Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0247 -- [Win][UNIX/Linux][RedHat]
Important: php security update
23 April 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: PHP 5.2.1 and prior
Publisher: Red Hat
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Red Hat Enterprise Linux 2, 3, 4 and 5
Red Hat Application Stack v1
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Denial of Service
Access: Remote/Unauthenticated
CVE Names: CVE-2007-1718 CVE-2007-1711 CVE-2007-1583
CVE-2007-1286 CVE-2007-1285 CVE-2007-1001
CVE-2007-0455
Ref: AA-2007.0014
ESB-2007.0167
Original Bulletins: https://rhn.redhat.com/errata/RHSA-2007-0155.html
https://rhn.redhat.com/errata/RHSA-2007-0154.html
https://rhn.redhat.com/errata/RHSA-2007-0162.html
https://rhn.redhat.com/errata/RHSA-2007-0153.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Red Hat. It is recommended that administrators
running PHP check for an updated version of the software for
their operating system.
Several of the vulnerabilities below have not yet been fixed in an
official PHP release.
This bulletin contains four separate Red Hat advisories, addressing
the same PHP vulnerabilities in Enterprise Linux 2.1, 3, 4, 5 and
Red Hat Application Stack v1.
Revision History: April 23 2007: Patches available for RHEL 5
April 17 2007: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: php security update
Advisory ID: RHSA-2007:0155-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0155.html
Issue date: 2007-04-16
Updated on: 2007-04-16
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1285 CVE-2007-1286 CVE-2007-1583
CVE-2007-1711 CVE-2007-1718 CVE-2007-0455
CVE-2007-1001
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 3 and 4.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way PHP's unserialize() function processed data. If
a remote attacker was able to pass arbitrary data to PHP's unserialize()
function, they could possibly execute arbitrary code as the apache user.
(CVE-2007-1286)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A double free flaw was found in PHP's session_decode() function. If a
remote attacker was able to pass arbitrary data to PHP's session_decode()
function, they could possibly execute arbitrary code as the apache user.
(CVE-2007-1711)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd extension. A script that
could be forced to write arbitrary string using a JIS font from an
untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
230556 - CVE-2007-1285 "Month of PHP Bugs" security issues (CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718)
235028 - CVE-2007-1001 gd php flaws (CVE-2007-0455)
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-40.ent.src.rpm
7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm
i386:
5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm
dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm
726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm
b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm
5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm
96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm
46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm
3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm
ia64:
f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm
d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm
675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm
a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm
10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm
6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm
c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm
1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm
ppc:
3e189182e17922c9daee13ff52f669ed php-4.3.2-40.ent.ppc.rpm
d27bed9e8850e0d6a056fa547ebc0c24 php-debuginfo-4.3.2-40.ent.ppc.rpm
c40c8bd36612d53eda6f5de9f1a9c4b4 php-devel-4.3.2-40.ent.ppc.rpm
04cf5dccd60a060528f09146fdf6fa60 php-imap-4.3.2-40.ent.ppc.rpm
e06a27348e9b05710785dcc4b6e7bc4f php-ldap-4.3.2-40.ent.ppc.rpm
a628721aa86e2c320ebf1a6321616bf1 php-mysql-4.3.2-40.ent.ppc.rpm
12f1179b6bff0aa9054011f33c14acd5 php-odbc-4.3.2-40.ent.ppc.rpm
ede204fd5316d57e7e13dc89a3667656 php-pgsql-4.3.2-40.ent.ppc.rpm
s390:
1090cad41dd8ca0b90f9edaedb394016 php-4.3.2-40.ent.s390.rpm
701de4979a162cb6116540bf96571815 php-debuginfo-4.3.2-40.ent.s390.rpm
f32c4b53db882dcd82807437b98d8dd5 php-devel-4.3.2-40.ent.s390.rpm
9c0690db93d5de48d1ce41572812024d php-imap-4.3.2-40.ent.s390.rpm
d26feeb70c11b92ac9ed1d198f380551 php-ldap-4.3.2-40.ent.s390.rpm
8f8013e5d0661a4c465cc37baab64927 php-mysql-4.3.2-40.ent.s390.rpm
fc19db463a2ad003efe029a1d654a81a php-odbc-4.3.2-40.ent.s390.rpm
f57cabeb2190115011c5158e9b4b44bd php-pgsql-4.3.2-40.ent.s390.rpm
s390x:
e442c097fc70c2515d8953d45fe4ce73 php-4.3.2-40.ent.s390x.rpm
24727ecb74139729b2430991c9f65504 php-debuginfo-4.3.2-40.ent.s390x.rpm
f32d9233c7c497b628e3a806247b0011 php-devel-4.3.2-40.ent.s390x.rpm
31163176e3c2a956c90444fea1cf0834 php-imap-4.3.2-40.ent.s390x.rpm
226d22dcd70a2640ce4faaf458be9351 php-ldap-4.3.2-40.ent.s390x.rpm
936033fbba4be66fbbf8e0d4f88c74f9 php-mysql-4.3.2-40.ent.s390x.rpm
d1c553c7eac38f093b08ed80c67c026b php-odbc-4.3.2-40.ent.s390x.rpm
de691c97c6a136525510a1c65b01d7c1 php-pgsql-4.3.2-40.ent.s390x.rpm
x86_64:
8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm
