Skip to navigation

Security Advisory Important: php security update

Advisory: RHSA-2007:0088-2
Type: Security Advisory
Severity: Important
Issued on: 2007-02-22
Last updated on: 2007-02-22
Affected Products: Red Hat Application Stack v1 for Enterprise Linux AS (v.4)
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)
CVEs (cve.mitre.org): CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
CVE-2007-1380
CVE-2007-1701
CVE-2007-1825

Details

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack v1.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer overflow
could occur in memory allocation. If a script used the imap_mail_compose()
function to create a new MIME message based on an input body from an
untrusted source, it could result in a heap overflow. An attacker with
access to a PHP application affected by any these issues could trigger the
flaws and possibly execute arbitrary code as the 'apache' user.
(CVE-2007-0906)

When unserializing untrusted data on 64-bit platforms, the zend_hash_init()
function could be forced into an infinite loop, consuming CPU resources for
a limited time, until the script timeout alarm aborted execution of the
script. (CVE-2007-0988)

If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)

If the odbc_result_all() function was used to display data from a database,
and the database table contents were under an attacker's control, a format
string vulnerability was possible which could allow arbitrary code
execution. (CVE-2007-0909)

A one byte memory read always occurs before the beginning of a buffer. This
could be triggered, for example, by any use of the header() function in a
script. However it is unlikely that this would have any effect.
(CVE-2007-0907)

Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. (CVE-2007-0910)

Red Hat would like to thank Stefan Esser for his help diagnosing these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Application Stack v1 for Enterprise Linux AS (v.4)

SRPMS:
php-5.1.6-3.el4s1.5.src.rpm
File outdated by:  RHSA-2008:0582
    MD5: 65c254f44be0f72149d1a6d2481f83d1
 
IA-32:
php-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 78d8e01b70f58962f336c8bfb5ba4b96
php-bcmath-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6d2e8fa3d1b7c38b238e1ac3f7476956
php-cli-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6b8b46df3e7baa0f8d3f172f17282259
php-common-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8ced783df3b11e6d0f6dd1f6b6829fdf
php-dba-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 740a6c287dcbac0661a253ed3ff66814
php-devel-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: f35f870ec7d08950d8e62ce9525c4c70
php-gd-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 23e2fd214a78125b380c59dce8b866cc
php-imap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: ffca8a8be48b47ac67d3dafe706a17c6
php-ldap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 4c1f239d32b5e6ae2e26198116a2df40
php-mbstring-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 4ab5f2d77d903027e47cde5ce2b00391
php-mysql-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 70f18b061ad856f91d752afc602321fb
php-ncurses-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: dc8653b119d187f4502ea7768d0b4df3
php-odbc-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: eaeeb0c20afcc2f6092f2ee86026b289
php-pdo-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8626f179feb2edf6a65592e8b7ccf4ac
php-pgsql-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 29394ec7b3a94bf7800984b6261645dc
php-snmp-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1458d727cb6e7ca1f8b157e7e9e6647b
php-soap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 2852e877c69badc913b3d45508f6174d
php-xml-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 83fc3d913035f739d9f467760141131a
php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 72e4d8d62154edd162e302e4ef998237
 
x86_64:
php-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9febc8aa7713fcc6e6d782e8cfad8b6b
php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a50b99d084118534a60713dc7072bfe8
php-cli-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: ec1c3659254920ee751528b70048dc8f
php-common-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a5d8daf2c536b025cc7916c93b29dba9
php-dba-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6759778469af7a9a70258aa3e07e57fc
php-devel-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: f2d186ccf814a716661e05f9b9e8b968
php-gd-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: e9ae0a6fcb0a383c5e0ccce6d5625d10
php-imap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 007ccf652a68a291f02ea20a64b17c19
php-ldap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: e3438ac7fa45ec4d18c5b440e6ab8b51
php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 2ff48b915dd6a96e0218fbd22eb38e18
php-mysql-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a7249f1c5007a3cbaa1db03db1947e08
php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6bca262f258fa401f85ba494b2c31e6f
php-odbc-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: f0300356cfa9a0ec53f06b22bf9831bc
php-pdo-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: cc1d0f4eb90a42bf2b97c901dc7e675e
php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 281e15be5c482bf80b9b364baa18c464
php-snmp-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5974ebe042e427a9bb63ebc3efd0e503
php-soap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5504e7372468eb793607c7050109a7c9
php-xml-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: ec5eeca15244e5e676c2dd438bc4add0
php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 55e2405c3136cd7ba733391770d8e4ba
 
