Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

       ESB-2005.0261 -- New versions of PHP 4 and 5 released fixing
                         multiple vulnerabilities
                               1 April 2005


        AusCERT Security Bulletin Summary

Product:           PHP 4.3.10 and prior
                   PHP 5.0.3 and prior
Operating System:  UNIX variants
                   Linux variants
                   Mac OS X
Impact:            Denial of Service
                   Reduced Security
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-0525 CAN-2005-0524

Original Bulletin: http://news.php.net/php.announce/55

Comment: Details on the image handling remote denial of service vulnerabilities
         are available at:
         A vulnerability in swf_openfile() bypasses safe mode restrictions. In
         conjunction with application vulnerabilities this can potentially allow
         overwriting arbitrary files. Details are available at:
         unserialize() corrupts floating point values in non-English locales.
         The security impact of this depends upon how the value is used in an
         application. Details are available at:
         The fbsql and swf_definepoly vulnerabilities have unknown impact.
         Full lists of changes are available at the following URLs:

- --------------------------BEGIN INCLUDED TEXT--------------------

PHP 4.3.11 & 5.0.4 Released!

The PHP Development Team would like to announce the immediate release of 
PHP 4.3.11 and 5.0.4.  These are maintenance releases that in addition 
to fixing over 70 non-critical bugs, address several security issues. 
The addressed security issues include fixes to the exif and fbsql 
extensions, as well as fixes to unserialize(), swf_definepoly() and 

All users of PHP are strongly encouraged to upgrade to this release.

Aside from the above mentioned issues this release includes the 
following important fixes:

* Crash in bzopen() if supplied path to non-existent file.
* DOM crashing when attribute appended to Document.
* unserialize() float problem on non-English locales.
* Crash in msg_send() when non-string is stored without being serialized.
* Possible infinite loop in imap_mail_compose().
* Fixed crash in chunk_split(), when chunklen > strlen.
* session_set_save_handler crashes PHP when supplied non-existent object 
* Memory leak in zend_language_scanner.c.
* Compile failures of zend_strtod.c.
* Fixed crash in overloaded objects & overload() function.
* cURL functions bypass open_basedir.

The PHP Development Team would like to thank all the people who have 
identified the security faults in PHP and helped us address them.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.

Comment: http://www.auscert.org.au/render.html?it=1967