Red Hat 9038 Published by

Updated php packages are available for Red Hat Enterprise Linux 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Updated php packages fix security issues
Advisory ID: RHSA-2004:392-01
Issue date: 2004-07-19
Updated on: 2004-07-19
Product: Red Hat Enterprise Linux
Cross references: RHSA-2004:342
Obsoletes: RHBA-2004:169
CVE Names: CAN-2004-0594 CAN-2004-0595
----------------------------------------------------------------------

1. Summary:

Updated php packages that fix various security issues are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64



3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server.

Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue.

This issue has a higher risk when PHP is running on an instance of Apache which is vulnerable to CAN-2004-0493. For Red Hat Enterprise Linux 3, this Apache memory exhaustion issue was fixed by a previous update, RHSA-2004:342. It may also be possible to exploit this issue if using a non-default PHP configuration with the "register_defaults" setting is changed to "On". Red Hat does not believe that this flaw is exploitable in the default configuration of Red Hat Enterprise Linux 3.

Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue.

All users of PHP are advised to upgrade to these updated packages, which contain backported patches that address these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info):

127642 - CAN-2004-0594 PHP memory_limit issue

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm

ppc:
8e7b70ca51bc2df2b9bdc17ac450623a php-4.3.2-11.1.ent.ppc.rpm
5f605263b276896aafae4bd6b4b7239a php-imap-4.3.2-11.1.ent.ppc.rpm
da531c43274864cfb175acb3b66bf8b7 php-ldap-4.3.2-11.1.ent.ppc.rpm
cdf935d9e13f4a2f23b615944cd497aa php-mysql-4.3.2-11.1.ent.ppc.rpm
68fdff925a0b72a85fa5e9602cf6f8ad php-odbc-4.3.2-11.1.ent.ppc.rpm
6dc8cc2c54551934cb16285040e88cbe php-pgsql-4.3.2-11.1.ent.ppc.rpm

s390:
1241e110e8859029b024343d22aa2df6 php-4.3.2-11.1.ent.s390.rpm
21f3ed14d13ad75e007b5e356efed8de php-imap-4.3.2-11.1.ent.s390.rpm
268e9bde022de276849ba140a4235c37 php-ldap-4.3.2-11.1.ent.s390.rpm
93f23ab49be6bac55a67011ce9da49be php-mysql-4.3.2-11.1.ent.s390.rpm
cf87e5a94c29d28bf1d7149a8e3757ac php-odbc-4.3.2-11.1.ent.s390.rpm
c17462518752ea728180c1974461d269 php-pgsql-4.3.2-11.1.ent.s390.rpm

s390x:
09bd14ec01d446d287f83db8507b3d19 php-4.3.2-11.1.ent.s390x.rpm
b635ebd91ae1aa07563e5aeda9938361 php-imap-4.3.2-11.1.ent.s390x.rpm
98ef889f18f31d40c5c70314ed997c50 php-ldap-4.3.2-11.1.ent.s390x.rpm
d0cece953f1e1f64f154dbb84b4387d5 php-mysql-4.3.2-11.1.ent.s390x.rpm
9664d26f87dc23fe662884807f480e22 php-odbc-4.3.2-11.1.ent.s390x.rpm
b2ec7feef3091c1c1bc8503b86e02ad4 php-pgsql-4.3.2-11.1.ent.s390x.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm

i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm

ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm

x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595

8. Contact:

The Red Hat security contact is secalert@redhat.com. More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.