Red Hat Application Stack v1 for Enterprise Linux ES (v.4)

SRPMS:
php-5.1.6-3.el4s1.5.src.rpm
File outdated by:  RHSA-2008:0582
    MD5: 65c254f44be0f72149d1a6d2481f83d1
 
IA-32:
php-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 78d8e01b70f58962f336c8bfb5ba4b96
php-bcmath-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6d2e8fa3d1b7c38b238e1ac3f7476956
php-cli-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6b8b46df3e7baa0f8d3f172f17282259
php-common-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8ced783df3b11e6d0f6dd1f6b6829fdf
php-dba-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 740a6c287dcbac0661a253ed3ff66814
php-devel-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: f35f870ec7d08950d8e62ce9525c4c70
php-gd-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 23e2fd214a78125b380c59dce8b866cc
php-imap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: ffca8a8be48b47ac67d3dafe706a17c6
php-ldap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 4c1f239d32b5e6ae2e26198116a2df40
php-mbstring-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 4ab5f2d77d903027e47cde5ce2b00391
php-mysql-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 70f18b061ad856f91d752afc602321fb
php-ncurses-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: dc8653b119d187f4502ea7768d0b4df3
php-odbc-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: eaeeb0c20afcc2f6092f2ee86026b289
php-pdo-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 8626f179feb2edf6a65592e8b7ccf4ac
php-pgsql-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 29394ec7b3a94bf7800984b6261645dc
php-snmp-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 1458d727cb6e7ca1f8b157e7e9e6647b
php-soap-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 2852e877c69badc913b3d45508f6174d
php-xml-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 83fc3d913035f739d9f467760141131a
php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm
File outdated by:  RHSA-2008:0582
    MD5: 72e4d8d62154edd162e302e4ef998237
 
x86_64:
php-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 9febc8aa7713fcc6e6d782e8cfad8b6b
php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a50b99d084118534a60713dc7072bfe8
php-cli-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: ec1c3659254920ee751528b70048dc8f
php-common-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a5d8daf2c536b025cc7916c93b29dba9
php-dba-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6759778469af7a9a70258aa3e07e57fc
php-devel-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: f2d186ccf814a716661e05f9b9e8b968
php-gd-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: e9ae0a6fcb0a383c5e0ccce6d5625d10
php-imap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 007ccf652a68a291f02ea20a64b17c19
php-ldap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: e3438ac7fa45ec4d18c5b440e6ab8b51
php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 2ff48b915dd6a96e0218fbd22eb38e18
php-mysql-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: a7249f1c5007a3cbaa1db03db1947e08
php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 6bca262f258fa401f85ba494b2c31e6f
php-odbc-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: f0300356cfa9a0ec53f06b22bf9831bc
php-pdo-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: cc1d0f4eb90a42bf2b97c901dc7e675e
php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 281e15be5c482bf80b9b364baa18c464
php-snmp-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5974ebe042e427a9bb63ebc3efd0e503
php-soap-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 5504e7372468eb793607c7050109a7c9
php-xml-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: ec5eeca15244e5e676c2dd438bc4add0
php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm
File outdated by:  RHSA-2008:0582
    MD5: 55e2405c3136cd7ba733391770d8e4ba
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

229337 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/