Skip to navigation

Security Advisory Moderate: php security update

Advisory: RHSA-2007:0889-5
Type: Security Advisory
Severity: Moderate
Issued on: 2007-09-26
Last updated on: 2007-09-26
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2007-2509
CVE-2007-2756
CVE-2007-2872
CVE-2007-3799
CVE-2007-3996
CVE-2007-3998
CVE-2007-4658
CVE-2007-4670

Details

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

These updated packages address the following vulnerabilities:

Various integer overflow flaws were found in the PHP gd extension script
that could be forced to resize images from an untrusted source, possibly
allowing a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that it
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)

An infinite-loop flaw was discovered in the PHP gd extension. A script
that could be forced to process PNG images from an untrusted source could
allow a remote attacker to cause a denial of service. (CVE-2007-2756)

A flaw was found in the PHP "ftp" extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
php-4.3.2-43.ent.src.rpm
File outdated by:  RHSA-2010:0040
    MD5: b47c9296c6ce86888a67b05522be212a
 
IA-32:
php-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 48287cd240b7882ae3f7fdf542ff7aae
php-devel-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 061c8104dd4966c41e942d5de657db86
php-imap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: ee433ce0e9171f74854b6a1e061d4966
php-ldap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 55f82c10116501cd4aa105ba63c03cd9
php-mysql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8559b3584af7b03707e2f90914d6b22d
php-odbc-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 3df972c57317f7a8024e07d306149637
php-pgsql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 45994e8c72add0fcf962fb274ace1128
 
x86_64:
php-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 565b0086bd839e3f159df0a4b319f03c
php-devel-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f14791f55049778f3bcd2c487fbb4f96
php-imap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7a294fe8956477a010a704afda6018e1
php-ldap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7b821c42fffff83a0730ea9868eee776
php-mysql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 30f84eab03194aa0f3c31e421f4d500a
php-odbc-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f04cd3eb3b534f59e43f9adf78a2fd74
php-pgsql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 790783e4278bc7fa11c92bef527b98f8
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
php-4.3.2-43.ent.src.rpm
File outdated by:  RHSA-2010:0040
    MD5: b47c9296c6ce86888a67b05522be212a
 
IA-32:
php-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 48287cd240b7882ae3f7fdf542ff7aae
php-devel-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 061c8104dd4966c41e942d5de657db86
php-imap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: ee433ce0e9171f74854b6a1e061d4966
php-ldap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 55f82c10116501cd4aa105ba63c03cd9
php-mysql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8559b3584af7b03707e2f90914d6b22d
php-odbc-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 3df972c57317f7a8024e07d306149637
php-pgsql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 45994e8c72add0fcf962fb274ace1128
 
IA-64:
php-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 87273361a46742ca372f530ba0f96196
php-devel-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: abfa62220badaf7d7b93a5cde630ae64
php-imap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 11adcbbd47ffac285763d50fd908d1d1
php-ldap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: fd5fbb0204913a6d9434ae3eb0db8ecd
php-mysql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 83237f7ccca6083e399849e6f0a8199d
php-odbc-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 329701a34f032fd083997e57a847a42c
php-pgsql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: d29db18bce3fc662c6fa32b2904eedd5
 
PPC:
php-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8d66ea62970615aff3344c8f45cf0df2
php-devel-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: 38ee71769f7e4a7419fcb1f6e49d9a93
php-imap-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: 3994889a0b028a017935de817597509b
php-ldap-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: fb58fa0aed1212018ed97816536ebe5a
php-mysql-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: e5df93d22a4867f141ae3a639cd24da5
php-odbc-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: c3c970d003c7e79ca37549ccdc787115
php-pgsql-4.3.2-43.ent.ppc.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8c8d73178d66854843781c66a203570a
 
s390:
php-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: f7b2ffb923d4c9e1bb78cef33673a6f4
php-devel-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: 86b7da671518f07560167aad68ea8e3e
php-imap-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: b8e4c194d39e2ac2963d3d837c598e1a
php-ldap-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: ff69349cf24affebd32299a42465ff11
php-mysql-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: c3af8cc86094b95ffb8d7be041459565
php-odbc-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: 170233603a57dc4e1f37933324d8cd75
php-pgsql-4.3.2-43.ent.s390.rpm
File outdated by:  RHSA-2010:0040
    MD5: 4122e4b956d2a834532767995546b574
 
s390x:
php-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 928bdd25d4ec1c95f62d2d1407bd789d
php-devel-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7dfc45467cd627944eebeb4e7f00a7e3
php-imap-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 798a688177de21abc337f56d02624d50
php-ldap-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 316e794fcf403ba535696fcf9adfe2f9
php-mysql-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8d42bbad73d4c083c118c6211c8a6e41
php-odbc-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: 9dd63fc5b55477245a4d7703831d03bd
php-pgsql-4.3.2-43.ent.s390x.rpm
File outdated by:  RHSA-2010:0040
    MD5: bc0d3310f0da84fa40ac8caa3a51b537
 
