Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0466 -- [Win][UNIX/Linux][RedHat] Moderate: php security update 26 July 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: php Publisher: Red Hat Operating System: Red Hat Enterprise Linux Desktop 4 Red Hat Enterprise Linux AS/ES/WS 4 Red Hat Desktop 3 Red Hat Enterprise Linux AS/ES/WS 3 UNIX variants (UNIX, Linux, OSX) Windows Impact: Execute Arbitrary Code/Commands Create Arbitrary Files Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2006-3017 CVE-2006-1990 CVE-2006-1494 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2006-0568.html https://rhn.redhat.com/errata/RHSA-2006-0567.html Revision History: July 26 2006: This update is now available for the Red Hat Linux 2 family of operating systems (see RHSA-2006-0567). July 13 2006: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2006:0568-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0568.html Issue date: 2006-07-12 Updated on: 2006-07-12 Product: Red Hat Enterprise Linux CVE Names: CVE-2006-1494 CVE-2006-1990 CVE-2006-3017 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A directory traversal vulnerability was found in PHP. Local users could bypass open_basedir restrictions allowing remote attackers to create files in arbitrary directories via the tempnam() function. (CVE-2006-1494) The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow. (CVE-2006-1990) A flaw was found in the zend_hash_del() PHP function. For PHP scripts that rely on the use of the unset() function, a remote attacker could force variable initialization to be bypassed. This would be a security issue particularly for installations that enable the "register_globals" setting. "register_globals" is disabled by default in Red Hat Enterprise Linux. (CVE-2006-3017) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 189591 - CVE-2006-1494 PHP tempname open_basedir issue 190033 - CVE-2006-1990 wordwrap integer overflow 196256 - CVE-2006-3017 zend_hash_del bug 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-33.ent.src.rpm c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm i386: d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm 193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm 10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm 8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm 51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm 87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm ia64: ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm 8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm 27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm 2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm 9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm 59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm ppc: 35582367f1958335fe2d13585460e6e1 php-4.3.2-33.ent.ppc.rpm ca1a7b0361440c2157e29331fe6f7f20 php-debuginfo-4.3.2-33.ent.ppc.rpm a24707e275c345129babbd9c734dc848 php-devel-4.3.2-33.ent.ppc.rpm 113ff33af6db3fc10ceaf94f598ef858 php-imap-4.3.2-33.ent.ppc.rpm f69c5b8debe3ee9bbd49bc6763f562b9 php-ldap-4.3.2-33.ent.ppc.rpm d7839788a852cc6a0237aed3b94f64af php-mysql-4.3.2-33.ent.ppc.rpm a62fbd02a3642f3bbbc4df9f970bd6af php-odbc-4.3.2-33.ent.ppc.rpm a8efdd969dc9b1b5ddc2b4fbe6b205a0 php-pgsql-4.3.2-33.ent.ppc.rpm s390: e3e994c07c6e53b1fee13de2ea1d26df php-4.3.2-33.ent.s390.rpm bfca477b7cf692bad01b461bb11db22c php-debuginfo-4.3.2-33.ent.s390.rpm 2a7a2ed6888e1583bc98cf5de0639a8b php-devel-4.3.2-33.ent.s390.rpm a4a4742f2dce74e19d579ccfcb587823 php-imap-4.3.2-33.ent.s390.rpm 0377b6da4e91b804d61567375bfd39fa php-ldap-4.3.2-33.ent.s390.rpm 670c1246c25be44ae0885241624fc084 