Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2007.0306 -- [RedHat] Important: php security update 10 May 2007 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: PHP Publisher: Red Hat Operating System: Red Hat Enterprise Linux 5 Impact: Execute Arbitrary Code/Commands Access: Remote/Unauthenticated CVE Names: CVE-2007-2510 CVE-2007-2509 CVE-2007-1864 Ref: AA-2007.0028 Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0348.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2007:0348-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0348.html Issue date: 2007-05-08 Updated on: 2007-05-08 Product: Red Hat Enterprise Linux CVE Names: CVE-2007-1864 CVE-2007-2509 CVE-2007-2510 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864) A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server. No mechanism to trigger this flaw remotely is known. (CVE-2007-2510) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 239015 - CVE-2007-1864 various PHP security issues (CVE-2007-2509 CVE-2007-2510) 6. RPMs required: RHEL Desktop Workstation (v. 5 client): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-12.el5.src.rpm 1f072047b7d34d64fe5fbe532f6777c0 php-5.1.6-12.el5.src.rpm i386: db4e221120959052ff76d76baa356333 php-5.1.6-12.el5.i386.rpm 623ea7a18a737dad4ecd3b59f70e4a7b php-bcmath-5.1.6-12.el5.i386.rpm 13a42879b670133c45728223a95fd402 php-cli-5.1.6-12.el5.i386.rpm e189f866ed98fce01d040f324a80391d php-common-5.1.6-12.el5.i386.rpm a60aa421383db832b4edd0c850df8ecf php-dba-5.1.6-12.el5.i386.rpm 1c451d5a3716708b254a66143f4557db php-debuginfo-5.1.6-12.el5.i386.rpm 6f5036e7ca118e1915226e3cd8f9518b php-devel-5.1.6-12.el5.i386.rpm 2800999d688186d3dbeee5fb3e61575b php-gd-5.1.6-12.el5.i386.rpm a1904ac67baff1e51a3fbf5599440b52 php-imap-5.1.6-12.el5.i386.rpm 1bfe2a4ae5e40cc269a1dbc1352c4b80 php-ldap-5.1.6-12.el5.i386.rpm b3cff46d0c907a5ed67713145e1b4152 php-mbstring-5.1.6-12.el5.i386.rpm 15efa04cf7427b2747c2020dbe759029 php-mysql-5.1.6-12.el5.i386.rpm bbca3680c0437d9ec164b572c9f5f8ef php-ncurses-5.1.6-12.el5.i386.rpm 78a45360f99144504120ed460739aab1 php-odbc-5.1.6-12.el5.i386.rpm 83612401d798529d67d2695164559183 php-pdo-5.1.6-12.el5.i386.rpm a062000075fc8bbf21b647c2f40d77bf php-pgsql-5.1.6-12.el5.i386.rpm 46000dee2a3c58e8b30919fbb46843c6 php-snmp-5.1.6-12.el5.i386.rpm 38d8e0bb05631def31f60fa3b7198772 php-soap-5.1.6-12.el5.i386.rpm 6f0476ea1a367d88e2e5039fdbc3a198 php-xml-5.1.6-12.el5.i386.rpm fa48b781751b85839fd64d806abe41f4 php-xmlrpc-5.1.6-12.el5.i386.rpm x86_64: 68d771ed24af81d04ee7e100a5a5e635 php-5.1.6-12.el5.x86_64.rpm ea6a80e9d0d7158d94901ac4d63ed0f0 php-bcmath-5.1.6-12.el5.x86_64.rpm 3db0909942b504af6fb2ab6319dfc418 php-cli-5.1.6-12.el5.x86_64.rpm e87c1bcd044c475afd36b4fd76eb306e php-common-5.1.6-12.el5.x86_64.rpm