Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0247 -- [Win][UNIX/Linux][RedHat] Important: php security update 23 April 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PHP 5.2.1 and prior Publisher: Red Hat Operating System: UNIX variants (UNIX, Linux, OSX) Windows Red Hat Enterprise Linux 2, 3, 4 and 5 Red Hat Application Stack v1 Impact: Execute Arbitrary Code/Commands Inappropriate Access Denial of Service Access: Remote/Unauthenticated CVE Names: CVE-2007-1718 CVE-2007-1711 CVE-2007-1583 CVE-2007-1286 CVE-2007-1285 CVE-2007-1001 CVE-2007-0455 Ref: AA-2007.0014 ESB-2007.0167 Original Bulletins: https://rhn.redhat.com/errata/RHSA-2007-0155.html https://rhn.redhat.com/errata/RHSA-2007-0154.html https://rhn.redhat.com/errata/RHSA-2007-0162.html https://rhn.redhat.com/errata/RHSA-2007-0153.html Comment: This advisory references vulnerabilities in products which run on platforms other than Red Hat. It is recommended that administrators running PHP check for an updated version of the software for their operating system. Several of the vulnerabilities below have not yet been fixed in an official PHP release. This bulletin contains four separate Red Hat advisories, addressing the same PHP vulnerabilities in Enterprise Linux 2.1, 3, 4, 5 and Red Hat Application Stack v1. Revision History: April 23 2007: Patches available for RHEL 5 April 17 2007: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2007:0155-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0155.html Issue date: 2007-04-16 Updated on: 2007-04-16 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1285 CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718 CVE-2007-0455 CVE-2007-1001 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass arbitrary data to PHP's unserialize() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1286) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A double free flaw was found in PHP's session_decode() function. If a remote attacker was able to pass arbitrary data to PHP's session_decode() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1711) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 230556 - CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718) 235028 - CVE-2007-1001 gd php flaws (CVE-2007-0455) 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-40.ent.src.rpm 7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm i386: 5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm 726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm 5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm 96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm 46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm 3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm ia64: f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm 675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm 10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm 6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm 1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm ppc: 3e189182e17922c9daee13ff52f669ed php-4.3.2-40.ent.ppc.rpm d27bed9e8850e0d6a056fa547ebc0c24 php-debuginfo-4.3.2-40.ent.ppc.rpm c40c8bd36612d53eda6f5de9f1a9c4b4 php-devel-4.3.2-40.ent.ppc.rpm 04cf5dccd60a060528f09146fdf6fa60 php-imap-4.3.2-40.ent.ppc.rpm e06a27348e9b05710785dcc4b6e7bc4f php-ldap-4.3.2-40.ent.ppc.rpm a628721aa86e2c320ebf1a6321616bf1 php-mysql-4.3.2-40.ent.ppc.rpm 12f1179b6bff0aa9054011f33c14acd5 php-odbc-4.3.2-40.ent.ppc.rpm ede204fd5316d57e7e13dc89a3667656 php-pgsql-4.3.2-40.ent.ppc.rpm s390: 1090cad41dd8ca0b90f9edaedb394016 php-4.3.2-40.ent.s390.rpm 701de4979a162cb6116540bf96571815 php-debuginfo-4.3.2-40.ent.s390.rpm f32c4b53db882dcd82807437b98d8dd5 php-devel-4.3.2-40.ent.s390.rpm 9c0690db93d5de48d1ce41572812024d php-imap-4.3.2-40.ent.s390.rpm d26feeb70c11b92ac9ed1d198f380551 php-ldap-4.3.2-40.ent.s390.rpm 8f8013e5d0661a4c465cc37baab64927 php-mysql-4.3.2-40.ent.s390.rpm fc19db463a2ad003efe029a1d654a81a php-odbc-4.3.2-40.ent.s390.rpm f57cabeb2190115011c5158e9b4b44bd php-pgsql-4.3.2-40.ent.s390.rpm s390x: e442c097fc70c2515d8953d45fe4ce73 php-4.3.2-40.ent.s390x.rpm 24727ecb74139729b2430991c9f65504 php-debuginfo-4.3.2-40.ent.s390x.rpm f32d9233c7c497b628e3a806247b0011 php-devel-4.3.2-40.ent.s390x.rpm 31163176e3c2a956c90444fea1cf0834 php-imap-4.3.2-40.ent.s390x.rpm 226d22dcd70a2640ce4faaf458be9351 php-ldap-4.3.2-40.ent.s390x.rpm 936033fbba4be66fbbf8e0d4f88c74f9 php-mysql-4.3.2-40.ent.s390x.rpm d1c553c7eac38f093b08ed80c67c026b php-odbc-4.3.2-40.ent.s390x.rpm de691c97c6a136525510a1c65b01d7c1 php-pgsql-4.3.2-40.ent.s390x.rpm x86_64: 8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm 5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm 8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm 64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm 93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-40.ent.src.rpm 7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm i386: 5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm 726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm 5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm 96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm 46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm 3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm x86_64: 8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm 5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm 8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm 64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm 93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-40.ent.src.rpm 7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm i386: 5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm 726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm 5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm 96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm 46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm 3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm ia64: f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm 675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm 10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm 6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm 1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm x86_64: 8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm 5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm 8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm 64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm 93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-40.ent.src.rpm 7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm i386: 5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm 726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm 5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm 96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm 46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm 3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm ia64: f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm 675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm 10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm 6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm 1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm x86_64: 8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm 5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm 8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm 64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm 93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm Red Hat Enterprise Linux AS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm 7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm i386: d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm 3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm 7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm 11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm 1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm 38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm 00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm ia64: 1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm 1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm 18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm 1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm 8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm 9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm 8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm 120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm 21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm 3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm 14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm ppc: c4e83a7dcf3cc379cf35c6ef5f22a114 php-4.3.9-3.22.4.ppc.rpm 2d079520fdce27f0540682fb6e8731f1 php-debuginfo-4.3.9-3.22.4.ppc.rpm 486731bee27a528d5eddc49aa840777c php-devel-4.3.9-3.22.4.ppc.rpm d64f5b08e93ff3c6a066d7b9babd5929 php-domxml-4.3.9-3.22.4.ppc.rpm b9cf5f3ec300ea06a0991cc0e31596c9 php-gd-4.3.9-3.22.4.ppc.rpm e333e79151a8e3c8915f642b62e4552c php-imap-4.3.9-3.22.4.ppc.rpm 599311ca5a32c044f4ca5b5dc31938ff php-ldap-4.3.9-3.22.4.ppc.rpm 673f150ab1e064fb338ff76c91469b17 php-mbstring-4.3.9-3.22.4.ppc.rpm 79a11655dbf6507d671ba5b79d18e9a7 php-mysql-4.3.9-3.22.4.ppc.rpm 6ebe5e5eeb3643f5e2ca465e1588bf5d php-ncurses-4.3.9-3.22.4.ppc.rpm 36b7af9c7b3e35635df3fd915db91c4c php-odbc-4.3.9-3.22.4.ppc.rpm 549ca3cff08ec3f189ac4a401a50aeb7 php-pear-4.3.9-3.22.4.ppc.rpm d7e75f1f9ed7a18e8428a27ef1a876f9 php-pgsql-4.3.9-3.22.4.ppc.rpm aaf083facc7c5e92df3440a3b51269d7 php-snmp-4.3.9-3.22.4.ppc.rpm beb798a1a5306a6b654a5a27805b65b3 php-xmlrpc-4.3.9-3.22.4.ppc.rpm s390: 0e42e5f89bbfd1bab591cd75f6175b17 php-4.3.9-3.22.4.s390.rpm 95ff98e51138843e1f098ddf8fcd7c4b php-debuginfo-4.3.9-3.22.4.s390.rpm bb896db1aa137ccc312daea96f47d829 php-devel-4.3.9-3.22.4.s390.rpm 0a93f6543f57047455ad44a37718bd4c php-domxml-4.3.9-3.22.4.s390.rpm 60a50d204e94557dd21327b1d1d97626 php-gd-4.3.9-3.22.4.s390.rpm b0ea6138bd8cc9c960e1e419693c3f47 php-imap-4.3.9-3.22.4.s390.rpm 928d77e4b2805019d55d816d138ca279 php-ldap-4.3.9-3.22.4.s390.rpm ac9c7dcd16b89844d3b6015da47bbf29 php-mbstring-4.3.9-3.22.4.s390.rpm ff0d1435d14cbee5152e5a5d77806418 php-mysql-4.3.9-3.22.4.s390.rpm 57b745fb59f567c9cf0e5783508ecc80 php-ncurses-4.3.9-3.22.4.s390.rpm 4050e30e871a5c809d2e5ec62bb8c6c8 php-odbc-4.3.9-3.22.4.s390.rpm c9d4e0d6645da86590bd1ef69278301f php-pear-4.3.9-3.22.4.s390.rpm dc5afc96ca889d8b594262ae38623526 php-pgsql-4.3.9-3.22.4.s390.rpm 45047a67bf062503d206b08cc38b692c php-snmp-4.3.9-3.22.4.s390.rpm 2b05f446eb53f28995e38a739cb0c65b php-xmlrpc-4.3.9-3.22.4.s390.rpm s390x: 4a33d21727e8e617be56366c6d492618 php-4.3.9-3.22.4.s390x.rpm 376114b6fa415c273327800961e3e4a6 php-debuginfo-4.3.9-3.22.4.s390x.rpm 78b03350ee0bca56d8225352378ceca0 php-devel-4.3.9-3.22.4.s390x.rpm 51658ad34da8a3cf0c7e762b28563bb2 