Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0306 -- [RedHat]
Important: php security update
10 May 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: PHP
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux 5
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2007-2510 CVE-2007-2509 CVE-2007-1864
Ref: AA-2007.0028
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0348.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Important: php security update
Advisory ID: RHSA-2007:0348-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0348.html
Issue date: 2007-05-08
Updated on: 2007-05-08
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-1864 CVE-2007-2509 CVE-2007-2510
- - ---------------------------------------------------------------------
1. Summary:
Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A
PHP script which implements an XML-RPC server using this extension
could allow a remote attacker to execute arbitrary code as the 'apache'
user. Note that this flaw does not affect PHP applications using the
pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)
A flaw was found in the PHP 'ftp' extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)
A buffer overflow flaw was found in the PHP 'soap' extension, regarding the
handling of an HTTP redirect response when using the SOAP client provided
by this extension with an untrusted SOAP server. No mechanism to trigger
this flaw remotely is known. (CVE-2007-2510)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
239015 - CVE-2007-1864 various PHP security issues (CVE-2007-2509 CVE-2007-2510)
6. RPMs required:
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-12.el5.src.rpm
1f072047b7d34d64fe5fbe532f6777c0 php-5.1.6-12.el5.src.rpm
i386:
db4e221120959052ff76d76baa356333 php-5.1.6-12.el5.i386.rpm
623ea7a18a737dad4ecd3b59f70e4a7b php-bcmath-5.1.6-12.el5.i386.rpm
13a42879b670133c45728223a95fd402 php-cli-5.1.6-12.el5.i386.rpm
e189f866ed98fce01d040f324a80391d php-common-5.1.6-12.el5.i386.rpm
a60aa421383db832b4edd0c850df8ecf php-dba-5.1.6-12.el5.i386.rpm
1c451d5a3716708b254a66143f4557db php-debuginfo-5.1.6-12.el5.i386.rpm
6f5036e7ca118e1915226e3cd8f9518b php-devel-5.1.6-12.el5.i386.rpm
2800999d688186d3dbeee5fb3e61575b php-gd-5.1.6-12.el5.i386.rpm
a1904ac67baff1e51a3fbf5599440b52 php-imap-5.1.6-12.el5.i386.rpm
1bfe2a4ae5e40cc269a1dbc1352c4b80 php-ldap-5.1.6-12.el5.i386.rpm
b3cff46d0c907a5ed67713145e1b4152 php-mbstring-5.1.6-12.el5.i386.rpm
15efa04cf7427b2747c2020dbe759029 php-mysql-5.1.6-12.el5.i386.rpm
bbca3680c0437d9ec164b572c9f5f8ef php-ncurses-5.1.6-12.el5.i386.rpm
78a45360f99144504120ed460739aab1 php-odbc-5.1.6-12.el5.i386.rpm
83612401d798529d67d2695164559183 php-pdo-5.1.6-12.el5.i386.rpm
a062000075fc8bbf21b647c2f40d77bf php-pgsql-5.1.6-12.el5.i386.rpm
46000dee2a3c58e8b30919fbb46843c6 php-snmp-5.1.6-12.el5.i386.rpm