b52703dcbbd302ca6a5881691c8a4791 php-dba-5.1.6-12.el5.x86_64.rpm a54f2b329966f6ae8d973e8c5bd9b3c9 php-debuginfo-5.1.6-12.el5.x86_64.rpm b24a0cf47bbd36af3e27f63cf8f2a44d php-devel-5.1.6-12.el5.x86_64.rpm 683ee6300a6021f31b9b378b5ebbae91 php-gd-5.1.6-12.el5.x86_64.rpm 2558b23ddb574e4d757a3ee45b4b09db php-imap-5.1.6-12.el5.x86_64.rpm 4e12feed47c6bdfa745b408c3a2f0be9 php-ldap-5.1.6-12.el5.x86_64.rpm 802ac4070f6183f3c3fa729f6ef753b0 php-mbstring-5.1.6-12.el5.x86_64.rpm f6a3268ac2d5868b56750b125b7e4000 php-mysql-5.1.6-12.el5.x86_64.rpm 7e2467e812eb1ecb34bec48d61ce75f5 php-ncurses-5.1.6-12.el5.x86_64.rpm 8d9d4c8f30a8310b4b55f40260cd705e php-odbc-5.1.6-12.el5.x86_64.rpm a2f79a2d00ee92c37fbcd575abc9031b php-pdo-5.1.6-12.el5.x86_64.rpm b0cfb786017cedfdef3c9a7e4abbf61b php-pgsql-5.1.6-12.el5.x86_64.rpm 18d164a275b9b357a84c976fd24929af php-snmp-5.1.6-12.el5.x86_64.rpm c359a4bd47f55245a28832e004ede4b3 php-soap-5.1.6-12.el5.x86_64.rpm 263c811cd28b288ba2cadd65ed5daf5e php-xml-5.1.6-12.el5.x86_64.rpm b2b3a11ccf426e54b41d74df6eb33da8 php-xmlrpc-5.1.6-12.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): SRPMS: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-12.el5.src.rpm 1f072047b7d34d64fe5fbe532f6777c0 php-5.1.6-12.el5.src.rpm i386: db4e221120959052ff76d76baa356333 php-5.1.6-12.el5.i386.rpm 623ea7a18a737dad4ecd3b59f70e4a7b php-bcmath-5.1.6-12.el5.i386.rpm 13a42879b670133c45728223a95fd402 php-cli-5.1.6-12.el5.i386.rpm e189f866ed98fce01d040f324a80391d php-common-5.1.6-12.el5.i386.rpm a60aa421383db832b4edd0c850df8ecf php-dba-5.1.6-12.el5.i386.rpm 1c451d5a3716708b254a66143f4557db php-debuginfo-5.1.6-12.el5.i386.rpm 6f5036e7ca118e1915226e3cd8f9518b php-devel-5.1.6-12.el5.i386.rpm 2800999d688186d3dbeee5fb3e61575b php-gd-5.1.6-12.el5.i386.rpm a1904ac67baff1e51a3fbf5599440b52 php-imap-5.1.6-12.el5.i386.rpm 1bfe2a4ae5e40cc269a1dbc1352c4b80 php-ldap-5.1.6-12.el5.i386.rpm b3cff46d0c907a5ed67713145e1b4152 php-mbstring-5.1.6-12.el5.i386.rpm 15efa04cf7427b2747c2020dbe759029 php-mysql-5.1.6-12.el5.i386.rpm bbca3680c0437d9ec164b572c9f5f8ef php-ncurses-5.1.6-12.el5.i386.rpm 78a45360f99144504120ed460739aab1 php-odbc-5.1.6-12.el5.i386.rpm 83612401d798529d67d2695164559183 php-pdo-5.1.6-12.el5.i386.rpm a062000075fc8bbf21b647c2f40d77bf php-pgsql-5.1.6-12.el5.i386.rpm 46000dee2a3c58e8b30919fbb46843c6 php-snmp-5.1.6-12.el5.i386.rpm 38d8e0bb05631def31f60fa3b7198772 php-soap-5.1.6-12.el5.i386.rpm 6f0476ea1a367d88e2e5039fdbc3a198 php-xml-5.1.6-12.el5.i386.rpm fa48b781751b85839fd64d806abe41f4 php-xmlrpc-5.1.6-12.el5.i386.rpm ia64: cafd614aafbb93a9c1cc2f6353830cd7 php-5.1.6-12.el5.ia64.rpm 2441c3bb036579f4f90a68ec83d26f35 php-bcmath-5.1.6-12.el5.ia64.rpm cb7bef1fdbc92fea05df95f8d6584555 php-cli-5.1.6-12.el5.ia64.rpm e10fe0ff4bc338ddec9b4e367291e566 