x86_64:
php-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 565b0086bd839e3f159df0a4b319f03c
php-devel-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f14791f55049778f3bcd2c487fbb4f96
php-imap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7a294fe8956477a010a704afda6018e1
php-ldap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7b821c42fffff83a0730ea9868eee776
php-mysql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 30f84eab03194aa0f3c31e421f4d500a
php-odbc-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f04cd3eb3b534f59e43f9adf78a2fd74
php-pgsql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 790783e4278bc7fa11c92bef527b98f8
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
php-4.3.2-43.ent.src.rpm
File outdated by:  RHSA-2010:0040
    MD5: b47c9296c6ce86888a67b05522be212a
 
IA-32:
php-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 48287cd240b7882ae3f7fdf542ff7aae
php-devel-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 061c8104dd4966c41e942d5de657db86
php-imap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: ee433ce0e9171f74854b6a1e061d4966
php-ldap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 55f82c10116501cd4aa105ba63c03cd9
php-mysql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8559b3584af7b03707e2f90914d6b22d
php-odbc-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 3df972c57317f7a8024e07d306149637
php-pgsql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 45994e8c72add0fcf962fb274ace1128
 
IA-64:
php-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 87273361a46742ca372f530ba0f96196
php-devel-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: abfa62220badaf7d7b93a5cde630ae64
php-imap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 11adcbbd47ffac285763d50fd908d1d1
php-ldap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: fd5fbb0204913a6d9434ae3eb0db8ecd
php-mysql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 83237f7ccca6083e399849e6f0a8199d
php-odbc-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 329701a34f032fd083997e57a847a42c
php-pgsql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: d29db18bce3fc662c6fa32b2904eedd5
 
x86_64:
php-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 565b0086bd839e3f159df0a4b319f03c
php-devel-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f14791f55049778f3bcd2c487fbb4f96
php-imap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7a294fe8956477a010a704afda6018e1
php-ldap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7b821c42fffff83a0730ea9868eee776
php-mysql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 30f84eab03194aa0f3c31e421f4d500a
php-odbc-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f04cd3eb3b534f59e43f9adf78a2fd74
php-pgsql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 790783e4278bc7fa11c92bef527b98f8
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
php-4.3.2-43.ent.src.rpm
File outdated by:  RHSA-2010:0040
    MD5: b47c9296c6ce86888a67b05522be212a
 
IA-32:
php-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 48287cd240b7882ae3f7fdf542ff7aae
php-devel-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 061c8104dd4966c41e942d5de657db86
php-imap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: ee433ce0e9171f74854b6a1e061d4966
php-ldap-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 55f82c10116501cd4aa105ba63c03cd9
php-mysql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 8559b3584af7b03707e2f90914d6b22d
php-odbc-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 3df972c57317f7a8024e07d306149637
php-pgsql-4.3.2-43.ent.i386.rpm
File outdated by:  RHSA-2010:0040
    MD5: 45994e8c72add0fcf962fb274ace1128
 
IA-64:
php-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 87273361a46742ca372f530ba0f96196
php-devel-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: abfa62220badaf7d7b93a5cde630ae64
php-imap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 11adcbbd47ffac285763d50fd908d1d1
php-ldap-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: fd5fbb0204913a6d9434ae3eb0db8ecd
php-mysql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 83237f7ccca6083e399849e6f0a8199d
php-odbc-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 329701a34f032fd083997e57a847a42c
php-pgsql-4.3.2-43.ent.ia64.rpm
File outdated by:  RHSA-2010:0040
    MD5: d29db18bce3fc662c6fa32b2904eedd5
 
x86_64:
php-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 565b0086bd839e3f159df0a4b319f03c
php-devel-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f14791f55049778f3bcd2c487fbb4f96
php-imap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7a294fe8956477a010a704afda6018e1
php-ldap-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 7b821c42fffff83a0730ea9868eee776
php-mysql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 30f84eab03194aa0f3c31e421f4d500a
php-odbc-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: f04cd3eb3b534f59e43f9adf78a2fd74
php-pgsql-4.3.2-43.ent.x86_64.rpm
File outdated by:  RHSA-2010:0040
    MD5: 790783e4278bc7fa11c92bef527b98f8
 

Bugs fixed (see bugzilla for more information)

239014 - CVE-2007-2509 php CRLF injection
242032 - CVE-2007-2872 php chunk_split integer overflow
242033 - CVE-2007-2756 php imagecreatefrompng infinite loop
250726 - CVE-2007-3799 php cross-site cookie insertion
276081 - CVE-2007-3998 php floating point exception inside wordwrap
278011 - CVE-2007-4658 php money_format format string issue
278031 - CVE-2007-3996 php multiple integer overflows in gd
278041 - CVE-2007-4670 php malformed cookie handling


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/