5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm
e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm
c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm
a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm
8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm
64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm
93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-40.ent.src.rpm
7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm
i386:
5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm
dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm
726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm
b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm
5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm
96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm
46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm
3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm
x86_64:
8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm
5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm
e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm
c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm
a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm
8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm
64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm
93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-40.ent.src.rpm
7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm
i386:
5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm
dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm
726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm
b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm
5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm
96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm
46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm
3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm
ia64:
f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm
d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm
675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm
a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm
10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm
6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm
c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm
1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm
x86_64:
8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm
5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm
e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm
c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm
a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm
8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm
64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm
93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-40.ent.src.rpm
7e86609bb9e811532c0c85f5c29aadf6 php-4.3.2-40.ent.src.rpm
i386:
5855234b933b66fd1b38d93b95418e36 php-4.3.2-40.ent.i386.rpm
dd4b6a49cbeeb001a0c0dcfcf0963607 php-debuginfo-4.3.2-40.ent.i386.rpm
726a6a36fc362508b93f23e784c76bba php-devel-4.3.2-40.ent.i386.rpm
b012de2b5ec4e0479662403585efffd6 php-imap-4.3.2-40.ent.i386.rpm
5e8c4165ebd99f0c066f0cd0d386d88f php-ldap-4.3.2-40.ent.i386.rpm
96fa828e93e5959287ce42aebd5abcd8 php-mysql-4.3.2-40.ent.i386.rpm
46078615f2a34ad087daa0853f8d034e php-odbc-4.3.2-40.ent.i386.rpm
3cead419f1826fb8a87ec873be4ac3c6 php-pgsql-4.3.2-40.ent.i386.rpm
ia64:
f94a6c8b571d82ee18a8644d87c590ae php-4.3.2-40.ent.ia64.rpm
d8c1d8be8220080cea88a43ee501f015 php-debuginfo-4.3.2-40.ent.ia64.rpm
675f141a212250fe1b261977cb06d663 php-devel-4.3.2-40.ent.ia64.rpm
a94c845cb1a0f6efb1b93a9ce861deae php-imap-4.3.2-40.ent.ia64.rpm
10a8b591e979cf4de740b8201713f9c6 php-ldap-4.3.2-40.ent.ia64.rpm
6e84db87339583f63a328e2f2874fcbc php-mysql-4.3.2-40.ent.ia64.rpm
c3b8d618680e1729929672a4fea44a8f php-odbc-4.3.2-40.ent.ia64.rpm
1e7e8bf549ac53207e500d7f2f6d3c20 php-pgsql-4.3.2-40.ent.ia64.rpm
x86_64:
8b6bf435c86d7b65640ed8ce38f0ea45 php-4.3.2-40.ent.x86_64.rpm
5ed7565047dd22f732d246470945dc2b php-debuginfo-4.3.2-40.ent.x86_64.rpm
e4ea9b7a4dfa2c24b75dbd643b1667d5 php-devel-4.3.2-40.ent.x86_64.rpm
c852bd2f4ee5cbe115054d453226f7ad php-imap-4.3.2-40.ent.x86_64.rpm
a9f31f47e63a7d4805208b616acfeea4 php-ldap-4.3.2-40.ent.x86_64.rpm
8333dc142c53aa163626df94dca7171a php-mysql-4.3.2-40.ent.x86_64.rpm
64dd8ab0c2649a66c4d664a35607b0f1 php-odbc-4.3.2-40.ent.x86_64.rpm
93ba10a377133db7023559ba04cd19d0 php-pgsql-4.3.2-40.ent.x86_64.rpm
Red Hat Enterprise Linux AS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm
7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm
i386:
d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm
c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm
3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm
fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm
daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm
dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm
7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm
d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm
11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm
1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm
aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm
c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm
38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm
00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm
a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm
ia64:
1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm
1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm
18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm
f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm
1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm
8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm
b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm
9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm
da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm
8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm
a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm
120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm
21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm
3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm
14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm
ppc:
c4e83a7dcf3cc379cf35c6ef5f22a114 php-4.3.9-3.22.4.ppc.rpm
2d079520fdce27f0540682fb6e8731f1 php-debuginfo-4.3.9-3.22.4.ppc.rpm
486731bee27a528d5eddc49aa840777c php-devel-4.3.9-3.22.4.ppc.rpm
d64f5b08e93ff3c6a066d7b9babd5929 php-domxml-4.3.9-3.22.4.ppc.rpm
b9cf5f3ec300ea06a0991cc0e31596c9 php-gd-4.3.9-3.22.4.ppc.rpm
e333e79151a8e3c8915f642b62e4552c php-imap-4.3.9-3.22.4.ppc.rpm
599311ca5a32c044f4ca5b5dc31938ff php-ldap-4.3.9-3.22.4.ppc.rpm
673f150ab1e064fb338ff76c91469b17 php-mbstring-4.3.9-3.22.4.ppc.rpm
79a11655dbf6507d671ba5b79d18e9a7 php-mysql-4.3.9-3.22.4.ppc.rpm
6ebe5e5eeb3643f5e2ca465e1588bf5d php-ncurses-4.3.9-3.22.4.ppc.rpm
36b7af9c7b3e35635df3fd915db91c4c php-odbc-4.3.9-3.22.4.ppc.rpm
549ca3cff08ec3f189ac4a401a50aeb7 php-pear-4.3.9-3.22.4.ppc.rpm
d7e75f1f9ed7a18e8428a27ef1a876f9 php-pgsql-4.3.9-3.22.4.ppc.rpm
aaf083facc7c5e92df3440a3b51269d7 php-snmp-4.3.9-3.22.4.ppc.rpm
beb798a1a5306a6b654a5a27805b65b3 php-xmlrpc-4.3.9-3.22.4.ppc.rpm
s390:
0e42e5f89bbfd1bab591cd75f6175b17 php-4.3.9-3.22.4.s390.rpm
95ff98e51138843e1f098ddf8fcd7c4b php-debuginfo-4.3.9-3.22.4.s390.rpm
bb896db1aa137ccc312daea96f47d829 php-devel-4.3.9-3.22.4.s390.rpm
0a93f6543f57047455ad44a37718bd4c php-domxml-4.3.9-3.22.4.s390.rpm
60a50d204e94557dd21327b1d1d97626 php-gd-4.3.9-3.22.4.s390.rpm
b0ea6138bd8cc9c960e1e419693c3f47 php-imap-4.3.9-3.22.4.s390.rpm
928d77e4b2805019d55d816d138ca279 php-ldap-4.3.9-3.22.4.s390.rpm
ac9c7dcd16b89844d3b6015da47bbf29 php-mbstring-4.3.9-3.22.4.s390.rpm
ff0d1435d14cbee5152e5a5d77806418 php-mysql-4.3.9-3.22.4.s390.rpm
57b745fb59f567c9cf0e5783508ecc80 php-ncurses-4.3.9-3.22.4.s390.rpm
4050e30e871a5c809d2e5ec62bb8c6c8 php-odbc-4.3.9-3.22.4.s390.rpm
c9d4e0d6645da86590bd1ef69278301f php-pear-4.3.9-3.22.4.s390.rpm
dc5afc96ca889d8b594262ae38623526 php-pgsql-4.3.9-3.22.4.s390.rpm
45047a67bf062503d206b08cc38b692c php-snmp-4.3.9-3.22.4.s390.rpm
2b05f446eb53f28995e38a739cb0c65b php-xmlrpc-4.3.9-3.22.4.s390.rpm
s390x:
4a33d21727e8e617be56366c6d492618 php-4.3.9-3.22.4.s390x.rpm
376114b6fa415c273327800961e3e4a6 php-debuginfo-4.3.9-3.22.4.s390x.rpm
78b03350ee0bca56d8225352378ceca0 php-devel-4.3.9-3.22.4.s390x.rpm
51658ad34da8a3cf0c7e762b28563bb2 php-domxml-4.3.9-3.22.4.s390x.rpm
b265ce79ffc2359b0ad8dc1173496975 php-gd-4.3.9-3.22.4.s390x.rpm
d6defd52d9a2f9917729c329bae5ab49 php-imap-4.3.9-3.22.4.s390x.rpm
363ea6951d71728402c89a33ba9d859d php-ldap-4.3.9-3.22.4.s390x.rpm
e49224a6d62b8c6ee8ceb4e71cb8d567 php-mbstring-4.3.9-3.22.4.s390x.rpm
a41764ca4bf31cc334a2d02e65943c66 php-mysql-4.3.9-3.22.4.s390x.rpm
5808a3300e0e5014b29698978e378fef php-ncurses-4.3.9-3.22.4.s390x.rpm
046524343a95dd66c25ac3d6c804beab php-odbc-4.3.9-3.22.4.s390x.rpm
1bdba041c96a00fb9c5fe5b01c62e519 php-pear-4.3.9-3.22.4.s390x.rpm
35302f2c701f3cb5a01ba67195247fad php-pgsql-4.3.9-3.22.4.s390x.rpm
56b3c7012faf8de40ff48776df889ea8 php-snmp-4.3.9-3.22.4.s390x.rpm
ce3db221e250d9cf3aeae3ba93f8011a php-xmlrpc-4.3.9-3.22.4.s390x.rpm
x86_64:
6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm
0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm
17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm
a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm
1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm
66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm
e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm
724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm
61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm
9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm
8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm
a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm
96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm
b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm
4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm
7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm
i386:
d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm
c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm
3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm
fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm
daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm
dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm
7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm
d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm
11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm
1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm
aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm
c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm
38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm
00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm
a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm
x86_64:
6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm
0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm
17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm
a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm
1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm
66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm
e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm
724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm
61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm
9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm
8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm
a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm
96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm
b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm
4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm
7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm
i386:
d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm
c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm
3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm
fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm
daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm
dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm
7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm
d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm
11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm
1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm
aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm
c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm
38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm
00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm
a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm
ia64:
1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm
1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm
18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm
f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm
1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm
8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm
b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm
9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm
da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm
8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm
a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm
120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm
21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm
3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm
14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm
x86_64:
6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm
0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm
17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm
a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm
1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm
66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm
e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm
724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm
61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm
9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm
8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm
a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm
96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm
b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm
4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.22.4.src.rpm
7330219fc5d750d1aec2d355841e417d php-4.3.9-3.22.4.src.rpm
i386:
d80d07c71b74894fc8bd5358ecc97ff2 php-4.3.9-3.22.4.i386.rpm
c6e4ba07f8d18cb5a60be16d93f6dfa4 php-debuginfo-4.3.9-3.22.4.i386.rpm
3d8e4694679eaf8873e1ec406eb997b5 php-devel-4.3.9-3.22.4.i386.rpm
fe67e313ea5de21fc8248f36b20b12bd php-domxml-4.3.9-3.22.4.i386.rpm
daf7563b49ea749530c84e0843f0c0e3 php-gd-4.3.9-3.22.4.i386.rpm
dd2dd40935805d96afeb0e009275b752 php-imap-4.3.9-3.22.4.i386.rpm
7b84f5f9775c6608656bc36469ae35e7 php-ldap-4.3.9-3.22.4.i386.rpm
d171c6b6cfcf482cc53b795376301b68 php-mbstring-4.3.9-3.22.4.i386.rpm
11cd6fffc797629f33eb5acc7804d9b3 php-mysql-4.3.9-3.22.4.i386.rpm
1b5170379bd7cce735ef7d12ff0ef0a2 php-ncurses-4.3.9-3.22.4.i386.rpm
aeeeea0fa3d2435367558ed30fe8a564 php-odbc-4.3.9-3.22.4.i386.rpm
c30e561191dd5a75efa2ee62c8c1c92b php-pear-4.3.9-3.22.4.i386.rpm
38bf004f549fceb5c67e63e90b14c38b php-pgsql-4.3.9-3.22.4.i386.rpm
00ef3f0015e7bad3a96368a53211fd2d php-snmp-4.3.9-3.22.4.i386.rpm
a507c9759c585eb98b38257524a34630 php-xmlrpc-4.3.9-3.22.4.i386.rpm
ia64:
1a342c764b41425436d60c0e742b1158 php-4.3.9-3.22.4.ia64.rpm
1e405119359a4713a157630fcd65e55a php-debuginfo-4.3.9-3.22.4.ia64.rpm
18fc4a94c9930906a61830b405746cbb php-devel-4.3.9-3.22.4.ia64.rpm
f6d5489af882e087ca5b33e3c46b7b5a php-domxml-4.3.9-3.22.4.ia64.rpm
1129ac5ac05d179a7aa6fafc61575699 php-gd-4.3.9-3.22.4.ia64.rpm
8423e399a99914b1fde2198e76c42607 php-imap-4.3.9-3.22.4.ia64.rpm