php-common-5.1.6-12.el5.ia64.rpm fa100ac6fe4b0a91991abd936565f0fc php-dba-5.1.6-12.el5.ia64.rpm 5a59f0808d88c867760042409bb34b78 php-debuginfo-5.1.6-12.el5.ia64.rpm ae02c7d2e2d4d44718f996c250d42d71 php-devel-5.1.6-12.el5.ia64.rpm f0f191aaf58ec5589f21df085504e239 php-gd-5.1.6-12.el5.ia64.rpm cf26517d261c3aaa55fb214a859d103b php-imap-5.1.6-12.el5.ia64.rpm d1509a29380c85b385fc63ee44815083 php-ldap-5.1.6-12.el5.ia64.rpm e1f2318bd68675d7f849234e8354a2e3 php-mbstring-5.1.6-12.el5.ia64.rpm a3ce3b1d3a49127a2162a1465a73886e php-mysql-5.1.6-12.el5.ia64.rpm d42e7353d8088fef65b36ba973b195ae php-ncurses-5.1.6-12.el5.ia64.rpm e05c2cd733dc4cc8369321e90d899d68 php-odbc-5.1.6-12.el5.ia64.rpm 1f1efbb4539364a08d52c0dab7795239 php-pdo-5.1.6-12.el5.ia64.rpm 3e312ac2b401c91d861894c3b33ded17 php-pgsql-5.1.6-12.el5.ia64.rpm feaac214d523a64ebadaad9e93f1242a php-snmp-5.1.6-12.el5.ia64.rpm 30b1ea6f26dda2395b11736333f7b2ce php-soap-5.1.6-12.el5.ia64.rpm d0999b5660b02e62b39f121ec8327500 php-xml-5.1.6-12.el5.ia64.rpm d73065f5f63f38a16cb95616baa4f8e0 php-xmlrpc-5.1.6-12.el5.ia64.rpm ppc: 34ae027262d0d089256344c389bbe08c php-5.1.6-12.el5.ppc.rpm 3b3d5738933e697bb776d04ff46a7f12 php-bcmath-5.1.6-12.el5.ppc.rpm 49cabf54b4400a953b739b6ed2b30f9e php-cli-5.1.6-12.el5.ppc.rpm 2122545a7ba2b26df9e520cb1180b7c7 php-common-5.1.6-12.el5.ppc.rpm 9e30dfaa845be5c78163cb75924bd2b4 php-dba-5.1.6-12.el5.ppc.rpm 96fa588b28469fd0b08b961fbedc758b php-debuginfo-5.1.6-12.el5.ppc.rpm 423f4664277d806dcaf857bb147d8e4b php-devel-5.1.6-12.el5.ppc.rpm 0f3f6615f97f175bee885bcafe8a5859 php-gd-5.1.6-12.el5.ppc.rpm 0801cf3c02afce07b604b7dfe7fd1905 php-imap-5.1.6-12.el5.ppc.rpm 2add1b41bbb8bd8be31e2d444704406b php-ldap-5.1.6-12.el5.ppc.rpm d5b9f5d3c17bf87507594b1baa3e79f7 php-mbstring-5.1.6-12.el5.ppc.rpm 325e97ecee92904bd55945c4b1d1b639 php-mysql-5.1.6-12.el5.ppc.rpm 55143aa36a5830a28a05f97f7d981760 php-ncurses-5.1.6-12.el5.ppc.rpm 18d8ef4334b2388b09e6c83dfcc58882 php-odbc-5.1.6-12.el5.ppc.rpm 9767a87db24d9f8afcce9f1428065c60 php-pdo-5.1.6-12.el5.ppc.rpm ee48fe969439c899283d1ec3eb60f530 php-pgsql-5.1.6-12.el5.ppc.rpm 4065ec9d77ad5b9659e1b0f848cb0215 php-snmp-5.1.6-12.el5.ppc.rpm c309aa4721f4f7be3c15086700eca7ba php-soap-5.1.6-12.el5.ppc.rpm ff5887a936ee9d00ddea099144662a6a php-xml-5.1.6-12.el5.ppc.rpm 47966500a9b6eecc2e27cbef9159496a php-xmlrpc-5.1.6-12.el5.ppc.rpm s390x: e858f359b54fa3c4849f1fc1ef07824f php-5.1.6-12.el5.s390x.rpm f974f231c4b713c6ac2191bea2328c9b php-bcmath-5.1.6-12.el5.s390x.rpm f369fcc7d4f6a08cb295a5e2fb521b27 php-cli-5.1.6-12.el5.s390x.rpm 0f1749de657015b792c76c60b04284fd php-common-5.1.6-12.el5.s390x.rpm c754ed24d8d995411e98d8401b26acde php-dba-5.1.6-12.el5.s390x.rpm a3c853fc4990507a7a8dc3e51c6bb696 php-debuginfo-5.1.6-12.el5.s390x.rpm 8f5143ea58f9985a341ff583a7f76aa0 