php-mysql-4.3.2-33.ent.s390.rpm c0c615cb9e9b402cb209bd363d80c8b2 php-odbc-4.3.2-33.ent.s390.rpm 05064d39c5a5e7489511d7a1bc64332d php-pgsql-4.3.2-33.ent.s390.rpm s390x: eee835eb080c99fd6ad6a62eefaeec6a php-4.3.2-33.ent.s390x.rpm 95876dbc895c0c30405a9fa3a58d84c2 php-debuginfo-4.3.2-33.ent.s390x.rpm 88f9c171b9b3ed332222b7d2ee1e7cd6 php-devel-4.3.2-33.ent.s390x.rpm 37983d3e6a850a106dc5e9afd2acbfb9 php-imap-4.3.2-33.ent.s390x.rpm c33c35b1df87c9f716ce1ba1aff110ee php-ldap-4.3.2-33.ent.s390x.rpm e9775947d81ae5d20258b1a16f43533a php-mysql-4.3.2-33.ent.s390x.rpm 53c963377e4bb04ac44e98d48f88be3c php-odbc-4.3.2-33.ent.s390x.rpm 3cdd9b2a3628d9fbe6419f09afb963f2 php-pgsql-4.3.2-33.ent.s390x.rpm x86_64: aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm 8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm 5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-33.ent.src.rpm c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm i386: d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm 193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm 10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm 8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm 51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm 87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm x86_64: aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm 8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm 5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-33.ent.src.rpm c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm i386: d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm 193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm 10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm 8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm 51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm 87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm ia64: ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm 8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm 27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm 2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm 9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm 59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm x86_64: aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm 8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm 5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-33.ent.src.rpm c018cc410c9655f537bbc617ec67ba11 php-4.3.2-33.ent.src.rpm i386: d5c4ee398126667a3d38ca3b3ac9d949 php-4.3.2-33.ent.i386.rpm 193ab3af5edc67f1c99fb955b00102da php-debuginfo-4.3.2-33.ent.i386.rpm d33d058957d18a82d02634e71be9c1ae php-devel-4.3.2-33.ent.i386.rpm 10e154d24fbd4a57731902ce2f038a74 php-imap-4.3.2-33.ent.i386.rpm 8701231a24864316cedeaef756926771 php-ldap-4.3.2-33.ent.i386.rpm 51de6e91de61dbb536089a3f3bc15471 php-mysql-4.3.2-33.ent.i386.rpm c30922c2ff54ae24f6c5efa318ad3f62 php-odbc-4.3.2-33.ent.i386.rpm 87e7856bf30f33d540a2a2e3fc58dd9e php-pgsql-4.3.2-33.ent.i386.rpm ia64: ea9878b8678de65636f76ad6d937603d php-4.3.2-33.ent.ia64.rpm e3cceb5006b0a629eb1026cc79a9d2cc php-debuginfo-4.3.2-33.ent.ia64.rpm bad9909488a7c61e2a5dbf9a6b84e639 php-devel-4.3.2-33.ent.ia64.rpm 8180a9da60367868236a6f0db5d96402 php-imap-4.3.2-33.ent.ia64.rpm 27b9b7b4e0171ca0e9f438819d38f7fd php-ldap-4.3.2-33.ent.ia64.rpm 2635ed5ac5ec737ac18fde4a99ca6807 php-mysql-4.3.2-33.ent.ia64.rpm 9f79cd8ac13ccddcecd140b5fa3d92b2 php-odbc-4.3.2-33.ent.ia64.rpm 59fd4963632105e568292d9fb6a35820 php-pgsql-4.3.2-33.ent.ia64.rpm x86_64: aba5c8d6b64ce23a3c596d623bbf70ce php-4.3.2-33.ent.x86_64.rpm 8bac277f71bf873c0bcb3684b24a2dd5 php-debuginfo-4.3.2-33.ent.x86_64.rpm a127c84f015c9754238aa6e403890152 php-devel-4.3.2-33.ent.x86_64.rpm fb9c4d54c9ee78f63dcb9378e0b0e761 php-imap-4.3.2-33.ent.x86_64.rpm fbaecf21159a78c9a747c326d38b1c35 php-ldap-4.3.2-33.ent.x86_64.rpm b1492c3d00e6db5a9b727f3643d49608 php-mysql-4.3.2-33.ent.x86_64.rpm 5bf58b38b0d5a66aba0e176a7ffb6ab0 php-odbc-4.3.2-33.ent.x86_64.rpm c83f9932e1d75c913a405e7f062683bc php-pgsql-4.3.2-33.