b1dc268a9a3e374dd2636f96eade5b71 php-ldap-4.3.9-3.22.4.ia64.rpm
9fe9c062a2a1e8aa6b53510c8111baf7 php-mbstring-4.3.9-3.22.4.ia64.rpm
da9d4d4b5b37a6b991001dd2d1a57833 php-mysql-4.3.9-3.22.4.ia64.rpm
8927b1f414b9df7c3285724f0e1a3ff0 php-ncurses-4.3.9-3.22.4.ia64.rpm
a8ae9a8a0668fb30e5d0daea11c671f4 php-odbc-4.3.9-3.22.4.ia64.rpm
120fcaf6f9dc847c7c83cd546d0472de php-pear-4.3.9-3.22.4.ia64.rpm
21d4ca5bf779bf3ff832e4f428ad61d7 php-pgsql-4.3.9-3.22.4.ia64.rpm
3df235bffeaed837cc410a7fcf3af963 php-snmp-4.3.9-3.22.4.ia64.rpm
14d89ef4e5fff6a46a207b9853d7988c php-xmlrpc-4.3.9-3.22.4.ia64.rpm
x86_64:
6ddc3f5dbfed8b09eb34f03c8fd584a8 php-4.3.9-3.22.4.x86_64.rpm
0af1cffb8b27f5809ecefb418e2ea13f php-debuginfo-4.3.9-3.22.4.x86_64.rpm
17337c831a0e67a71c34fffeda909b5d php-devel-4.3.9-3.22.4.x86_64.rpm
a7277789d5cdbfa67c2a279c990a40fd php-domxml-4.3.9-3.22.4.x86_64.rpm
1575f28a5751a971c1061cc886d2530c php-gd-4.3.9-3.22.4.x86_64.rpm
66e018d19a5ea7c5c88919f1c2a6f9b5 php-imap-4.3.9-3.22.4.x86_64.rpm
e7b8f8ada270244056dda1894db8c14f php-ldap-4.3.9-3.22.4.x86_64.rpm
724f1fc8186ac166328f0647be3544e4 php-mbstring-4.3.9-3.22.4.x86_64.rpm
61a40a74a6fd87337ef6fafd327f1620 php-mysql-4.3.9-3.22.4.x86_64.rpm
9554de6a9fa1d8480186e9f908c7b6f4 php-ncurses-4.3.9-3.22.4.x86_64.rpm
8f1235e1638b6394601a16895e41037d php-odbc-4.3.9-3.22.4.x86_64.rpm
a911be4741f84167ff4da53f0c553991 php-pear-4.3.9-3.22.4.x86_64.rpm
96f69680aa0d3d69a67334367d0f81ea php-pgsql-4.3.9-3.22.4.x86_64.rpm
b6e4e81d7cf6391eb6844b2625616310 php-snmp-4.3.9-3.22.4.x86_64.rpm
4e96d2993c1c0502fff02fc5f2971a50 php-xmlrpc-4.3.9-3.22.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGI5jwXlSAg2UNWIIRApPgAKCO86kXQZ/u55xClHmjLCKYpXb+ngCdGs5e
//yRmqD0d/c9kqfb7KeJ7fk=
=7vsN
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: php security update
Advisory ID: RHSA-2007:0154-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0154.html
Issue date: 2007-04-16
Updated on: 2007-04-16
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1285 CVE-2007-1286 CVE-2007-1711
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way PHP's unserialize() function processes data. If
a remote attacker is able to pass arbitrary data to PHP's unserialize()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1286)
A double free flaw was found in PHP's session_decode() function. If a
remote attacker is able to pass arbitrary data to PHP's session_decode()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1711)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
235225 - CVE-2007-1285 Multiple "Month of PHP Bugs" PHP issues (CVE-2007-1286, CVE-2007-1711)
6. RPMs required:
Red Hat Enterprise Linux AS (Advanced Server) version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.17.src.rpm
9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm
i386:
856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm
98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm
403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm
e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm
b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm
442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm
8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm
03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm
ia64:
f03338d56473c9c2af996e5de897d843 php-4.1.2-2.17.ia64.rpm
d3d03471a50878eb9330ca226ce47da9 php-devel-4.1.2-2.17.ia64.rpm
efe489bd298c35685ba6127ebcb67575 php-imap-4.1.2-2.17.ia64.rpm
a35e27188fb680cd0f192ea85065f7ae php-ldap-4.1.2-2.17.ia64.rpm
22aed8fc2144c5e23ffb65aeb792b8fa php-manual-4.1.2-2.17.ia64.rpm
abc59cffe540ebdc24d968ae3bb716c7 php-mysql-4.1.2-2.17.ia64.rpm
58fefa66509e3babfecb58f2642116e8 php-odbc-4.1.2-2.17.ia64.rpm
c603a39fcf3876c7e6123c6725e12b8e php-pgsql-4.1.2-2.17.ia64.rpm
Red Hat Linux Advanced Workstation 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.17.src.rpm
9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm
ia64:
f03338d56473c9c2af996e5de897d843 php-4.1.2-2.17.ia64.rpm
d3d03471a50878eb9330ca226ce47da9 php-devel-4.1.2-2.17.ia64.rpm
efe489bd298c35685ba6127ebcb67575 php-imap-4.1.2-2.17.ia64.rpm
a35e27188fb680cd0f192ea85065f7ae php-ldap-4.1.2-2.17.ia64.rpm
22aed8fc2144c5e23ffb65aeb792b8fa php-manual-4.1.2-2.17.ia64.rpm
abc59cffe540ebdc24d968ae3bb716c7 php-mysql-4.1.2-2.17.ia64.rpm
58fefa66509e3babfecb58f2642116e8 php-odbc-4.1.2-2.17.ia64.rpm
c603a39fcf3876c7e6123c6725e12b8e php-pgsql-4.1.2-2.17.ia64.rpm
Red Hat Enterprise Linux ES version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.17.src.rpm
9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm
i386:
856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm
98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm
403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm
e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm
b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm
442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm
8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm
03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm
Red Hat Enterprise Linux WS version 2.1:
SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.17.src.rpm
9820e0982acdf72a0f8c9af02f4e5f6a php-4.1.2-2.17.src.rpm
i386:
856a5725715e6d970d7fe5fce209780c php-4.1.2-2.17.i386.rpm