php-devel-5.1.6-12.el5.s390x.rpm 2f100e01b637407a5dc5ca8e2a23bbba php-gd-5.1.6-12.el5.s390x.rpm 104d04a1fa14f2f7707e792c86329f9c php-imap-5.1.6-12.el5.s390x.rpm e452fa10840ba5accb455ec03884cd50 php-ldap-5.1.6-12.el5.s390x.rpm 1fa864cbe5f5293a698d808fa19afae9 php-mbstring-5.1.6-12.el5.s390x.rpm d8a0fd9257da5af3a764e5b1dfe6ad77 php-mysql-5.1.6-12.el5.s390x.rpm a1a20fbb68f630030dd6299ecf416596 php-ncurses-5.1.6-12.el5.s390x.rpm 6a67e25eda0d52b30ca16613302c5ac2 php-odbc-5.1.6-12.el5.s390x.rpm f5783c22f5a47556c865e788314b6053 php-pdo-5.1.6-12.el5.s390x.rpm 34c8f6098740ddcabb6dc52782c4377d php-pgsql-5.1.6-12.el5.s390x.rpm 2903ad9be536f69ed2e659258bad601c php-snmp-5.1.6-12.el5.s390x.rpm f6be7d172c09f7b94dee797609c0e833 php-soap-5.1.6-12.el5.s390x.rpm f96b56c8c02bac91c00fdb255fc1c979 php-xml-5.1.6-12.el5.s390x.rpm c231339723fc58a722841ded28f10b65 php-xmlrpc-5.1.6-12.el5.s390x.rpm x86_64: 68d771ed24af81d04ee7e100a5a5e635 php-5.1.6-12.el5.x86_64.rpm ea6a80e9d0d7158d94901ac4d63ed0f0 php-bcmath-5.1.6-12.el5.x86_64.rpm 3db0909942b504af6fb2ab6319dfc418 php-cli-5.1.6-12.el5.x86_64.rpm e87c1bcd044c475afd36b4fd76eb306e php-common-5.1.6-12.el5.x86_64.rpm b52703dcbbd302ca6a5881691c8a4791 php-dba-5.1.6-12.el5.x86_64.rpm a54f2b329966f6ae8d973e8c5bd9b3c9 php-debuginfo-5.1.6-12.el5.x86_64.rpm b24a0cf47bbd36af3e27f63cf8f2a44d php-devel-5.1.6-12.el5.x86_64.rpm 683ee6300a6021f31b9b378b5ebbae91 php-gd-5.1.6-12.el5.x86_64.rpm 2558b23ddb574e4d757a3ee45b4b09db php-imap-5.1.6-12.el5.x86_64.rpm 4e12feed47c6bdfa745b408c3a2f0be9 php-ldap-5.1.6-12.el5.x86_64.rpm 802ac4070f6183f3c3fa729f6ef753b0 php-mbstring-5.1.6-12.el5.x86_64.rpm f6a3268ac2d5868b56750b125b7e4000 php-mysql-5.1.6-12.el5.x86_64.rpm 7e2467e812eb1ecb34bec48d61ce75f5 php-ncurses-5.1.6-12.el5.x86_64.rpm 8d9d4c8f30a8310b4b55f40260cd705e php-odbc-5.1.6-12.el5.x86_64.rpm a2f79a2d00ee92c37fbcd575abc9031b php-pdo-5.1.6-12.el5.x86_64.rpm b0cfb786017cedfdef3c9a7e4abbf61b php-pgsql-5.1.6-12.el5.x86_64.rpm 18d164a275b9b357a84c976fd24929af php-snmp-5.1.6-12.el5.x86_64.rpm c359a4bd47f55245a28832e004ede4b3 php-soap-5.1.6-12.el5.x86_64.rpm 263c811cd28b288ba2cadd65ed5daf5e php-xml-5.1.6-12.el5.x86_64.rpm b2b3a11ccf426e54b41d74df6eb33da8 php-xmlrpc-5.1.6-12.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510 http://www.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/ Copyright 2007 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFGQJtLXlSAg2UNWIIRAj0cAJ9nqM0PCWvoWE3VS05LAOvj3NyBOQCeN3Fx qs0DGzwnoVMgYVPwfxQzCnc= =syYl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRkKcICh9+71yA2DNAQJxCgQAihHOxP47DW/TnAU0ur5crfMSpovNNdhY JUrNiFt5ZLUXOpSpJ34+IQ2hu3sFPb1wbmTUhDClllKbCOjsWRxnGkgMySMi7M7I n936myDhiZr69+VMJhoWrp/3oSMHrs5+0/eSInhGNnA8XCXPg9yYykGJxACW+KeU FMsa/eYd/oM= =zSij -----END PGP SIGNATURE-----