Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2006.0466 -- [Win][UNIX/Linux][RedHat]
Moderate: php security update
26 July 2006
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: php
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Desktop 4
Red Hat Enterprise Linux AS/ES/WS 4
Red Hat Desktop 3
Red Hat Enterprise Linux AS/ES/WS 3
UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Execute Arbitrary Code/Commands
Create Arbitrary Files
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2006-3017 CVE-2006-1990 CVE-2006-1494
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0568.html
https://rhn.redhat.com/errata/RHSA-2006-0567.html
Revision History: July 26 2006: This update is now available for the Red
Hat Linux 2 family of operating systems
(see RHSA-2006-0567).
July 13 2006: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: php security update
Advisory ID: RHSA-2006:0568-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0568.html
Issue date: 2006-07-12
Updated on: 2006-07-12
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-1494 CVE-2006-1990 CVE-2006-3017
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)
The wordwrap() PHP function did not properly check for integer overflow in
the handling of the "break" parameter. An attacker who could control the
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)
A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the "register_globals" setting.
"register_globals" is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)
Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
189591 - CVE-2006-1494 PHP tempname open_basedir issue
190033 - CVE-2006-1990 wordwrap integer overflow
196256 - CVE-2006-3017 zend_hash_del bug
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-33.ent.src.rpm
c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm
i386:
d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm
193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm
d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm
10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm
8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm
51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm
c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm
87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm
ia64:
ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm
e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm
bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm
8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm
27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm
2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm
9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm
59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm
ppc:
35582367f1958335fe2d13585460e6e1 php-4.3.2-33.ent.ppc.rpm
ca1a7b0361440c2157e29331fe6f7f20 php-debuginfo-4.3.2-33.ent.ppc.rpm
a24707e275c345129babbd9c734dc848 php-devel-4.3.2-33.ent.ppc.rpm
113ff33af6db3fc10ceaf94f598ef858 php-imap-4.3.2-33.ent.ppc.rpm
f69c5b8debe3ee9bbd49bc6763f562b9 php-ldap-4.3.2-33.ent.ppc.rpm
d7839788a852cc6a0237aed3b94f64af php-mysql-4.3.2-33.ent.ppc.rpm
a62fbd02a3642f3bbbc4df9f970bd6af php-odbc-4.3.2-33.ent.ppc.rpm
a8efdd969dc9b1b5ddc2b4fbe6b205a0 php-pgsql-4.3.2-33.ent.ppc.rpm
s390:
e3e994c07c6e53b1fee13de2ea1d26df php-4.3.2-33.ent.s390.rpm
bfca477b7cf692bad01b461bb11db22c php-debuginfo-4.3.2-33.ent.s390.rpm
2a7a2ed6888e1583bc98cf5de0639a8b php-devel-4.3.2-33.ent.s390.rpm
a4a4742f2dce74e19d579ccfcb587823 php-imap-4.3.2-33.ent.s390.rpm
0377b6da4e91b804d61567375bfd39fa php-ldap-4.3.2-33.ent.s390.rpm
670c1246c25be44ae0885241624fc084 php-mysql-4.3.2-33.ent.s390.rpm
c0c615cb9e9b402cb209bd363d80c8b2 php-odbc-4.3.2-33.ent.s390.rpm
05064d39c5a5e7489511d7a1bc64332d php-pgsql-4.3.2-33.ent.s390.rpm
s390x:
eee835eb080c99fd6ad6a62eefaeec6a php-4.3.2-33.ent.s390x.rpm
95876dbc895c0c30405a9fa3a58d84c2 php-debuginfo-4.3.2-33.ent.s390x.rpm
88f9c171b9b3ed332222b7d2ee1e7cd6 php-devel-4.3.2-33.ent.s390x.rpm
37983d3e6a850a106dc5e9afd2acbfb9 php-imap-4.3.2-33.ent.s390x.rpm
c33c35b1df87c9f716ce1ba1aff110ee php-ldap-4.3.2-33.ent.s390x.rpm
e9775947d81ae5d20258b1a16f43533a php-mysql-4.3.2-33.ent.s390x.rpm
53c963377e4bb04ac44e98d48f88be3c php-odbc-4.3.2-33.ent.s390x.rpm
3cdd9b2a3628d9fbe6419f09afb963f2 php-pgsql-4.3.2-33.ent.s390x.rpm
x86_64:
aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm
8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm
a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm
fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm
fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm
b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm
5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm
c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-33.ent.src.rpm
c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm
i386:
d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm
193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm
d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm
10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm
8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm
51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm
c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm
87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm
x86_64:
aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm
8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm
a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm
fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm
fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm
b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm
5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm
c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-33.ent.src.rpm
c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm
i386:
d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm
193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm
d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm
10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm
8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm
51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm
c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm
87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm
ia64:
ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm
e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm
bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm
8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm
27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm
2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm
9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm
59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm
x86_64:
aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm
8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm
a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm
fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm
fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm
b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm
5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm
c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-33.ent.src.rpm
