Skip to navigation

Security Advisory php security update

Advisory: RHSA-2006:0688-13
Type: Security Advisory
Severity: Important
Issued on: 2006-10-05
Last updated on: 2006-10-05
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
CVEs (cve.mitre.org): CVE-2006-4020
CVE-2006-4482
CVE-2006-4484
CVE-2006-4485
CVE-2006-4486
CVE-2006-4812

Details

Updated PHP packages that fix multiple security issues are now available
for the Red Hat Application Stack.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If
a script can cause memory allocation based on untrusted user data, a remote
attacker sending a carefully crafted request could execute arbitrary code
as the 'apache' user. (CVE-2006-4812)

A buffer overflow was discovered in the PHP sscanf() function. If a script
used the sscanf() function with positional arguments in the format string,
a remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)

A buffer overflow was discovered in the PHP gd extension. If a script was
set up to process GIF images from untrusted sources using the gd extension,
a remote attacker could cause a heap overflow. (CVE-2006-4484)

A buffer overread was discovered in the PHP stripos() function. If a
script used the stripos() function with untrusted user data, PHP may read
past the end of a buffer, which could allow a denial of service attack by a
remote user. (CVE-2006-4485)

An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the "memory_limit" setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)

These packages also contain a fix for a bug where certain input strings to
the metaphone() function could cause memory corruption.

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)

SRPMS:
php-5.1.4-1.el4s1.4.src.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8450536ffd216fffd7a2c350ef2d8122
 
IA-32:
php-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: d8504a875caf435ac3d87be51da23cbb
php-bcmath-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 0b093ab3604f91f031e77fc374851333
php-dba-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: be94330943e42d6ce9795ac1aa005c5c
php-devel-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 89e204920cedc8129dca821268de2fdb
php-gd-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9404807f4baab567cebf50e00dc0328c
php-imap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: c08f52b6d7dbb729e09f4b95f89562b1
php-ldap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9944e216a9b9d6b06a73d620e2d5a26e
php-mbstring-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 399033da724e5d135fbd4c5bea8641a3
php-mysql-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8cdb68afa789a1744f9c0cc4cb25f680
php-ncurses-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 80b3a6b0e0b029255fea1ae1b892b3a8
php-odbc-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 67fe4b574af94f99e22042e0b1b0617d
php-pdo-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: f3794d4b2cc0c41efb3029efea456129
php-pgsql-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: ff9b98642ebf3726ab189b8b07c78cf4
php-snmp-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 42144bb23cfba2f20967d280f6bc4087
php-soap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: dfe2fdeecd4fc439bad8c05e2abdefac
php-xml-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 877b079373e5d1809d7c4e092b04c12a
php-xmlrpc-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: b2a43cb90b877484085c562d931daa06
 
x86_64:
php-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 21e04b311dc5f7b9bef079dc1dbdd01a
php-bcmath-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 372a46e2847f69de0b14ca16cb43eaf3
php-dba-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 23531793db020c866ebe475fcddf750d
php-devel-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: db2a441639cae736640e13ab7cbe133a
php-gd-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1634a9dc26e120084a6fe49262e0f0e0
php-imap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 45becd8779a8da71b139b1ba3ee9400e
php-ldap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 3b2ef5dede854065651495602fa6c126
php-mbstring-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5d27f29c72f624c1a868f3cdbefd0b77
php-mysql-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: edaafb7eca7e3c41acbf69259c525d14
php-ncurses-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: c15c8d27058ad09b838a53b4f4c81b6e
php-odbc-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: d888187eb18ffa7f46550138d84700fa
php-pdo-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6d5d2387c96663442bf90b9a2cb45253
php-pgsql-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: c68935c8f98ea97fc468c173c6d36509
php-snmp-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a7ac3a5427b16926fae2e91f347ea585
php-soap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8143af224065383c5518c5f0b8764fb2
php-xml-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1255ae1a27002b314951340ef15d886f
php-xmlrpc-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 19d384ad3ccaf7fa73c21ffa7ff012c8
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)

SRPMS:
php-5.1.4-1.el4s1.4.src.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8450536ffd216fffd7a2c350ef2d8122
 
IA-32:
php-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: d8504a875caf435ac3d87be51da23cbb
php-bcmath-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 0b093ab3604f91f031e77fc374851333
php-dba-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: be94330943e42d6ce9795ac1aa005c5c
php-devel-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 89e204920cedc8129dca821268de2fdb
php-gd-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9404807f4baab567cebf50e00dc0328c
php-imap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: c08f52b6d7dbb729e09f4b95f89562b1
php-ldap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9944e216a9b9d6b06a73d620e2d5a26e
php-mbstring-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 399033da724e5d135fbd4c5bea8641a3
php-mysql-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8cdb68afa789a1744f9c0cc4cb25f680
php-ncurses-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 80b3a6b0e0b029255fea1ae1b892b3a8
php-odbc-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 67fe4b574af94f99e22042e0b1b0617d
php-pdo-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: f3794d4b2cc0c41efb3029efea456129
php-pgsql-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: ff9b98642ebf3726ab189b8b07c78cf4
php-snmp-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 42144bb23cfba2f20967d280f6bc4087
php-soap-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: dfe2fdeecd4fc439bad8c05e2abdefac
php-xml-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 877b079373e5d1809d7c4e092b04c12a
php-xmlrpc-5.1.4-1.el4s1.4.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: b2a43cb90b877484085c562d931daa06
 
x86_64:
php-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 21e04b311dc5f7b9bef079dc1dbdd01a
php-bcmath-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 372a46e2847f69de0b14ca16cb43eaf3
php-dba-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 23531793db020c866ebe475fcddf750d
php-devel-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: db2a441639cae736640e13ab7cbe133a
php-gd-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1634a9dc26e120084a6fe49262e0f0e0
php-imap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 45becd8779a8da71b139b1ba3ee9400e
php-ldap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 3b2ef5dede854065651495602fa6c126
php-mbstring-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5d27f29c72f624c1a868f3cdbefd0b77
php-mysql-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: edaafb7eca7e3c41acbf69259c525d14
php-ncurses-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: c15c8d27058ad09b838a53b4f4c81b6e
php-odbc-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: d888187eb18ffa7f46550138d84700fa
php-pdo-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6d5d2387c96663442bf90b9a2cb45253
php-pgsql-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: c68935c8f98ea97fc468c173c6d36509
php-snmp-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a7ac3a5427b16926fae2e91f347ea585
php-soap-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8143af224065383c5518c5f0b8764fb2
php-xml-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1255ae1a27002b314951340ef15d886f
php-xmlrpc-5.1.4-1.el4s1.4.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 19d384ad3ccaf7fa73c21ffa7ff012c8
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

207090 - CVE-2006-4020 PHP security issues (CVE-2006-4482 CVE-2006-4484 CVE-2006-4485 CVE-2006-4486)
209408 - CVE-2006-4812 PHP ecalloc integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/