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.15.src.rpm 8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm i386: b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm 99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm 9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm 21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm 547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm 90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm 700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm 49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm 3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm 96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm 96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm ia64: bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm 9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm 97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm 7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm 888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm 81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm 248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm ppc: 4ae4ed5ad7f26a87a8b6ac4b272a12d5 php-4.3.9-3.15.ppc.rpm 4fab4951889558a732f9cabc87dcc8a5 php-debuginfo-4.3.9-3.15.ppc.rpm 93e504a0669cd5a46135d2026d725dea php-devel-4.3.9-3.15.ppc.rpm 39ce65d06617224939f451bedd716091 php-domxml-4.3.9-3.15.ppc.rpm d4b49b4ee7241db76f956360d3a703ec php-gd-4.3.9-3.15.ppc.rpm 53d98aacc4651d08091b0e642cbbbb18 php-imap-4.3.9-3.15.ppc.rpm 19aa451035988c922b68fe7fd711ae47 php-ldap-4.3.9-3.15.ppc.rpm b9b0084f4d2a658afef7f677923b4cc2 php-mbstring-4.3.9-3.15.ppc.rpm 3b93c624d1f2e1cf36dad34a83a339f1 php-mysql-4.3.9-3.15.ppc.rpm 64117e7600fb800b0ee722b72a09aa96 php-ncurses-4.3.9-3.15.ppc.rpm a7ac1643c369601544657a70701c4464 php-odbc-4.3.9-3.15.ppc.rpm f002ab3a25a6f8c2a4d5e7eb8723db7e php-pear-4.3.9-3.15.ppc.rpm 060120ab15e3655fa88c764227305783 php-pgsql-4.3.9-3.15.ppc.rpm 20203aa8a389cbe47ef8ec6ce5b4ffc3 php-snmp-4.3.9-3.15.ppc.rpm 7b7fdb0864f9af8ff98f6ba8e5a25e07 php-xmlrpc-4.3.9-3.15.ppc.rpm s390: b36b0621ec0d19fabe534c17553d11e3 php-4.3.9-3.15.s390.rpm 3db657e3c9f8382aa78a38fa2d0abc75 php-debuginfo-4.3.9-3.15.s390.rpm afcb3bc23dfcbe95b1aa6efb3cc96e95 php-devel-4.3.9-3.15.s390.rpm a311fd4be49635be96c07431d27019b7 php-domxml-4.3.9-3.15.s390.rpm e1740411b92e05e938e236769923d1a1 php-gd-4.3.9-3.15.s390.rpm 3b82e31d824b26c76e5e821c31433c7e php-imap-4.3.9-3.15.s390.rpm ca04837a8f505ab3e4dfa07f3e7f767b php-ldap-4.3.9-3.15.s390.rpm 9b466230f5c2eddc2c10de1eaab3003f php-mbstring-4.3.9-3.15.s390.rpm 699264efb4723e16218f52f198e9efb9 php-mysql-4.3.9-3.15.s390.rpm e49fdce3a6a0863328f8053460467ab1 php-ncurses-4.3.9-3.15.s390.rpm aa4c1b421abb39258b1a47d2a3dc0d0c php-odbc-4.3.9-3.15.s390.rpm a8a31b08ebad23ebd8b4c113eda2eb92 php-pear-4.3.9-3.15.s390.rpm a7ca82081f6ccbd848f9df066e4f5542 php-pgsql-4.3.9-3.15.s390.rpm ebe13bdf4f12fc2c35ba6c633aa896de php-snmp-4.3.9-3.15.s390.rpm 9b05f0df8613ccfc7009d94351752716 php-xmlrpc-4.3.9-3.15.s390.rpm s390x: a4278f9669cccc30ea99bddeffe818e1 php-4.3.9-3.15.s390x.rpm 354064c6ed2deddef764a888b9c0e753 php-debuginfo-4.3.9-3.15.s390x.rpm 572a0f4a2f14b77005f1e21f4581a612 php-devel-4.3.9-3.15.s390x.rpm 8eaeb14f3f78a4c6d4606effe0e48494 php-domxml-4.3.9-3.15.s390x.rpm a9f4b609176f9e3203c35b1191f3345c