38d8e0bb05631def31f60fa3b7198772 php-soap-5.1.6-12.el5.i386.rpm
6f0476ea1a367d88e2e5039fdbc3a198 php-xml-5.1.6-12.el5.i386.rpm
fa48b781751b85839fd64d806abe41f4 php-xmlrpc-5.1.6-12.el5.i386.rpm
x86_64:
68d771ed24af81d04ee7e100a5a5e635 php-5.1.6-12.el5.x86_64.rpm
ea6a80e9d0d7158d94901ac4d63ed0f0 php-bcmath-5.1.6-12.el5.x86_64.rpm
3db0909942b504af6fb2ab6319dfc418 php-cli-5.1.6-12.el5.x86_64.rpm
e87c1bcd044c475afd36b4fd76eb306e php-common-5.1.6-12.el5.x86_64.rpm
b52703dcbbd302ca6a5881691c8a4791 php-dba-5.1.6-12.el5.x86_64.rpm
a54f2b329966f6ae8d973e8c5bd9b3c9 php-debuginfo-5.1.6-12.el5.x86_64.rpm
b24a0cf47bbd36af3e27f63cf8f2a44d php-devel-5.1.6-12.el5.x86_64.rpm
683ee6300a6021f31b9b378b5ebbae91 php-gd-5.1.6-12.el5.x86_64.rpm
2558b23ddb574e4d757a3ee45b4b09db php-imap-5.1.6-12.el5.x86_64.rpm
4e12feed47c6bdfa745b408c3a2f0be9 php-ldap-5.1.6-12.el5.x86_64.rpm
802ac4070f6183f3c3fa729f6ef753b0 php-mbstring-5.1.6-12.el5.x86_64.rpm
f6a3268ac2d5868b56750b125b7e4000 php-mysql-5.1.6-12.el5.x86_64.rpm
7e2467e812eb1ecb34bec48d61ce75f5 php-ncurses-5.1.6-12.el5.x86_64.rpm
8d9d4c8f30a8310b4b55f40260cd705e php-odbc-5.1.6-12.el5.x86_64.rpm
a2f79a2d00ee92c37fbcd575abc9031b php-pdo-5.1.6-12.el5.x86_64.rpm
b0cfb786017cedfdef3c9a7e4abbf61b php-pgsql-5.1.6-12.el5.x86_64.rpm
18d164a275b9b357a84c976fd24929af php-snmp-5.1.6-12.el5.x86_64.rpm
c359a4bd47f55245a28832e004ede4b3 php-soap-5.1.6-12.el5.x86_64.rpm
263c811cd28b288ba2cadd65ed5daf5e php-xml-5.1.6-12.el5.x86_64.rpm
b2b3a11ccf426e54b41d74df6eb33da8 php-xmlrpc-5.1.6-12.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-12.el5.src.rpm
1f072047b7d34d64fe5fbe532f6777c0 php-5.1.6-12.el5.src.rpm
i386:
db4e221120959052ff76d76baa356333 php-5.1.6-12.el5.i386.rpm
623ea7a18a737dad4ecd3b59f70e4a7b php-bcmath-5.1.6-12.el5.i386.rpm
13a42879b670133c45728223a95fd402 php-cli-5.1.6-12.el5.i386.rpm
e189f866ed98fce01d040f324a80391d php-common-5.1.6-12.el5.i386.rpm
a60aa421383db832b4edd0c850df8ecf php-dba-5.1.6-12.el5.i386.rpm
1c451d5a3716708b254a66143f4557db php-debuginfo-5.1.6-12.el5.i386.rpm
6f5036e7ca118e1915226e3cd8f9518b php-devel-5.1.6-12.el5.i386.rpm
2800999d688186d3dbeee5fb3e61575b php-gd-5.1.6-12.el5.i386.rpm
a1904ac67baff1e51a3fbf5599440b52 php-imap-5.1.6-12.el5.i386.rpm
1bfe2a4ae5e40cc269a1dbc1352c4b80 php-ldap-5.1.6-12.el5.i386.rpm
b3cff46d0c907a5ed67713145e1b4152 php-mbstring-5.1.6-12.el5.i386.rpm
15efa04cf7427b2747c2020dbe759029 php-mysql-5.1.6-12.el5.i386.rpm
bbca3680c0437d9ec164b572c9f5f8ef php-ncurses-5.1.6-12.el5.i386.rpm
78a45360f99144504120ed460739aab1 php-odbc-5.1.6-12.el5.i386.rpm
83612401d798529d67d2695164559183 php-pdo-5.1.6-12.el5.i386.rpm
a062000075fc8bbf21b647c2f40d77bf php-pgsql-5.1.6-12.el5.i386.rpm
46000dee2a3c58e8b30919fbb46843c6 php-snmp-5.1.6-12.el5.i386.rpm
38d8e0bb05631def31f60fa3b7198772 php-soap-5.1.6-12.el5.i386.rpm
6f0476ea1a367d88e2e5039fdbc3a198 php-xml-5.1.6-12.el5.i386.rpm
