Skip to navigation

Security Advisory Critical: php security update

Advisory: RHSA-2013:1063-1
Type: Security Advisory
Severity: Critical
Issued on: 2013-07-15
Last updated on: 2013-07-15
Affected Products: Red Hat Enterprise Linux ELS (v. 3)
Red Hat Enterprise Linux ELS (v. 4)
CVEs (cve.mitre.org): CVE-2013-4113

Details

Updated php packages that fix one security issue are now available for
Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the way PHP parsed deeply nested XML
documents. If a PHP application used the xml_parse_into_struct() function
to parse untrusted XML content, an attacker able to supply
specially-crafted XML could use this flaw to crash the application or,
possibly, execute arbitrary code with the privileges of the user running
the PHP interpreter. (CVE-2013-4113)

All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux ELS (v. 3)

SRPMS:
php-4.3.2-56.ent.src.rpm
File outdated by:  RHSA-2013:1826
    MD5: 8c26e2cde0740a544fd84ad02f044047
SHA-256: 2861357817bbb226bd76656207e7a368bd3753303679780f196797b30f9d758c
 
IA-32:
php-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 8a351c4f20fc2cb8276abd98f63379c9
SHA-256: 8d9a7a045ef5d00cc236b96ab05bda59c07188e3274da0313d4d3293c1966c32
php-devel-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 39ea1436b96164e1c11b5d5103e995b8
SHA-256: 1da30cb62c7ea69dd659ce256e14bf92797c4fab7cccf5000d79b6b0715e3396
php-imap-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: d494dd112d0741db191cbb08a1d144f4
SHA-256: 1da745896ad6a5c18597ff488188b53cb06f54761149ceed06ac7c26f3ea44fa
php-ldap-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: e1a7df8f0feecfc70da85f0f1f6e7dcc
SHA-256: c9e6266245d77898ad0020a8c7910e5caf5dd4a5fef5654f91b4f0a0c52ef5ac
php-mysql-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 8e3c5e4bd3356ecd65d0ad029a10b6b4
SHA-256: ac91cab4847f224fe06244e72f85535ebd0222799767854541a925de2458f244
php-odbc-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: fc62d735ec4173a332836f52ee85f3e6
SHA-256: 2037437fa364028665c9ccf15008f4f134144d0e03ee2a6d03d17236fb2534d9
php-pgsql-4.3.2-56.ent.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 08ce6b57415210b404ff426910b7322c
SHA-256: d98d1bd94ce999bcec6804258a0e159d2e0fc32b107f602cbafd43c120befed7
 
Red Hat Enterprise Linux ELS (v. 4)

SRPMS:
php-4.3.9-3.37.el4.src.rpm
File outdated by:  RHSA-2013:1826
    MD5: c784989dedb1aad936df57cf0a9d02b7
SHA-256: 03d5ca5ab78d089f78fd3bf7f50b48aa851edb122d0224c43d3472204214e8f1
 
IA-32:
php-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: e07e01af9ca1f4bc73876e1dce0c519c
SHA-256: 366fb836b4673035daab9ff885682ae50a4d6a79075986b12108ff26870ea701
php-devel-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 05df746f73e1125a5ffc09d49d51dab8
SHA-256: dcaceff34aad105dc8a0c64ecc3ab5368b948843a553635ab64327e33b93185a
php-domxml-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: a53f794d9426c8c6d25f7177335c5489
SHA-256: ccfcc0937019441b4e2f7efe4a9300c6034ec1440e46fe47823e0b59afb6de90
php-gd-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: bd3a50c6e6437963198400b49560b78e
SHA-256: 713687486542e575e143c73403ab153cdeab4a82e7d90ec191882d9fba1f7d9c
php-imap-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 363538825c1a89bf3b93590121cd9d1b
SHA-256: b0a4adb76263c1d7e8bd79331fdf6114e0f4fae484a3e231e1579bed2ae41db7
php-ldap-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: e209bce76eda95448110efc6eae3d2a1
SHA-256: 57b23827fbc69d0160dcba03602778f1792128d6865bc199cc65e570b18069b7
php-mbstring-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 8f6695707731ba7287b6b3e1189ff79c
SHA-256: 9b2e686f3022873ac232c16d39371bc410aaf9ca49c015e4aa305a6f9896dde0
php-mysql-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: e80b5ebc0c377817bd860d3e171d08dd
SHA-256: d2b874fed8c26e2cc91a6a13bef06971e6ad31357924e88f20aeb1b4965f5192
php-ncurses-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 5bbf6bddb670ad97fdf8fb667859f4b7
SHA-256: 4a1916cfbdd79494c9e3f5f96265faedc3f46848a808549e809b814392348ac8
php-odbc-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: ff947d1a5cf3fcc98db2d77dfbdc5829
SHA-256: 3a0ca88447223b03ad8f63af116757ac1b7b67080951ed8aa985a7ab5a538e16
php-pear-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 77d56bf7552f6af53ec75cbb7748496b
SHA-256: 622dbdb64f2b89534d526ac7f1a206f57b51d2871b31310fea125aaf099d581d
php-pgsql-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 4e1c0f07291c0a58c72742c47b9332a9
SHA-256: 1e221ceeea181fdd29a03a65528d28454261abb4422b354a0d949f4c079afca8
php-snmp-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 2296069689d8185e467f1c6d6a0e700f
SHA-256: d76a2a0aba9acd099c6bcb86d20668078d7df95018f9543357f6fa0d05a1589d
php-xmlrpc-4.3.9-3.37.el4.i386.rpm
File outdated by:  RHSA-2013:1826
    MD5: 6431ad694b8ec4f51c79e43980cb145c
SHA-256: 323a464e0fa2608813e72fc5abff99f0cc7bdb0cc5a2d6b4f145bad9f2109cfd
 