c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm
i386:
d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm
193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm
d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm
10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm
8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm
51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm
c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm
87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm
ia64:
ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm
e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm
bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm
8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm
27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm
2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm
9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm
59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm
x86_64:
aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm
8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm
a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm
fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm
fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm
b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm
5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm
c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.15.src.rpm
8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm
i386:
b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm
99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm
f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm
9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm
21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm
547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm
c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm
90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm
700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm
49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm
d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm
d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm
3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm
96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm
96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm
ia64:
bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm
e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm
9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm
d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm
c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm
a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm
a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm
a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm
97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm
7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm
f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm
888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm
81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm
248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm
f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm
ppc:
4ae4ed5ad7f26a87a8b6ac4b272a12d5 php-4.3.9-3.15.ppc.rpm
4fab4951889558a732f9cabc87dcc8a5 php-debuginfo-4.3.9-3.15.ppc.rpm
93e504a0669cd5a46135d2026d725dea php-devel-4.3.9-3.15.ppc.rpm
39ce65d06617224939f451bedd716091 php-domxml-4.3.9-3.15.ppc.rpm
d4b49b4ee7241db76f956360d3a703ec php-gd-4.3.9-3.15.ppc.rpm
53d98aacc4651d08091b0e642cbbbb18 php-imap-4.3.9-3.15.ppc.rpm
19aa451035988c922b68fe7fd711ae47 php-ldap-4.3.9-3.15.ppc.rpm
b9b0084f4d2a658afef7f677923b4cc2 php-mbstring-4.3.9-3.15.ppc.rpm
3b93c624d1f2e1cf36dad34a83a339f1 php-mysql-4.3.9-3.15.ppc.rpm
64117e7600fb800b0ee722b72a09aa96 php-ncurses-4.3.9-3.15.ppc.rpm
a7ac1643c369601544657a70701c4464 php-odbc-4.3.9-3.15.ppc.rpm
f002ab3a25a6f8c2a4d5e7eb8723db7e php-pear-4.3.9-3.15.ppc.rpm
060120ab15e3655fa88c764227305783 php-pgsql-4.3.9-3.15.ppc.rpm
20203aa8a389cbe47ef8ec6ce5b4ffc3 php-snmp-4.3.9-3.15.ppc.rpm
7b7fdb0864f9af8ff98f6ba8e5a25e07 php-xmlrpc-4.3.9-3.15.ppc.rpm
s390:
b36b0621ec0d19fabe534c17553d11e3 php-4.3.9-3.15.s390.rpm
3db657e3c9f8382aa78a38fa2d0abc75 php-debuginfo-4.3.9-3.15.s390.rpm
afcb3bc23dfcbe95b1aa6efb3cc96e95 php-devel-4.3.9-3.15.s390.rpm
a311fd4be49635be96c07431d27019b7 php-domxml-4.3.9-3.15.s390.rpm
e1740411b92e05e938e236769923d1a1 php-gd-4.3.9-3.15.s390.rpm
3b82e31d824b26c76e5e821c31433c7e php-imap-4.3.9-3.15.s390.rpm
ca04837a8f505ab3e4dfa07f3e7f767b php-ldap-4.3.9-3.15.s390.rpm
9b466230f5c2eddc2c10de1eaab3003f php-mbstring-4.3.9-3.15.s390.rpm
699264efb4723e16218f52f198e9efb9 php-mysql-4.3.9-3.15.s390.rpm
e49fdce3a6a0863328f8053460467ab1 php-ncurses-4.3.9-3.15.s390.rpm
aa4c1b421abb39258b1a47d2a3dc0d0c php-odbc-4.3.9-3.15.s390.rpm
a8a31b08ebad23ebd8b4c113eda2eb92 php-pear-4.3.9-3.15.s390.rpm
a7ca82081f6ccbd848f9df066e4f5542 php-pgsql-4.3.9-3.15.s390.rpm
ebe13bdf4f12fc2c35ba6c633aa896de php-snmp-4.3.9-3.15.s390.rpm
9b05f0df8613ccfc7009d94351752716 php-xmlrpc-4.3.9-3.15.s390.rpm
s390x:
a4278f9669cccc30ea99bddeffe818e1 php-4.3.9-3.15.s390x.rpm
354064c6ed2deddef764a888b9c0e753 php-debuginfo-4.3.9-3.15.s390x.rpm
572a0f4a2f14b77005f1e21f4581a612 php-devel-4.3.9-3.15.s390x.rpm
8eaeb14f3f78a4c6d4606effe0e48494 php-domxml-4.3.9-3.15.s390x.rpm
a9f4b609176f9e3203c35b1191f3345c php-gd-4.3.9-3.15.s390x.rpm
c870a007811d74d34c6e1bb3fa675f76 php-imap-4.3.9-3.15.s390x.rpm
8c1fecc0f8c9a0c31e4fe2dcdeeca14c php-ldap-4.3.9-3.15.s390x.rpm
6b8a83936454cf0b9279bb045e5c6fe2 php-mbstring-4.3.9-3.15.s390x.rpm
21a09d060995c5ceb76e006e0544d530 php-mysql-4.3.9-3.15.s390x.rpm
65caaa12a59d196c83b5900903deac9f php-ncurses-4.3.9-3.15.s390x.rpm
726f026c51a187a4ceb4c61572a959d4 php-odbc-4.3.9-3.15.s390x.rpm
e29b5fc168e080c4e63588f691750e88 php-pear-4.3.9-3.15.s390x.rpm
328a3493eb37105ef0b88ddc66959734 php-pgsql-4.3.9-3.15.s390x.rpm
d58730f86fb8063ca7259a3c8bc2cf1b php-snmp-4.3.9-3.15.s390x.rpm
fc7dd30602047765aa171ead439a2146 php-xmlrpc-4.3.9-3.15.s390x.rpm
x86_64:
eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm
d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm
cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm
d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm
90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm
2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm
3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm
a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm
6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm
b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm
9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm
bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm
9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm
2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm
ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.15.src.rpm
8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm
i386:
b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm
99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm
f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm
9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm
21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm
547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm
c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm
90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm
700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm
49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm
d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm
d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm
3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm
96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm
96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm
x86_64:
eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm
d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm
cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm
d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm
90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm
2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm
3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm
a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm
6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm
b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm
9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm
bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm
9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm
2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm
ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.15.src.rpm
8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm
i386:
b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm
99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm
f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm
9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm
21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm
547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm
c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm
90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm
700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm
49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm
d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm
d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm
3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm
96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm
96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm
ia64:
bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm
e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm
9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm
d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm
c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm
a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm
a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm
a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm
97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm
7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm
f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm
888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm
81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm
248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm
f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm
x86_64:
eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm
d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm
cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm
d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm
90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm
2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm
3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm
a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm
6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm
b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm
9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm
bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm
9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm
2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm
ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.15.src.rpm
8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm
i386:
b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm
99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm
f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm
9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm
21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm
547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm
c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm
90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm
700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm
49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm
d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm
d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm
3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm
96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm
96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm
ia64:
bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm
e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm
9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm
d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm
c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm
a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm
a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm
a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm
97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm
7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm
f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm
888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm
81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm
248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm
f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm
x86_64:
eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm
d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm
cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm
d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm
90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm
2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm
3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm
a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm
6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm
b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm
9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm
bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm
9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm
2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm
ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://www.php.net/register_globals
http://www.redhat.com/security/updates/classification/#moderate
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFEtT+5XlSAg2UNWIIRAnfZAJ0YJI/Afd/fRLFnoCDAJF30C9FqEQCfQgyx
mkcnUakFeD2RzRxIaQCGxLg=
=K1Wh
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRMa8JCh9+71yA2DNAQJpWAP+KKtxxY+o9MZe+Yj2wvAfCsJtC44gpaCL
3Wuyu4JQ9dd+gIWYyFIk3RbA0cm/z/D9KMtCc8TnQDJzpT7kSS7KfvHLTvu4Lem2
4+DPmM4JE+38uSZPNkU2fdzoe2d2nItP8RBKFoD9V7Qzw1EnnCB0ZBvwJ7cGyB7r
S4nsu50hdNI=
=s071
-----END PGP SIGNATURE-----