fa48b781751b85839fd64d806abe41f4 php-xmlrpc-5.1.6-12.el5.i386.rpm
ia64:
cafd614aafbb93a9c1cc2f6353830cd7 php-5.1.6-12.el5.ia64.rpm
2441c3bb036579f4f90a68ec83d26f35 php-bcmath-5.1.6-12.el5.ia64.rpm
cb7bef1fdbc92fea05df95f8d6584555 php-cli-5.1.6-12.el5.ia64.rpm
e10fe0ff4bc338ddec9b4e367291e566 php-common-5.1.6-12.el5.ia64.rpm
fa100ac6fe4b0a91991abd936565f0fc php-dba-5.1.6-12.el5.ia64.rpm
5a59f0808d88c867760042409bb34b78 php-debuginfo-5.1.6-12.el5.ia64.rpm
ae02c7d2e2d4d44718f996c250d42d71 php-devel-5.1.6-12.el5.ia64.rpm
f0f191aaf58ec5589f21df085504e239 php-gd-5.1.6-12.el5.ia64.rpm
cf26517d261c3aaa55fb214a859d103b php-imap-5.1.6-12.el5.ia64.rpm
d1509a29380c85b385fc63ee44815083 php-ldap-5.1.6-12.el5.ia64.rpm
e1f2318bd68675d7f849234e8354a2e3 php-mbstring-5.1.6-12.el5.ia64.rpm
a3ce3b1d3a49127a2162a1465a73886e php-mysql-5.1.6-12.el5.ia64.rpm
d42e7353d8088fef65b36ba973b195ae php-ncurses-5.1.6-12.el5.ia64.rpm
e05c2cd733dc4cc8369321e90d899d68 php-odbc-5.1.6-12.el5.ia64.rpm
1f1efbb4539364a08d52c0dab7795239 php-pdo-5.1.6-12.el5.ia64.rpm
3e312ac2b401c91d861894c3b33ded17 php-pgsql-5.1.6-12.el5.ia64.rpm
feaac214d523a64ebadaad9e93f1242a php-snmp-5.1.6-12.el5.ia64.rpm
30b1ea6f26dda2395b11736333f7b2ce php-soap-5.1.6-12.el5.ia64.rpm
d0999b5660b02e62b39f121ec8327500 php-xml-5.1.6-12.el5.ia64.rpm
d73065f5f63f38a16cb95616baa4f8e0 php-xmlrpc-5.1.6-12.el5.ia64.rpm
ppc:
34ae027262d0d089256344c389bbe08c php-5.1.6-12.el5.ppc.rpm
3b3d5738933e697bb776d04ff46a7f12 php-bcmath-5.1.6-12.el5.ppc.rpm
49cabf54b4400a953b739b6ed2b30f9e php-cli-5.1.6-12.el5.ppc.rpm
2122545a7ba2b26df9e520cb1180b7c7 php-common-5.1.6-12.el5.ppc.rpm
9e30dfaa845be5c78163cb75924bd2b4 php-dba-5.1.6-12.el5.ppc.rpm
96fa588b28469fd0b08b961fbedc758b php-debuginfo-5.1.6-12.el5.ppc.rpm
423f4664277d806dcaf857bb147d8e4b php-devel-5.1.6-12.el5.ppc.rpm
0f3f6615f97f175bee885bcafe8a5859 php-gd-5.1.6-12.el5.ppc.rpm
0801cf3c02afce07b604b7dfe7fd1905 php-imap-5.1.6-12.el5.ppc.rpm
2add1b41bbb8bd8be31e2d444704406b php-ldap-5.1.6-12.el5.ppc.rpm
d5b9f5d3c17bf87507594b1baa3e79f7 php-mbstring-5.1.6-12.el5.ppc.rpm
325e97ecee92904bd55945c4b1d1b639 php-mysql-5.1.6-12.el5.ppc.rpm
55143aa36a5830a28a05f97f7d981760 php-ncurses-5.1.6-12.el5.ppc.rpm
18d8ef4334b2388b09e6c83dfcc58882 php-odbc-5.1.6-12.el5.ppc.rpm
9767a87db24d9f8afcce9f1428065c60 php-pdo-5.1.6-12.el5.ppc.rpm
ee48fe969439c899283d1ec3eb60f530 php-pgsql-5.1.6-12.el5.ppc.rpm
4065ec9d77ad5b9659e1b0f848cb0215 php-snmp-5.1.6-12.el5.ppc.rpm
c309aa4721f4f7be3c15086700eca7ba php-soap-5.1.6-12.el5.ppc.rpm
ff5887a936ee9d00ddea099144662a6a php-xml-5.1.6-12.el5.ppc.rpm
47966500a9b6eecc2e27cbef9159496a php-xmlrpc-5.1.6-12.el5.ppc.rpm
s390x:
e858f359b54fa3c4849f1fc1ef07824f php-5.1.6-12.el5.s390x.rpm
f974f231c4b713c6ac2191bea2328c9b php-bcmath-5.1.6-12.el5.s390x.rpm
f369fcc7d4f6a08cb295a5e2fb521b27 php-cli-5.1.6-12.el5.s390x.rpm
0f1749de657015b792c76c60b04284fd php-common-5.1.6-12.el5.s390x.rpm