php-gd-4.3.9-3.15.s390x.rpm c870a007811d74d34c6e1bb3fa675f76 php-imap-4.3.9-3.15.s390x.rpm 8c1fecc0f8c9a0c31e4fe2dcdeeca14c php-ldap-4.3.9-3.15.s390x.rpm 6b8a83936454cf0b9279bb045e5c6fe2 php-mbstring-4.3.9-3.15.s390x.rpm 21a09d060995c5ceb76e006e0544d530 php-mysql-4.3.9-3.15.s390x.rpm 65caaa12a59d196c83b5900903deac9f php-ncurses-4.3.9-3.15.s390x.rpm 726f026c51a187a4ceb4c61572a959d4 php-odbc-4.3.9-3.15.s390x.rpm e29b5fc168e080c4e63588f691750e88 php-pear-4.3.9-3.15.s390x.rpm 328a3493eb37105ef0b88ddc66959734 php-pgsql-4.3.9-3.15.s390x.rpm d58730f86fb8063ca7259a3c8bc2cf1b php-snmp-4.3.9-3.15.s390x.rpm fc7dd30602047765aa171ead439a2146 php-xmlrpc-4.3.9-3.15.s390x.rpm x86_64: eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm 90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm 2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm 3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm 6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm 9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm 9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm 2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.15.src.rpm 8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm i386: b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm 99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm 9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm 21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm 547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm 90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm 700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm 49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm 3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm 96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm 96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm x86_64: eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm 90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm 2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm 3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm 6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm 9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm 9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm 2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.15.src.rpm 8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm i386: b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm 99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm 9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm 21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm 547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm 90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm 700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm 49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm 3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm 96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm 96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm ia64: bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm 9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm 97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm 7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm 888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm 81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm 248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm x86_64: eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm 90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm 2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm 3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm 6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm 9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm 9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm 2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.15.src.rpm 8e7fcb8213f940460bed98ea4845b008 php-4.3.9-3.15.src.rpm i386: b3feb153604a4759ea9a7c90dadeade8 php-4.3.9-3.15.i386.rpm 99645c0bb650a1202ef5a6ac4c3dafdf php-debuginfo-4.3.9-3.15.i386.rpm f0cc982f65019dd52aa8e636c08cbf55 php-devel-4.3.9-3.15.i386.rpm 9b29e28848067eed3229d7cc3e586427 php-domxml-4.3.9-3.15.i386.rpm 21203f5cde359468796ef6d58ee90278 php-gd-4.3.9-3.15.i386.rpm 547b30e0bfae2d50914b09e472c2a727 php-imap-4.3.9-3.15.i386.rpm c5a6be773ce7bfd9235b8fdab4b0b39f php-ldap-4.3.9-3.15.i386.rpm 90fba6d1c1a33a2f748411c5edf375ba php-mbstring-4.3.9-3.15.i386.rpm 700ef656f11b712891ca92b2dda910f7 php-mysql-4.3.9-3.15.i386.rpm 49da8fce4fe283f0015b9690d01a6f2d php-ncurses-4.3.9-3.15.i386.rpm d76fb272aa599f28e65bc2848bdadce4 php-odbc-4.3.9-3.15.i386.rpm d12a1760a3a561aabd7778033faaafa7 php-pear-4.3.9-3.15.i386.rpm 3b332648ef656f75e1ac8d91f96967ef php-pgsql-4.3.9-3.15.i386.rpm 96f03c0c5ad3a6106944a39061f6c13f php-snmp-4.3.9-3.15.i386.rpm 96845abc69545864059b172a1a7ff82d php-xmlrpc-4.3.9-3.15.i386.rpm ia64: bb521451c677d32b3824349beb72091a php-4.3.9-3.15.ia64.rpm e2cb7a211227c7d863a833de65efbe7a php-debuginfo-4.3.9-3.15.ia64.rpm 9a854ab664a15e832a9ce7709f96eca4 php-devel-4.3.9-3.15.ia64.rpm d93b129c85b7c2e8e78f0e57d32abcbc php-domxml-4.3.9-3.15.ia64.rpm c8f585dd6f927afe8e2f723fd97643cf php-gd-4.3.9-3.15.ia64.rpm a77f66b188d9f62ffd6e03a041aadd2a php-imap-4.3.9-3.15.ia64.rpm a306d26654b2ad08bd0a11c36fca23a1 php-ldap-4.3.9-3.15.ia64.rpm a42e38ee78744222fdc1a1bb52b61de3 php-mbstring-4.3.9-3.15.ia64.rpm 97076014c9000997a555577b2d1f13ef php-mysql-4.3.9-3.15.ia64.rpm 7fdd2fe3ce37b896f3542d8e3bb62dc9 php-ncurses-4.3.9-3.15.ia64.rpm f5fb5c9e489b3205a77eb43e9d794f59 php-odbc-4.3.9-3.15.ia64.rpm 888b095ced3b5058a5a2ef3f28fdc0bf php-pear-4.3.9-3.15.ia64.rpm 81de692b7a65b49905acbbc15923a969 php-pgsql-4.3.9-3.15.ia64.rpm 248e58b4de5ce83a3a03c177ab7782a9 php-snmp-4.3.9-3.15.ia64.rpm f9fb2eac36fccecea0d95e45680dce7a php-xmlrpc-4.3.9-3.15.ia64.rpm x86_64: eef5025da3ae88d290fc4ea7912f188d php-4.3.9-3.15.x86_64.rpm d70d29f4a8f4de2737446fe166740735 php-debuginfo-4.3.9-3.15.x86_64.rpm cbec1631a86b07709cca28258b4d3103 php-devel-4.3.9-3.15.x86_64.rpm d0bc99f8cf1a936bdd2ebb0f3ca2bf9f php-domxml-4.3.9-3.15.x86_64.rpm 90a8ffe9300be426e39d61716199da8b php-gd-4.3.9-3.15.x86_64.rpm 2ccfc1f616ae13c45217e1a7afe41028 php-imap-4.3.9-3.15.x86_64.rpm 3b4264695e7278eee9fb8411c4e90e96 php-ldap-4.3.9-3.15.x86_64.rpm a729d490b1b75691c10fe26996817096 php-mbstring-4.3.9-3.15.x86_64.rpm 6e43b892dcfa284d83a3f1b00feabaf9 php-mysql-4.3.9-3.15.x86_64.rpm b949131046558d1a6b82c0fab860f0d9 php-ncurses-4.3.9-3.15.x86_64.rpm 9235dce05195d560a3c478796f6783ab php-odbc-4.3.9-3.15.x86_64.rpm bf18f80b06d7cbae0d962ab07f248ba6 php-pear-4.3.9-3.15.x86_64.rpm 9fd490cc180ef31c190e8385d0e0ce89 php-pgsql-4.3.9-3.15.x86_64.rpm 2f9c58c5a667f7f6fae643a2ef4a5380 php-snmp-4.3.9-3.15.x86_64.rpm ea37846f2ae7d14c3fb163f6be22802d php-xmlrpc-4.3.9-3.15.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://www.php.net/register_globals http://www.redhat.com/security/updates/classification/#moderate http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFEtT+5XlSAg2UNWIIRAnfZAJ0YJI/Afd/fRLFnoCDAJF30C9FqEQCfQgyx mkcnUakFeD2RzRxIaQCGxLg= =K1Wh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRMa8JCh9+71yA2DNAQJpWAP+KKtxxY+o9MZe+Yj2wvAfCsJtC44gpaCL 3Wuyu4JQ9dd+gIWYyFIk3RbA0cm/z/D9KMtCc8TnQDJzpT7kSS7KfvHLTvu4Lem2 4+DPmM4JE+38uSZPNkU2fdzoe2d2nItP8RBKFoD9V7Qzw1EnnCB0ZBvwJ7cGyB7r S4nsu50hdNI= =s071 -----END PGP SIGNATURE-----