Skip to navigation

Security Advisory Moderate: php security update

Advisory: RHSA-2009:0350-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-04-14
Last updated on: 2009-04-14
Affected Products: Red Hat Application Stack v2
CVEs (cve.mitre.org): CVE-2008-3658
CVE-2008-3660
CVE-2008-5498
CVE-2008-5557
CVE-2008-5658
CVE-2008-5814
CVE-2009-0754
CVE-2009-1271

Details

Updated php packages that fix several security issues are now available for
Red Hat Application Stack v2.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A
remote attacker able to pass arbitrary input to a PHP script using mbstring
conversion functions could cause the PHP interpreter to crash or, possibly,
execute arbitrary code. (CVE-2008-5557)

A flaw was found in the handling of the "mbstring.func_overload"
configuration setting. A value set for one virtual host, or in a user's
.htaccess file, was incorrectly applied to other virtual hosts on the same
server, causing the handling of multibyte character strings to not work
correctly. (CVE-2009-0754)

A directory traversal flaw was found in PHP's ZipArchive::extractTo
function. If PHP is used to extract a malicious ZIP archive, it could allow
an attacker to write arbitrary files anywhere the PHP process has write
permissions. (CVE-2008-5658)

A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it
could cause the PHP interpreter to crash or, possibly, execute arbitrary
code. (CVE-2008-3658)

A flaw was found in the way PHP handled certain file extensions when
running in FastCGI mode. If the PHP interpreter was being executed via
FastCGI, a remote attacker could create a request which would cause the PHP
interpreter to crash. (CVE-2008-3660)

A memory disclosure flaw was found in the PHP gd extension's imagerotate
function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions
of the PHP interpreter's memory. (CVE-2008-5498)

A cross-site scripting flaw was found in a way PHP reported errors for
invalid cookies. If the PHP interpreter had "display_errors" enabled, a
remote attacker able to set a specially-crafted cookie on a victim's system
could possibly inject arbitrary HTML into an error message generated by
PHP. (CVE-2008-5814)

A flaw was found in PHP's json_decode function. A remote attacker could use
this flaw to create a specially-crafted string which could cause the PHP
interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)

All php users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. The httpd web server
must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Application Stack v2

SRPMS:
php-5.2.6-4.el5s2.src.rpm
File outdated by:  RHSA-2012:0570
    MD5: b3d09d832ef32536f7beaea01f11ba1b
 
IA-32:
php-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 6e35fd0e885f539638e303caae74c972
php-bcmath-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: cff61901ce658595fd29190d4ec39fa5
php-cli-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 5a4a7c17a98d7d8304398a37a4f96ab3
php-common-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: dd16d4b7710bf27a06b8f1d9e38dabcd
php-dba-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: a338ee44835bfa03263af571b459826b
php-devel-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 717c24057c4354eba9c36b92ba1e8cfb
php-gd-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: d074330f873ba40d6e14d957dea80212
php-imap-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 1893dcd950458c2db6304c5dcbba6ee3
php-ldap-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 3905fc99d0c26594bb1791527a40d807
php-mbstring-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: b32b2f4a5a1953633de8503aae5d7c83
php-mysql-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 74ae9a2093f6062664ad290bccddc860
php-ncurses-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: bf7510733311baab86e3063ee2be73f3
php-odbc-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 2f2605e5c492ed0ea7419a3436248184
php-pdo-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 906593758f0c11ed3fc449558723b168
php-pgsql-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 7d1df8645830d7b1c8ad9c6e47c41b5a
php-snmp-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: de7f28c29f066b5710dd80c46c1bb083
php-soap-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: b5f237aa62db95a6fc14529b5f733a64
php-xml-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: 5b10ad7008e0ade0ffd96367d7edda56
php-xmlrpc-5.2.6-4.el5s2.i386.rpm
File outdated by:  RHSA-2012:0570
    MD5: b0b5234d0de60c77bf390ac5d759a8a6
 
x86_64:
php-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: f01ee70c8d3d0f89b4ebf4ca69500843
php-bcmath-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: ca0e3ec9d97b811d3c29f3cae0eb3f66
php-cli-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: c73a16e65118dae8e218c6331fc99909
php-common-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 5ec9a0a0340674a1cab22958ebb740ab
php-dba-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 86f52a1f5665357f9513adfc2c9837b1
php-devel-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: b2fe22caac8fcad3fd9166d10b97a627
php-gd-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 9c3ae651ae1d8224d32a95ac467e5a6e
php-imap-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: c5949cbe384eb24b3316a6b3a6965b60
php-ldap-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: e5c66bf8a1d3e224033d46a3595419f4
php-mbstring-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: e4917677c8b7ef62aefe499ed4497571
php-mysql-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: bbbcab8f51a12e508fcbc08a3ac69bae
php-ncurses-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: be0f504fc8785004226c069425c2dfab
php-odbc-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: bf0f9ac7ddf0cd1d85ffe463c105d49e
php-pdo-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 243a746f74c03e8bd067c12d717775fa
php-pgsql-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: a8f9b78bdd6c73f56ed67fbd6202958b
php-snmp-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 662fabba486e897bac904b7ec2eafe9d
php-soap-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 675a4df03d78af21f463209cb06d2535
php-xml-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 2c1a2d189fa1f94c1b67ef884a26a844
php-xmlrpc-5.2.6-4.el5s2.x86_64.rpm
File outdated by:  RHSA-2012:0570
    MD5: 28aae7bd6984194ba94c38f9945fc9e6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
480167 - CVE-2008-5814 php: XSS via PHP error messages
494530 - CVE-2009-1271 php: crash on malformed input in json_decode()


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/