php-domxml-4.3.9-3.22.4.s390x.rpm b265ce79ffc2359b0ad8dc1173496975 php-gd-4.3.9-3.22.4.s390x.rpm d6defd52d9a2f9917729c329bae5ab49 php-imap-4.3.9-3.22.4.s390x.rpm 363ea6951d71728402c89a33ba9d859d php-ldap-4.3.9-3.22.4.s390x.rpm e49224a6d62b8c6ee8ceb4e71cb8d567 php-mbstring-4.3.9-3.22.4.s390x.rpm a41764ca4bf31cc334a2d02e65943c66 php-mysql-4.3.9-3.22.4.s390x.rpm 5808a3300e0e5014b29698978e378fef php-ncurses-4.3.9-3.22.4.s390x.rpm 046524343a95dd66c25ac3d6c804beab php-odbc-4.3.9-3.22.4.s390x.rpm 1bdba041c96a00fb9c5fe5b01c62e519 php-pear-4.3.9-3.22.4.s390x.rpm 35302f2c701f3cb5a01ba67195247fad php-pgsql-4.3.9-3.22.4.s390x.rpm 56b3c7012faf8de40ff48776df889ea8 php-snmp-4.3.9-3.22.4.s390x.rpm ce3db221e250d9cf3aeae3ba93f8011a php-xmlrpc-4.3.9-3.22.4.s390x.rpm x86_64: 6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm 0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm 17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm 1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm 66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm 724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm 61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm 9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm 8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm 96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm 4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm 7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm i386: d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm 3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm 7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm 11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm 1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm 38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm 00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm x86_64: 6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm 0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm 17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm 1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm 66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm 724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm 61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm 9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm 8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm 96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm 4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm 7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm i386: d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm 3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm 7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm 11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm 1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm 38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm 00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm ia64: 1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm 1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm 18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm 1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm 8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm 9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm 8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm 120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm 21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm 3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm 14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm x86_64: 6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm 0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm 17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm 1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm 66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm 724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm 61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm 9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm 8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm 96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm 4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm 7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm i386: d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm 3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm 7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm 11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm 1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm 38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm 00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm ia64: 1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm 1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm 18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm 1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm 8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm 9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm 8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm 120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm 21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm 3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm 14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm x86_64: 6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm 0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm 17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm 1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm 66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm 724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm 61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm 9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm 8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm 96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm 4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGI5jwXlSAg2UNWIIRApPgAKCO86kXQZ/u55xClHmjLCKYpXb+ngCdGs5e //yRmqD0d/c9kqfb7KeJ7fk= =7vsN - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2007:0154-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0154.html Issue date: 2007-04-16 Updated on: 2007-04-16 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1285 CVE-2007-1286 CVE-2007-1711 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way PHP's unserialize() function processes data. If a remote attacker is able to pass arbitrary data to PHP's unserialize() function, it may be possible for them to execute arbitrary code as the apache user. (CVE-2007-1286) A double free flaw was found in PHP's session_decode() function. If a remote attacker is able to pass arbitrary data to PHP's session_decode() function, it may be possible for them to execute arbitrary code as the apache user. (CVE-2007-1711) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235225 - CVE-2007-1285 Multiple "Month of PHP Bugs" PHP issues (CVE-2007-1286, CVE-2007-1711) 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.17.src.rpm 9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm i386: 856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm 98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm 403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm 442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm 8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm 03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm ia64: f03338d56473c9c2af996e5de897d843 php-4.1.2-2.17.ia64.rpm d3d03471a50878eb9330ca226ce47da9 php-devel-4.1.2-2.17.ia64.rpm efe489bd298c35685ba6127ebcb67575 php-imap-4.1.2-2.17.ia64.rpm a35e27188fb680cd0f192ea85065f7ae php-ldap-4.1.2-2.17.ia64.rpm 22aed8fc2144c5e23ffb65aeb792b8fa php-manual-4.1.2-2.17.ia64.rpm abc59cffe540ebdc24d968ae3bb716c7 php-mysql-4.1.2-2.17.ia64.rpm 58fefa66509e3babfecb58f2642116e8 php-odbc-4.1.2-2.17.ia64.rpm c603a39fcf3876c7e6123c6725e12b8e php-pgsql-4.1.2-2.17.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.17.src.rpm 9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm ia64: f03338d56473c9c2af996e5de897d843 php-4.1.2-2.17.ia64.rpm d3d03471a50878eb9330ca226ce47da9 php-devel-4.1.2-2.17.ia64.rpm efe489bd298c35685ba6127ebcb67575 php-imap-4.1.2-2.17.ia64.rpm a35e27188fb680cd0f192ea85065f7ae php-ldap-4.1.2-2.17.ia64.rpm 22aed8fc2144c5e23ffb65aeb792b8fa php-manual-4.1.2-2.17.ia64.rpm abc59cffe540ebdc24d968ae3bb716c7 php-mysql-4.1.2-2.17.ia64.rpm 58fefa66509e3babfecb58f2642116e8 php-odbc-4.1.2-2.17.ia64.rpm c603a39fcf3876c7e6123c6725e12b8e php-pgsql-4.1.2-2.17.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.17.src.rpm 9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm i386: 856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm 98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm 403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm 442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm 8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm 03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.17.src.rpm 9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm i386: 856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm 98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm 403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm 442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm 8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm 03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGI5jIXlSAg2UNWIIRAuYeAJ9QYedhNN6gB8ATTTl+83bo9dMxcQCguMJx 6+m8SarhmI3qDidFoa6gqR8= =3mxQ - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0162-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0162.html Issue date: 2007-04-16 Updated on: 2007-04-16 Product: Red Hat Application Stack CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1285 CVE-2007-1718 CVE-2007-1583 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235354 - CVE-2007-1285 Multiple PHP Vulnerabilities (CVE-2007-1583, CVE-2007-1718, CVE-2007-1001, CVE-2007-0455) 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm 7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm i386: 3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm 7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm 4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm 1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm 492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm 3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm 1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm 87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm 6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm 218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm 87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm 971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm 9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm 49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm 1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm x86_64: 253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm 860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm 7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm 6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm 1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm 6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm 47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm 095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm 9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm 0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm 6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm 72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm 20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm 59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm 7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm i386: 3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm 7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm 4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm 1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm 492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm 3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm 1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm 87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm 6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm 218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm 87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm 971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm 9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm 49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm 1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm x86_64: 253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm 860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm 7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm 6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm 1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm 6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm 47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm 095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm 9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm 0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm 6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm 72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm 20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm 59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGI2OOXlSAg2UNWIIRAlRPAJwJAkb9HUXNTTLvoJiKp7Fg7+21YQCgl9Vr gYseL4OvE9iM2mytx32384g= =fual - -----END PGP SIGNATURE----- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2007:0153-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0153.html Issue date: 2007-04-20 Updated on: 2007-04-20 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1718 CVE-2007-1583 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235016 - CVE-2007-1583 mbstring register_globals activation and mail() header injection (CVE-2007-1718) 235036 - CVE-2007-1001 gd flaws in wbmp, JIS font handling (CVE-2007-0455) 6. RPMs required: RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-11.el5.src.rpm 6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm i386: d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm 65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm 00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm 0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm 5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm 8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm 101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm 78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm 7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm 2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm 97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm 6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm 773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm 1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm 4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm 590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm x86_64: eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm 8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm 705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm 1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm 25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm 1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm 7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm 649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm 6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm 6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm 0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm 3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm 4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm 9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-11.el5.src.rpm 6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm i386: d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm 65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm 00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm 0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm 5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm 8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm 101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm 78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm 7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm 2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm 97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm 6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm 773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm 1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm 4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm 590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm ia64: 6fbc0e4156c6779e7447d7acfd979787 php-5.1.6-11.el5.ia64.rpm fa926ee03b6d8d8657a9bbc48c666291 php-bcmath-5.1.6-11.el5.ia64.rpm 1e2fb09743054b16862a698bacd6c8f3 php-cli-5.1.6-11.el5.ia64.rpm d992b8f6b824930d58e3651715259745 php-common-5.1.6-11.el5.ia64.rpm 42f9b945b95d04a19c37ac543d64e92a php-dba-5.1.6-11.el5.ia64.rpm cdbb679383d41ad092d7b799c3948b6c php-debuginfo-5.1.6-11.el5.ia64.rpm c9f6555c46d5a43572e29e78b7ec266a php-devel-5.1.6-11.el5.ia64.rpm 6da9aba1aa0b1554895e607b29795f41 php-gd-5.1.6-11.el5.ia64.rpm 779ae74bfd7cd0a1c6778370948d3069 php-imap-5.1.6-11.el5.ia64.rpm bee411a3917d621a21e630a0df278362 php-ldap-5.1.6-11.el5.ia64.rpm cacef16531e6560a69fe20f3becf0f8a php-mbstring-5.1.6-11.el5.ia64.rpm 96ed534d298db11d6189603d4a4a1b46 php-mysql-5.1.6-11.el5.ia64.rpm c41c1b55283a6a52f761246e96e765d9 php-ncurses-5.1.6-11.el5.ia64.rpm 76fabcb8bf8b8395ba97962e5a84e0a4 php-odbc-5.1.6-11.el5.ia64.rpm 395cd8ab832c72d27954f2fcff14f5b2 php-pdo-5.1.6-11.el5.ia64.rpm e7838476e6288e7b96b37a38e94aff7f php-pgsql-5.1.6-11.el5.ia64.rpm 7465e1b6b9e40e264c581ef9eea18b08 php-snmp-5.1.6-11.el5.ia64.rpm 07e19feffca99486f1658fac2f66f484 php-soap-5.1.6-11.el5.ia64.rpm b0d574612016dd8e2fca1d06364f75c2 php-xml-5.1.6-11.el5.ia64.rpm 70f19c815037ee3d98a85e879018b80d php-xmlrpc-5.1.6-11.el5.ia64.rpm ppc: 2e0a33efafcdf78b5882e0ab03ff065d php-5.1.6-11.el5.ppc.rpm b3bf05016ba8bb376bd2597420b15c59 php-bcmath-5.1.6-11.el5.ppc.rpm bd9a12f42c3859d251636736b5c41615 php-cli-5.1.6-11.el5.ppc.rpm 4c8d3b8d237ccb59de0232e2d9d0d4cf php-common-5.1.6-11.el5.ppc.rpm ec6609133713b50e807dcf96b8900275 php-dba-5.1.6-11.el5.ppc.rpm 24830ad29a08b881da9b30e96d4d547f php-debuginfo-5.1.6-11.el5.ppc.rpm 5035f6ae3d92b9dda48540beb765a5de php-devel-5.1.6-11.el5.ppc.rpm 571bb8cfdf27b1de242b96b08e7782db php-gd-5.1.6-11.el5.ppc.rpm 3d905e8e2e49c4dd7a0dbaa744b4df9e php-imap-5.1.6-11.el5.ppc.rpm f9f3424c9a571b6d7df4f3e9cdbe1806 php-ldap-5.1.6-11.el5.ppc.rpm 6802616d81b7699ec841e7efa134ef1c php-mbstring-5.1.6-11.el5.ppc.rpm aa2eea656e7a13d95884e83611ac666d php-mysql-5.1.6-11.el5.ppc.rpm d44546ce79b9fe8915b972c948e329a7 php-ncurses-5.1.6-11.el5.ppc.rpm 783c28604cc426785187175ccc8bcd2c php-odbc-5.1.6-11.el5.ppc.rpm a53c9d6dcf93f565c507be75b634b7c4 php-pdo-5.1.6-11.el5.ppc.rpm 5939ecafbdf9154673068092ab56b702 php-pgsql-5.1.6-11.el5.ppc.rpm 164d1301fc9cfe67c8a390a3e8b13203 php-snmp-5.1.6-11.el5.ppc.rpm b645a0e76b0fb300581a4e43b8764cfb php-soap-5.1.6-11.el5.ppc.rpm 4c004ecb53a40dd0e76e14d8715e27f6 php-xml-5.1.6-11.el5.ppc.rpm 02bb2911d00505dfd67079cb119cdfab php-xmlrpc-5.1.6-11.el5.ppc.rpm s390x: d0d56e20f7f30ccbc278848472950fd8 php-5.1.6-11.el5.s390x.rpm 447f7beeadd7fbf5c20bff791aa01993 php-bcmath-5.1.6-11.el5.s390x.rpm a1945ee0fb7292318e5d2e94771f74a3 php-cli-5.1.6-11.el5.s390x.rpm 32dee0fc91006ae761fcfde592cd94ad php-common-5.1.6-11.el5.s390x.rpm 623b96dade743a60ca60aff42d77dfb9 php-dba-5.1.6-11.el5.s390x.rpm 70a523efb5dd8ef8142baca5c1843195 php-debuginfo-5.1.6-11.el5.s390x.rpm 023a3125038045d0ad91a837619c31f4 php-devel-5.1.6-11.el5.s390x.rpm 3918ccb7b01723501741b727e7d37c98 php-gd-5.1.6-11.el5.s390x.rpm d3620373bb72c6f106f49e10d92517c4 php-imap-5.1.6-11.el5.s390x.rpm daff492934155941111ad2cfa3dda25b php-ldap-5.1.6-11.el5.s390x.rpm bd3f9060ad1e210ea418e74574b8d8ec php-mbstring-5.1.6-11.el5.s390x.rpm 5aad9fab17b78542fed284605ae7db8c php-mysql-5.1.6-11.el5.s390x.rpm d90329cda9386195f0ee10803474474a php-ncurses-5.1.6-11.el5.s390x.rpm 2777213261dc62b7b6269bf694bbc532 php-odbc-5.1.6-11.el5.s390x.rpm 579567b50e96e4250c81ada9a6a42318 php-pdo-5.1.6-11.el5.s390x.rpm 8117672429d790b5791a80d51c43ef9b php-pgsql-5.1.6-11.el5.s390x.rpm 240087bce7f67e35c63193e2589a703c php-snmp-5.1.6-11.el5.s390x.rpm 645cbd9c82fa2501bc69b681fa3a644a php-soap-5.1.6-11.el5.s390x.rpm bd3c21a09517b135c8cdf8de61eb9fe2 php-xml-5.1.6-11.el5.s390x.rpm 2419051b6081fa84181b05baaefcaafd php-xmlrpc-5.1.6-11.el5.s390x.rpm x86_64: eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm 8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm 705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm 1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm 25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm 1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm 7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm 649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm 6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm 6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm 0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm 3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm 4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm 9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGKIx/XlSAg2UNWIIRAln1AKCXgSf0DNCk3TH1y8Zc6BjxE37vIQCfZP5q uYkGk48K8XyhZcfhqWOwhpM= =ItHC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRiv1kih9+71yA2DNAQIojgP/TYy+QZG/DrEIIU3E1JQL7J5s9tqw/Dek TYuMCOuXDmEfp8o7ad2GeBS1lZ2yeYjDCg/Ad7h+9e4//T+/siz5ASBYzvR4LwRW hwuUf5Mu7DUys3Bce7TZeLosv1ITCyydKbqyZsdlYfFo0rrKAhM/47KyDISHURDc 510+T03xPMc= =69U+ -----END PGP SIGNATURE-----