CentOS Errata and Security Advisory 2005:0831-001
Important CentOS 4 i386 php - security update
This CESA is for the version of php is that is included in the centosplus repo for CentOS-4 ... this is not an update to the main CentOS-4 repo.
----------------
Name : php Relocations: (not relocatable)
Version : 5.0.4 Vendor: CentOS
Release : 3.centos4 Build Date: 31 Aug 2005 12:15:26 AM UTC
Install Date: (not installed) Build Host: C4i386-build
Group : Development/Languages
Source RPM: php-5.0.4-3.centos4.src.rpm
License: The PHP License
Packager : Johnny Hughes <johnny@centos.org>
URL : http://www.php.net/
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.
----------------
Update Information:
This update is considered important by the CentOS Development Team.
A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.
All Users of PHP-5 from the CentOSPlus Repo should upgrade to these updated packages.
More info is available at:
http://rhn.redhat.com/errata/RHSA-2005-748.html
https://www.redhat.com/archives/fedora-announce-list/2005-August/msg00118.html
------------------------
The following updated files have been uploaded and are currently syncing to the mirrors:
i386:
php-5.0.4-3.centos4.i386.rpm
php-bcmath-5.0.4-3.centos4.i386.rpm
php-dba-5.0.4-3.centos4.i386.rpm
php-devel-5.0.4-3.centos4.i386.rpm
php-gd-5.0.4-3.centos4.i386.rpm
php-imap-5.0.4-3.centos4.i386.rpm
php-ldap-5.0.4-3.centos4.i386.rpm
php-mbstring-5.0.4-3.centos4.i386.rpm
php-mysql-5.0.4-3.centos4.i386.rpm
php-ncurses-5.0.4-3.centos4.i386.rpm
php-odbc-5.0.4-3.centos4.i386.rpm
php-pear-5.0.4-3.centos4.i386.rpm
php-pgsql-5.0.4-3.centos4.i386.rpm
php-snmp-5.0.4-3.centos4.i386.rpm
php-soap-5.0.4-3.centos4.i386.rpm
php-xml-5.0.4-3.centos4.i386.rpm
php-xmlrpc-5.0.4-3.centos4.i386.rpm
src:
php-5.0.4-3.centos4.src.rpm
Important CentOS 4 i386 php - security update
This CESA is for the version of php is that is included in the centosplus repo for CentOS-4 ... this is not an update to the main CentOS-4 repo.
----------------
Name : php Relocations: (not relocatable)
Version : 5.0.4 Vendor: CentOS
Release : 3.centos4 Build Date: 31 Aug 2005 12:15:26 AM UTC
Install Date: (not installed) Build Host: C4i386-build
Group : Development/Languages
Source RPM: php-5.0.4-3.centos4.src.rpm
License: The PHP License
Packager : Johnny Hughes <johnny@centos.org>
URL : http://www.php.net/
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.
----------------
Update Information:
This update is considered important by the CentOS Development Team.
A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.
All Users of PHP-5 from the CentOSPlus Repo should upgrade to these updated packages.
More info is available at:
http://rhn.redhat.com/errata/RHSA-2005-748.html
https://www.redhat.com/archives/fedora-announce-list/2005-August/msg00118.html
------------------------
The following updated files have been uploaded and are currently syncing to the mirrors:
i386:
php-5.0.4-3.centos4.i386.rpm
php-bcmath-5.0.4-3.centos4.i386.rpm
php-dba-5.0.4-3.centos4.i386.rpm
php-devel-5.0.4-3.centos4.i386.rpm
php-gd-5.0.4-3.centos4.i386.rpm
php-imap-5.0.4-3.centos4.i386.rpm
php-ldap-5.0.4-3.centos4.i386.rpm
php-mbstring-5.0.4-3.centos4.i386.rpm
php-mysql-5.0.4-3.centos4.i386.rpm
php-ncurses-5.0.4-3.centos4.i386.rpm
php-odbc-5.0.4-3.centos4.i386.rpm
php-pear-5.0.4-3.centos4.i386.rpm
php-pgsql-5.0.4-3.centos4.i386.rpm
php-snmp-5.0.4-3.centos4.i386.rpm
php-soap-5.0.4-3.centos4.i386.rpm
php-xml-5.0.4-3.centos4.i386.rpm
php-xmlrpc-5.0.4-3.centos4.i386.rpm
src:
php-5.0.4-3.centos4.src.rpm