98b74cc772436080d6f1b0b08e4a5690 php-devel-4.1.2-2.17.i386.rpm
403e01c242b079c3988c25c6406c3734 php-imap-4.1.2-2.17.i386.rpm
e2cc407fd74569e37e95f27f0aa0c873 php-ldap-4.1.2-2.17.i386.rpm
b6876b825654e6dd9cd5b400da47611c php-manual-4.1.2-2.17.i386.rpm
442f5cacbbf06f9a3b6e1d359c9acd55 php-mysql-4.1.2-2.17.i386.rpm
8ba4b70e2f358f4c35775b90b955e88e php-odbc-4.1.2-2.17.i386.rpm
03b45786fdaea33bcc179b2d375f9995 php-pgsql-4.1.2-2.17.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1711
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGI5jIXlSAg2UNWIIRAuYeAJ9QYedhNN6gB8ATTTl+83bo9dMxcQCguMJx
6+m8SarhmI3qDidFoa6gqR8=
=3mxQ
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: php security update
Advisory ID: RHSA-2007:0162-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0162.html
Issue date: 2007-04-16
Updated on: 2007-04-16
Product: Red Hat Application Stack
CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1285
CVE-2007-1718 CVE-2007-1583
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack v1.1.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd extension. A script that
could be forced to write arbitrary strings using a JIS font from an
untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
235354 - CVE-2007-1285 Multiple PHP Vulnerabilities (CVE-2007-1583, CVE-2007-1718, CVE-2007-1001, CVE-2007-0455)
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm
7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm
i386:
3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm
c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm
b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm
7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm
a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm
d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm
4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm
1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm
492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm
3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm
1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm
87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm
6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm
218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm
87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm
d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm
971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm
9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm
49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm
1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm
x86_64:
253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm
860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm
7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm
6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm
1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm
6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm
bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm
47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm
c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm
095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm
9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm
efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm
0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm
6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm
cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm
72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm
20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm
a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm
e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm
59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm
7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm
i386:
3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm
c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm
b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm
7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm
a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm
d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm
4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm
1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm
492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm
3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm
1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm
87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm
6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm
218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm
87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm
d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm
971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm
9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm
49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm
1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm
x86_64:
253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm
860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm
7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm
6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm
1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm
6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm
bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm
47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm
c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm
095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm
9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm
efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm
0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm
6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm
cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm
72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm
20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm
a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm
e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm
59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGI2OOXlSAg2UNWIIRAlRPAJwJAkb9HUXNTTLvoJiKp7Fg7+21YQCgl9Vr
gYseL4OvE9iM2mytx32384g=
=fual
- -----END PGP SIGNATURE-----
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Moderate: php security update
Advisory ID: RHSA-2007:0153-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0153.html
Issue date: 2007-04-20
Updated on: 2007-04-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1718
CVE-2007-1583
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd extension. A script that
could be forced to write arbitrary string using a JIS font from an
untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
235016 - CVE-2007-1583 mbstring register_globals activation and mail() header injection (CVE-2007-1718)
235036 - CVE-2007-1001 gd flaws in wbmp, JIS font handling (CVE-2007-0455)
6. RPMs required:
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-11.el5.src.rpm
6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm
i386:
d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm
a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm
65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm
00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm
0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm
5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm
8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm
101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm
78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm
c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm
f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm
7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm
e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm
2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm
97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm
6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm
773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm
1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm
4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm
590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm
x86_64:
eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm
8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm
f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm
d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm
705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm
1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm
a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm
25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm
1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm
7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm
649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm
c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm
e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm
6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm
6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm
0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm
a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm
3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm
4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm
9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-11.el5.src.rpm
6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm
i386:
d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm
a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm
65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm
00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm
0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm
5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm
8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm
101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm
78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm
c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm
f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm
7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm
e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm
2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm
97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm
6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm
773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm
1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm
4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm
590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm
ia64:
6fbc0e4156c6779e7447d7acfd979787 php-5.1.6-11.el5.ia64.rpm
fa926ee03b6d8d8657a9bbc48c666291 php-bcmath-5.1.6-11.el5.ia64.rpm
