CentOS 5532 Published by

CentOS Errata and Security Advisory 2005:0705-001

Critical CentOS 4 i386 php - security update

This CESA is for the version of php is that is included in the centosplus repo for CentOS-4 ... this is not an update to the main CentOS-4 repo.



--------------------------
Name : php Relocations: (not relocatable)
Version : 5.0.4 Vendor: CentOS
Release : 2.centos4 Build Date: 05Jul2005 03:46:00PM CDT
Install Date: (not installed) Build Host: i386-build
Group : Development/Languages

Source RPM : php-5.0.4-2.centos4.src.rpm
Packager : Johnny Hughes <johnny@centos.org>
URL : http://www.php.net/
Summary : The PHP HTML-embedded scripting language.
------------------------
Update Information:

This update is considered critical by the CentOS Development Team, and
exploitation of the vulnerability can lead to remote code execution.
Anyone using php-5 from the centosplus repo is highly encouraged to
upgrade their installation immediately.

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-1921 to this issue.


The bundled version of shtool is also updated, to fix some temporary
file handling races. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.

Bug fixes for the dom, ldap, and gd extensions are also included in
this update.
------------------------
References:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751

https://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.htm
l

------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
php-5.0.4-2.centos4.i386.rpm
php-bcmath-5.0.4-2.centos4.i386.rpm
php-dba-5.0.4-2.centos4.i386.rpm
php-devel-5.0.4-2.centos4.i386.rpm
php-gd-5.0.4-2.centos4.i386.rpm
php-imap-5.0.4-2.centos4.i386.rpm
php-ldap-5.0.4-2.centos4.i386.rpm
php-mbstring-5.0.4-2.centos4.i386.rpm
php-mysql-5.0.4-2.centos4.i386.rpm
php-ncurses-5.0.4-2.centos4.i386.rpm
php-odbc-5.0.4-2.centos4.i386.rpm
php-pear-5.0.4-2.centos4.i386.rpm
php-pgsql-5.0.4-2.centos4.i386.rpm
php-snmp-5.0.4-2.centos4.i386.rpm
php-soap-5.0.4-2.centos4.i386.rpm
php-xml-5.0.4-2.centos4.i386.rpm
php-xmlrpc-5.0.4-2.centos4.i386.rpm

src:
php-5.0.4-2.centos4.src.rpm