889d44eab3863fc8a
php-common-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     49c9eef065dbde46a4dd48cd074e004f
php-dba-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     d2cfd29995ce8dca7db53b85634dfe18
php-devel-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     37d02d98287aa59b7ebd1dd5b2ea3f04
php-gd-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     9efbd00b56547364d6ca50e8c1321d00
php-imap-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     75932b10f243bace44feaad9370dd9a8
php-ldap-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     6f45228c38354873e0d6b72a371ff932
php-mbstring-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     2b4708e0e7d21060c57a84721d714c26
php-mysql-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     0b6d512aeb6489877db6aefaf0e2df09
php-ncurses-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     9f7f86b4d351f5bd2c44b909c0911c4c
php-odbc-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     d488c8e34ed2d15d4cd1d66e3757da0e
php-pdo-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     28628c46d048241cf3670b93309a364b
php-pgsql-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     768215dba4ffd10112b7d31507898802
php-snmp-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     95755db467614b64b65531616206bb3e
php-soap-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     48d2893c0e654f5973ca6588faa362d9
php-xml-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     01ecda2d3055673ade18449218ca1995
php-xmlrpc-5.1.6-7.el5.s390x.rpm
File outdated by:  RHSA-2009:0338		     cac4acbde1d01621fe6bf9ca332e4ebc
 
x86_64:
php-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     71badbd6e44d51cfba34a32a23cd95b2
php-bcmath-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     960ae9a9d0e00cd547da7eec1955a5d9
php-cli-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     c9d24ac66104b4d096acb6822fb9f8c6
php-common-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     1cd6237e2d51c55c19d6d3b7e2f81f5e
php-dba-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     b079b7af288906711ccd3bf02b1a0027
php-devel-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     6c69af2c7ed239a43c518b272c6cd3c8
php-gd-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     f2c4004d69f4eb094e80f5829fb33fc3
php-imap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     26c944eb0a556ba0d6a634613b7f67bb
php-ldap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     eff06352104b02ccc24a85e68714a9e2
php-mbstring-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     39592d7a4e4c48323ba426f48a56647d
php-mysql-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     a5224c1cc1b10ebe5e4173e933ae5767
php-ncurses-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     d3c8038ca9e8ac81aab049a2147b50b7
php-odbc-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     67e7ee807842e2c6963b0fe558b8f311
php-pdo-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     c89b0119f58fd306ac673f338cc15b5f
php-pgsql-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     55338806427f9d63e7400410ab563198
php-snmp-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     b4c50e81b595e80ef9aa09f53c7c5eed
php-soap-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     dd23b2ff36947c8bfe99e089837f664f
php-xml-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     71ea5f61663fd7e3d5c344eb7bfdce9a
php-xmlrpc-5.1.6-7.el5.x86_64.rpm
File outdated by:  RHSA-2009:0338		     98ad623c7547160267c38608882c4109
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

229013 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
231597 - CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1701
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1825
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/