c754ed24d8d995411e98d8401b26acde php-dba-5.1.6-12.el5.s390x.rpm
a3c853fc4990507a7a8dc3e51c6bb696 php-debuginfo-5.1.6-12.el5.s390x.rpm
8f5143ea58f9985a341ff583a7f76aa0 php-devel-5.1.6-12.el5.s390x.rpm
2f100e01b637407a5dc5ca8e2a23bbba php-gd-5.1.6-12.el5.s390x.rpm
104d04a1fa14f2f7707e792c86329f9c php-imap-5.1.6-12.el5.s390x.rpm
e452fa10840ba5accb455ec03884cd50 php-ldap-5.1.6-12.el5.s390x.rpm
1fa864cbe5f5293a698d808fa19afae9 php-mbstring-5.1.6-12.el5.s390x.rpm
d8a0fd9257da5af3a764e5b1dfe6ad77 php-mysql-5.1.6-12.el5.s390x.rpm
a1a20fbb68f630030dd6299ecf416596 php-ncurses-5.1.6-12.el5.s390x.rpm
6a67e25eda0d52b30ca16613302c5ac2 php-odbc-5.1.6-12.el5.s390x.rpm
f5783c22f5a47556c865e788314b6053 php-pdo-5.1.6-12.el5.s390x.rpm
34c8f6098740ddcabb6dc52782c4377d php-pgsql-5.1.6-12.el5.s390x.rpm
2903ad9be536f69ed2e659258bad601c php-snmp-5.1.6-12.el5.s390x.rpm
f6be7d172c09f7b94dee797609c0e833 php-soap-5.1.6-12.el5.s390x.rpm
f96b56c8c02bac91c00fdb255fc1c979 php-xml-5.1.6-12.el5.s390x.rpm
c231339723fc58a722841ded28f10b65 php-xmlrpc-5.1.6-12.el5.s390x.rpm
x86_64:
68d771ed24af81d04ee7e100a5a5e635 php-5.1.6-12.el5.x86_64.rpm
ea6a80e9d0d7158d94901ac4d63ed0f0 php-bcmath-5.1.6-12.el5.x86_64.rpm
3db0909942b504af6fb2ab6319dfc418 php-cli-5.1.6-12.el5.x86_64.rpm
e87c1bcd044c475afd36b4fd76eb306e php-common-5.1.6-12.el5.x86_64.rpm
b52703dcbbd302ca6a5881691c8a4791 php-dba-5.1.6-12.el5.x86_64.rpm
a54f2b329966f6ae8d973e8c5bd9b3c9 php-debuginfo-5.1.6-12.el5.x86_64.rpm
b24a0cf47bbd36af3e27f63cf8f2a44d php-devel-5.1.6-12.el5.x86_64.rpm
683ee6300a6021f31b9b378b5ebbae91 php-gd-5.1.6-12.el5.x86_64.rpm
2558b23ddb574e4d757a3ee45b4b09db php-imap-5.1.6-12.el5.x86_64.rpm
4e12feed47c6bdfa745b408c3a2f0be9 php-ldap-5.1.6-12.el5.x86_64.rpm
802ac4070f6183f3c3fa729f6ef753b0 php-mbstring-5.1.6-12.el5.x86_64.rpm
f6a3268ac2d5868b56750b125b7e4000 php-mysql-5.1.6-12.el5.x86_64.rpm
7e2467e812eb1ecb34bec48d61ce75f5 php-ncurses-5.1.6-12.el5.x86_64.rpm
8d9d4c8f30a8310b4b55f40260cd705e php-odbc-5.1.6-12.el5.x86_64.rpm
a2f79a2d00ee92c37fbcd575abc9031b php-pdo-5.1.6-12.el5.x86_64.rpm
b0cfb786017cedfdef3c9a7e4abbf61b php-pgsql-5.1.6-12.el5.x86_64.rpm
18d164a275b9b357a84c976fd24929af php-snmp-5.1.6-12.el5.x86_64.rpm
c359a4bd47f55245a28832e004ede4b3 php-soap-5.1.6-12.el5.x86_64.rpm
263c811cd28b288ba2cadd65ed5daf5e php-xml-5.1.6-12.el5.x86_64.rpm
b2b3a11ccf426e54b41d74df6eb33da8 php-xmlrpc-5.1.6-12.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510
http://www.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFGQJtLXlSAg2UNWIIRAj0cAJ9nqM0PCWvoWE3VS05LAOvj3NyBOQCeN3Fx
qs0DGzwnoVMgYVPwfxQzCnc=
=syYl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRkKcICh9+71yA2DNAQJxCgQAihHOxP47DW/TnAU0ur5crfMSpovNNdhY
JUrNiFt5ZLUXOpSpJ34+IQ2hu3sFPb1wbmTUhDClllKbCOjsWRxnGkgMySMi7M7I
n936myDhiZr69+VMJhoWrp/3oSMHrs5+0/eSInhGNnA8XCXPg9yYykGJxACW+KeU
FMsa/eYd/oM=
=zSij
-----END PGP SIGNATURE-----