Skip to navigation

Security Advisory Low: php-pecl-apc security, bug fix, and enhancement update

Advisory: RHSA-2012:0811-4
Type: Security Advisory
Severity: Low
Issued on: 2012-06-20
Last updated on: 2012-06-20
Affected Products: Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2010-3294

Details

Updated php-pecl-apc packages that fix one security issue, several bugs,
and add various enhancements are now available for Red Hat Enterprise
Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The php-pecl-apc packages contain APC (Alternative PHP Cache), the
framework for caching and optimization of intermediate PHP code.

A cross-site scripting (XSS) flaw was found in the "apc.php" script, which
provides a detailed analysis of the internal workings of APC and is shipped
as part of the APC extension documentation. A remote attacker could
possibly use this flaw to conduct a cross-site scripting attack.
(CVE-2010-3294)

Note: The administrative script is not deployed upon package installation.
It must manually be copied to the web root (the default is
"/var/www/html/", for example).

In addition, the php-pecl-apc packages have been upgraded to upstream
version 3.1.9, which provides a number of bug fixes and enhancements over
the previous version. (BZ#662655)

All users of php-pecl-apc are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. If the "apc.php" script
was previously deployed in the web root, it must manually be re-deployed to
replace the vulnerable version to resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Server (v. 6)

SRPMS:
php-pecl-apc-3.1.9-2.el6.src.rpm     MD5: 0672c731f7512d16b3ac8679283e8752
SHA-256: ca3ebcc14f10e34dd1f5adfa612ad568bda6d1ea5f4de5225bc481280c1dcb82
 
IA-32:
php-pecl-apc-3.1.9-2.el6.i686.rpm     MD5: d2f0200c99fdba8767eb935f100a6d30
SHA-256: 5beb07cb00ae7a32a55990a71baad4bfcee23c179cdc739f2f1114579dca9b1d
php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm     MD5: a631b4a887b67fcd85a828a8d8ada860
SHA-256: be09f141474e8b0ab1ac78a10174627d548e0fdce2df63ad4c337219f3502849
php-pecl-apc-devel-3.1.9-2.el6.i686.rpm     MD5: 51288c394a2c6e5eccf914dc764e93ea
SHA-256: 7dff1aab4c87f4321171f72dc447e26a7f97cb6767016ebef0ed446e06410b5b
 
PPC:
php-pecl-apc-3.1.9-2.el6.ppc64.rpm     MD5: c16138cb1aa6c8a19f7685d6d47a741d
SHA-256: a84740661a4eb8d946568b576d7579950388f1f939790738f33ed03ec982275a
php-pecl-apc-debuginfo-3.1.9-2.el6.ppc.rpm     MD5: 9cce0e9ec0c4260f2d04ece6039e52a7
SHA-256: eb5efc8f7a3bb7c0ba0f6acf5a0a65635ed0bc93fc7941114d5e997594f3fb05
php-pecl-apc-debuginfo-3.1.9-2.el6.ppc64.rpm     MD5: 09448ab4212b01a3aecad63597b3442c
SHA-256: 626f388b3fb13a3a11221c8085ce3049c359ea3ace61879fa1e0362e34b865f9
php-pecl-apc-devel-3.1.9-2.el6.ppc.rpm     MD5: 14c90f95de013318d7ae56979dcd94d3
SHA-256: d1072c17a12b4c266c1bcfd093b9f2adcbc734e89a63163894eb9539daafb9d9
php-pecl-apc-devel-3.1.9-2.el6.ppc64.rpm     MD5: dcaad5bb93b97fed54e1a43275923ce5
SHA-256: 30c01261d7d0d1764f02282ced5474f1e18fcc13dd892281d0ff1d14eae0dd3c
 
