Security Advisory Important: php security update for Stronghold

Advisory: RHSA-2007:0163-3
Type: Security Advisory
Severity: Important
Issued on: 2007-04-20
Last updated on: 2007-04-20
Affected Products: Red Hat Stronghold for Enterprise Linux
OVAL: N/A
CVEs (cve.mitre.org): CVE-2007-1285
CVE-2007-1286
CVE-2007-1711

Details

Updated PHP packages that fix several security issues are now available for
Stronghold 4.0 for Enterprise Linux.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

This update addresses the following issues:

- An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.
(CVE-2007-1285)

- An input validation bug function may allow a remote attacker to execute
arbitrary code as the "apache" user if a script passes untrusted input data
to the unserialize() function. (CVE-2007-1286)

- A double-free bug in the "session" extension may allow a remote attacker
to execute arbitrary code as the "apache" user, if untrusted input data was
passed to the session_decode() function . (CVE-2007-1711)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Stronghold for Enterprise Linux
SRPMS:
stronghold-php-4.1.2-15.src.rpm     f63d34589412cee48a4923534598e73c
 
IA-32:
stronghold-php-4.1.2-15.i386.rpm     413ab195476cb3b9bf94eb908e61bd9b
stronghold-php-devel-4.1.2-15.i386.rpm     9960846177128e35f2b62b4355f1bebe
stronghold-php-imap-4.1.2-15.i386.rpm     beba0d3f24c33624628f70d93a8de27b
stronghold-php-ldap-4.1.2-15.i386.rpm     6c24624f03c3e92589eedc34b51b1fd9
stronghold-php-manual-4.1.2-15.i386.rpm     dbd4650cadf9718e5076db875deb0197
stronghold-php-mysql-4.1.2-15.i386.rpm     318fd9a3588e2431fe379a1b4c2b2701
stronghold-php-odbc-4.1.2-15.i386.rpm     12fab43f5cdb9af303cb9772ba095822
stronghold-php-pgsql-4.1.2-15.i386.rpm     7a3598f293d72203f92ed81856f6e1c8
stronghold-php-snmp-4.1.2-15.i386.rpm     916eb7b48caa8b52b69d95f30d7781d1
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

235359 - CVE-2007-1285 Multiple PHP issues (CVE-2007-1286, CVE-2007-1711)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/