Important: php security update

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way PHP's unserialize() function processes data. If
a remote attacker is able to pass arbitrary data to PHP's unserialize()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1286)

A double free flaw was found in PHP's session_decode() function. If a
remote attacker is able to pass arbitrary data to PHP's session_decode()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1711)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

235225 - CVE-2007-1285 Multiple "Month of PHP Bugs" PHP issues (CVE-2007-1286, CVE-2007-1711)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://www.redhat.com/security/updates/classification/#important