IA-64:
php-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 3a6b736da3ed7cb3cd5a28bda8e0f369
SHA-256: d6bc4150bb6abf559067900c8a65305223bc7936327dc4793ddd7dcee192aed8
php-devel-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 4dbf5c50c2c8374e9d12d6f0e79ea9ed
SHA-256: 637d50421f635ac73244215162f28ddc2d62d6efa7fa16803581cb199ce49245
php-domxml-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: f34d6e125847eda26806433c865789d5
SHA-256: 2912a3a8b160951b3c74209235d6acee256810aeca6818eeec867c6a996a0103
php-gd-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 7bfdc6e35e119204df256639552ac025
SHA-256: 26d71de09aa83920a61cce77c3f505a726bd8718586cefaf70d3114c71647e04
php-imap-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 1c4b5d96194d63b79c648cac594ab851
SHA-256: 100afdd6d5d18387c225e560e4dc3d2deebb23ccfdde1658e4a3c4ec0e6e7ea0
php-ldap-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: bbbddbbb0a97ab955b1836a57560ec60
SHA-256: a015a8acbab967152c8686c60ae9d93142957faabe0df85f92ffcede869d57c0
php-mbstring-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 3fed046aee7c18995b72d72875272215
SHA-256: 04f97449117834ba73455a0405c93b696713785cec3fce96a67776d7595b5895
php-mysql-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: b8f8a1ece3b254c92a1da1f14c9e5afa
SHA-256: c173490fd8b767a0502d088ba18fe8bc7aa099a5162112a98c6b24132a5cf76c
php-ncurses-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 9914022083190c2e27d5e3ca67740084
SHA-256: 28104bf2d2ff84c4f1d2b111aa37606e7c4d9f03a058119a3f8a016d714c0e72
php-odbc-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 2c23956f98e5f465c9c021f399729bdb
SHA-256: 01ea7439dd340d8f0e5b734de4d9ec1c31d043c8233eddfe68d21d49e982e1e7
php-pear-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 521db328eb80451e60369a6476fd0eff
SHA-256: af201361836d6a6218d93a5d3222372afa979ab80d68c31b7ec552efea21f250
php-pgsql-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: b9c0ba39b1d71c231d03ad879bda062d
SHA-256: 8a8db505353823f6d3e2e0f9803f1c9a942167d6a44100c09b430e5671c82a22
php-snmp-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: b41490e8220ffbf423f1962bfd3c1e92
SHA-256: 825b48a7196e718f97785b2e54028ef9530bb231fa98d63106940ce1690161c2
php-xmlrpc-4.3.9-3.37.el4.ia64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 7d9b2a01b4519c5ba155b51dde6e3468
SHA-256: 65d9a854e28d431b3a5815e8d8e0630bf90849507a82fbc46d3b81cb9d0f370f
 
x86_64:
php-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 6dc52ed5f994656c18127bf514f4e5c1
SHA-256: 42dc6726722d396e0b09d1ec36618c607a2840788ffe4f6f8aaf967c05841955
php-devel-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 34264aa382403c9ab0b662137aeac76a
SHA-256: 0e604b14368f33dab77fac77a2454348be36093968f31f45296b848625a0ff81
php-domxml-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 31556638a1a853ecf2be22ec6e3273ff
SHA-256: 3ed14279845a8335d34b01d2b0e62fba00373e47c6ef02053847dc6f77632f0d
php-gd-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: af10337c714b7c06eea1013e5c7304f0
SHA-256: 5c24bf9115662686a918efee1dfbdd3cf82d37824718f1d887f2fc88dc29c018
php-imap-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: d01c56f294d0245242e9fdc63f66e2b7
SHA-256: cb832d8278bf9b46810a7d7907debed90afb2b63b035c22e1375659af4870b2b
php-ldap-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 537ebf4217546e1fb4be101dbf8dd0bb
SHA-256: aadebc6b8f8b6a70eb1fabf8ce2be976474113d5dc96e877dc884651e88c59d9
php-mbstring-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: a44eb08c4a3e4013c928a8bebdc99ee8
SHA-256: 934779598f893934860d2165170aac99daa502e7e3ffa120e91e2baca97d9511
php-mysql-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 95a86d819991df14c4d05640a936120c
SHA-256: 45c691178c5c976cd80dad260847c5b5784984739f76694c4a88418352692c6d
php-ncurses-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: e4e7fa4016b2274d9ad51ff59b777ff0
SHA-256: bc49ca31984dcd0560962c13293f35d840cb06c7e68a733592e14d24ecbaf6e4
php-odbc-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: bcc4e0c8a22a2cb4e9fde0762bf49ae1
SHA-256: de08982a0a6f8c014e030edd7e16c899f3a1d1608a5a95418dfdc8ecd0777530
php-pear-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: e49fc81c8264025b7a82d04c81ed3aa7
SHA-256: 4d825de107c0720a16d8c57f3ed54b5264d5bc255d1b0415ad5e514039873d04
php-pgsql-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: af25c507e104d9adb3a77ba8c5f651a0
SHA-256: c34cd7586c377f2c3caf289ce2bca5b62e0f0c2d2b48623bb28a21b0525c1580
php-snmp-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: 55f398097951f5139480c1490b65337b
SHA-256: 4dc7b99bdd5b5424fb912ebceb77b517a95171fc117db62e68b94f68fd198233
php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm
File outdated by:  RHSA-2013:1826
    MD5: fcb8b2508a5841de9fe69a553288d2b0
SHA-256: a5de1af3b1f2f89fc8b5ca6c3afd8871e44b3224b7850f546f8ec7a7217b909c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/