1e2fb09743054b16862a698bacd6c8f3 php-cli-5.1.6-11.el5.ia64.rpm
d992b8f6b824930d58e3651715259745 php-common-5.1.6-11.el5.ia64.rpm
42f9b945b95d04a19c37ac543d64e92a php-dba-5.1.6-11.el5.ia64.rpm
cdbb679383d41ad092d7b799c3948b6c php-debuginfo-5.1.6-11.el5.ia64.rpm
c9f6555c46d5a43572e29e78b7ec266a php-devel-5.1.6-11.el5.ia64.rpm
6da9aba1aa0b1554895e607b29795f41 php-gd-5.1.6-11.el5.ia64.rpm
779ae74bfd7cd0a1c6778370948d3069 php-imap-5.1.6-11.el5.ia64.rpm
bee411a3917d621a21e630a0df278362 php-ldap-5.1.6-11.el5.ia64.rpm
cacef16531e6560a69fe20f3becf0f8a php-mbstring-5.1.6-11.el5.ia64.rpm
96ed534d298db11d6189603d4a4a1b46 php-mysql-5.1.6-11.el5.ia64.rpm
c41c1b55283a6a52f761246e96e765d9 php-ncurses-5.1.6-11.el5.ia64.rpm
76fabcb8bf8b8395ba97962e5a84e0a4 php-odbc-5.1.6-11.el5.ia64.rpm
395cd8ab832c72d27954f2fcff14f5b2 php-pdo-5.1.6-11.el5.ia64.rpm
e7838476e6288e7b96b37a38e94aff7f php-pgsql-5.1.6-11.el5.ia64.rpm
7465e1b6b9e40e264c581ef9eea18b08 php-snmp-5.1.6-11.el5.ia64.rpm
07e19feffca99486f1658fac2f66f484 php-soap-5.1.6-11.el5.ia64.rpm
b0d574612016dd8e2fca1d06364f75c2 php-xml-5.1.6-11.el5.ia64.rpm
70f19c815037ee3d98a85e879018b80d php-xmlrpc-5.1.6-11.el5.ia64.rpm
ppc:
2e0a33efafcdf78b5882e0ab03ff065d php-5.1.6-11.el5.ppc.rpm
b3bf05016ba8bb376bd2597420b15c59 php-bcmath-5.1.6-11.el5.ppc.rpm
bd9a12f42c3859d251636736b5c41615 php-cli-5.1.6-11.el5.ppc.rpm
4c8d3b8d237ccb59de0232e2d9d0d4cf php-common-5.1.6-11.el5.ppc.rpm
ec6609133713b50e807dcf96b8900275 php-dba-5.1.6-11.el5.ppc.rpm
24830ad29a08b881da9b30e96d4d547f php-debuginfo-5.1.6-11.el5.ppc.rpm
5035f6ae3d92b9dda48540beb765a5de php-devel-5.1.6-11.el5.ppc.rpm
571bb8cfdf27b1de242b96b08e7782db php-gd-5.1.6-11.el5.ppc.rpm
3d905e8e2e49c4dd7a0dbaa744b4df9e php-imap-5.1.6-11.el5.ppc.rpm
f9f3424c9a571b6d7df4f3e9cdbe1806 php-ldap-5.1.6-11.el5.ppc.rpm
6802616d81b7699ec841e7efa134ef1c php-mbstring-5.1.6-11.el5.ppc.rpm
aa2eea656e7a13d95884e83611ac666d php-mysql-5.1.6-11.el5.ppc.rpm
d44546ce79b9fe8915b972c948e329a7 php-ncurses-5.1.6-11.el5.ppc.rpm
783c28604cc426785187175ccc8bcd2c php-odbc-5.1.6-11.el5.ppc.rpm
a53c9d6dcf93f565c507be75b634b7c4 php-pdo-5.1.6-11.el5.ppc.rpm
5939ecafbdf9154673068092ab56b702 php-pgsql-5.1.6-11.el5.ppc.rpm
164d1301fc9cfe67c8a390a3e8b13203 php-snmp-5.1.6-11.el5.ppc.rpm
b645a0e76b0fb300581a4e43b8764cfb php-soap-5.1.6-11.el5.ppc.rpm
4c004ecb53a40dd0e76e14d8715e27f6 php-xml-5.1.6-11.el5.ppc.rpm
02bb2911d00505dfd67079cb119cdfab php-xmlrpc-5.1.6-11.el5.ppc.rpm
s390x:
d0d56e20f7f30ccbc278848472950fd8 php-5.1.6-11.el5.s390x.rpm
447f7beeadd7fbf5c20bff791aa01993 php-bcmath-5.1.6-11.el5.s390x.rpm
a1945ee0fb7292318e5d2e94771f74a3 php-cli-5.1.6-11.el5.s390x.rpm
32dee0fc91006ae761fcfde592cd94ad php-common-5.1.6-11.el5.s390x.rpm
623b96dade743a60ca60aff42d77dfb9 php-dba-5.1.6-11.el5.s390x.rpm
70a523efb5dd8ef8142baca5c1843195 php-debuginfo-5.1.6-11.el5.s390x.rpm
023a3125038045d0ad91a837619c31f4 php-devel-5.1.6-11.el5.s390x.rpm
3918ccb7b01723501741b727e7d37c98 php-gd-5.1.6-11.el5.s390x.rpm
d3620373bb72c6f106f49e10d92517c4 php-imap-5.1.6-11.el5.s390x.rpm
daff492934155941111ad2cfa3dda25b php-ldap-5.1.6-11.el5.s390x.rpm
bd3f9060ad1e210ea418e74574b8d8ec php-mbstring-5.1.6-11.el5.s390x.rpm
5aad9fab17b78542fed284605ae7db8c php-mysql-5.1.6-11.el5.s390x.rpm
d90329cda9386195f0ee10803474474a php-ncurses-5.1.6-11.el5.s390x.rpm
2777213261dc62b7b6269bf694bbc532 php-odbc-5.1.6-11.el5.s390x.rpm
579567b50e96e4250c81ada9a6a42318 php-pdo-5.1.6-11.el5.s390x.rpm
8117672429d790b5791a80d51c43ef9b php-pgsql-5.1.6-11.el5.s390x.rpm
240087bce7f67e35c63193e2589a703c php-snmp-5.1.6-11.el5.s390x.rpm
645cbd9c82fa2501bc69b681fa3a644a php-soap-5.1.6-11.el5.s390x.rpm
bd3c21a09517b135c8cdf8de61eb9fe2 php-xml-5.1.6-11.el5.s390x.rpm
2419051b6081fa84181b05baaefcaafd php-xmlrpc-5.1.6-11.el5.s390x.rpm
x86_64:
eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm
8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm
f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm
d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm
705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm
1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm
a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm
25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm
1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm
7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm
649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm
c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm
e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm
6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm
6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm
0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm
a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm
3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm
4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm
9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://www.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGKIx/XlSAg2UNWIIRAln1AKCXgSf0DNCk3TH1y8Zc6BjxE37vIQCfZP5q
uYkGk48K8XyhZcfhqWOwhpM=
=ItHC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRiv1kih9+71yA2DNAQIojgP/TYy+QZG/DrEIIU3E1JQL7J5s9tqw/Dek
TYuMCOuXDmEfp8o7ad2GeBS1lZ2yeYjDCg/Ad7h+9e4//T+/siz5ASBYzvR4LwRW
hwuUf5Mu7DUys3Bce7TZeLosv1ITCyydKbqyZsdlYfFo0rrKAhM/47KyDISHURDc
510+T03xPMc=
=69U+
-----END PGP SIGNATURE-----