s390x:
php-pecl-apc-3.1.9-2.el6.s390x.rpm     MD5: 7280396ab11c5e7662adf103818f2c0b
SHA-256: 3a9f2c6dd23ac6f4745c32920508defec76a7aa37c3c58ccb606b1bd222dd637
php-pecl-apc-debuginfo-3.1.9-2.el6.s390.rpm     MD5: 4af929e5f4783135edb8c34e9d27b07f
SHA-256: 0c99aa974a8ae8998853e1842fb7214db7bd8f439a136fa70711411c5a4e354e
php-pecl-apc-debuginfo-3.1.9-2.el6.s390x.rpm     MD5: 377ffa08a3632ff6293e665994eaf630
SHA-256: 9322e073e7e4ecd3d2e94d8549c21ae564d847a120ed2664485ae5d2e3bd5bac
php-pecl-apc-devel-3.1.9-2.el6.s390.rpm     MD5: b622d47f8e2bc0b8b32890e291268007
SHA-256: b3f2d6d05e699a92377415f28bfd94c8c78a8ecd0e2b34d81fb9df4ac6ee7781
php-pecl-apc-devel-3.1.9-2.el6.s390x.rpm     MD5: a90a352805e55d97ab2cdf49a703e7ac
SHA-256: 008e6d5302d9d536ff99bf32efbaa66c132bc40c3376da15b569696f7d23d34e
 
x86_64:
php-pecl-apc-3.1.9-2.el6.x86_64.rpm     MD5: cacc13fafd2902d6f767a843ab1cc669
SHA-256: 516b5b94e163dd7049f2253bbd309df182a5dd11983d9eb568a56495927f5296
php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm     MD5: a631b4a887b67fcd85a828a8d8ada860
SHA-256: be09f141474e8b0ab1ac78a10174627d548e0fdce2df63ad4c337219f3502849
php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm     MD5: 04cd4f34c827cdfcb9dbdb72d9478c65
SHA-256: f8817e28b71961535e30ccaa5287c90fc83419fe71637f75c1ef1f6558d82782
php-pecl-apc-devel-3.1.9-2.el6.i686.rpm     MD5: 51288c394a2c6e5eccf914dc764e93ea
SHA-256: 7dff1aab4c87f4321171f72dc447e26a7f97cb6767016ebef0ed446e06410b5b
php-pecl-apc-devel-3.1.9-2.el6.x86_64.rpm     MD5: fb27c13fa373e9528ee2bcadf436a4eb
SHA-256: 74c516be852250e821338cf0553dff09fac444485c2687feea64e52d9e8bf999
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
php-pecl-apc-3.1.9-2.el6.src.rpm     MD5: 0672c731f7512d16b3ac8679283e8752
SHA-256: ca3ebcc14f10e34dd1f5adfa612ad568bda6d1ea5f4de5225bc481280c1dcb82
 
IA-32:
php-pecl-apc-3.1.9-2.el6.i686.rpm     MD5: d2f0200c99fdba8767eb935f100a6d30
SHA-256: 5beb07cb00ae7a32a55990a71baad4bfcee23c179cdc739f2f1114579dca9b1d
php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm     MD5: a631b4a887b67fcd85a828a8d8ada860
SHA-256: be09f141474e8b0ab1ac78a10174627d548e0fdce2df63ad4c337219f3502849
php-pecl-apc-devel-3.1.9-2.el6.i686.rpm     MD5: 51288c394a2c6e5eccf914dc764e93ea
SHA-256: 7dff1aab4c87f4321171f72dc447e26a7f97cb6767016ebef0ed446e06410b5b
 
x86_64:
php-pecl-apc-3.1.9-2.el6.x86_64.rpm     MD5: cacc13fafd2902d6f767a843ab1cc669
SHA-256: 516b5b94e163dd7049f2253bbd309df182a5dd11983d9eb568a56495927f5296
php-pecl-apc-debuginfo-3.1.9-2.el6.i686.rpm     MD5: a631b4a887b67fcd85a828a8d8ada860
SHA-256: be09f141474e8b0ab1ac78a10174627d548e0fdce2df63ad4c337219f3502849
php-pecl-apc-debuginfo-3.1.9-2.el6.x86_64.rpm     MD5: 04cd4f34c827cdfcb9dbdb72d9478c65
SHA-256: f8817e28b71961535e30ccaa5287c90fc83419fe71637f75c1ef1f6558d82782
php-pecl-apc-devel-3.1.9-2.el6.i686.rpm     MD5: 51288c394a2c6e5eccf914dc764e93ea
SHA-256: 7dff1aab4c87f4321171f72dc447e26a7f97cb6767016ebef0ed446e06410b5b
php-pecl-apc-devel-3.1.9-2.el6.x86_64.rpm     MD5: fb27c13fa373e9528ee2bcadf436a4eb
SHA-256: 74c516be852250e821338cf0553dff09fac444485c2687feea64e52d9e8bf999
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

634334 - CVE-2010-3294 php-pecl-apc: potential XSS in apc.php


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/