Red Hat 9039 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2005:831-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-831.html
Issue date: 2005-11-10
Updated on: 2005-11-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-3353 CVE-2005-3388 CVE-2005-3389 CVE-2005-3390
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A flaw was found in the way PHP registers global variables during a file
upload request. A remote attacker could submit a carefully crafted
multipart/form-data POST request that would overwrite the $GLOBALS array,
altering expected script behavior, and possibly leading to the execution of
arbitrary PHP commands. Please note that this vulnerability only affects
installations which have register_globals enabled in the PHP configuration
file, which is not a default or recommended option. The Common
Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to
this issue.

A flaw was found in the PHP parse_str() function. If a PHP script passes
only one argument to the parse_str() function, and the script can be forced
to abort execution during operation (for example due to the memory_limit
setting), the register_globals may be enabled even if it is disabled in the
PHP configuration file. This vulnerability only affects installations that
have PHP scripts using the parse_str function in this way. (CVE-2005-3389)

A Cross-Site Scripting flaw was found in the phpinfo() function. If a
victim can be tricked into following a malicious URL to a site with a page
displaying the phpinfo() output, it may be possible to inject javascript
or HTML content into the displayed page or steal data such as cookies.
This vulnerability only affects installations which allow users to view the
output of the phpinfo() function. As the phpinfo() function outputs a
large amount of information about the current state of PHP, it should only
be used during debugging or if protected by authentication. (CVE-2005-3388)

A denial of service flaw was found in the way PHP processes EXIF image
data. It is possible for an attacker to cause PHP to crash by supplying
carefully crafted EXIF image data. (CVE-2005-3353)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

172207 - CVE-2005-3390 PHP register globals arbitrary code execution
172209 - CVE-2005-3389 PHP parse_str can enable register_globals
172212 - CVE-2005-3388 PHP phpinfo() XSS attack
172589 - CVE-2005-3353 PHP exif data DoS


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-26.ent.src.rpm
d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm

i386:
d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm
053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm
bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm
853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm
451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm
22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm
3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm

ia64:
bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm
33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm
0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm
2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm
3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm
0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm
70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm

ppc:
c9cacbe8f9af60a7b8d8b694f66bdd97 php-4.3.2-26.ent.ppc.rpm
ab3438a10e9d75c2983716a366b40dad php-devel-4.3.2-26.ent.ppc.rpm
2760b4df66a293054afc9f7c548a9f39 php-imap-4.3.2-26.ent.ppc.rpm
778f66821c4221ada23408018e851e64 php-ldap-4.3.2-26.ent.ppc.rpm
b6d3f51255a5c19c2c21e5db451108cb php-mysql-4.3.2-26.ent.ppc.rpm
dd8198ffc35d1c444f2c37cd5b52d7e3 php-odbc-4.3.2-26.ent.ppc.rpm
be3baaa3d577953956ae84e71dbf92fe php-pgsql-4.3.2-26.ent.ppc.rpm

s390:
0d8655a2d4ada8b43aa069fc7281a4bb php-4.3.2-26.ent.s390.rpm
1a02dbeb07ed152e80a365d2fea3d543 php-devel-4.3.2-26.ent.s390.rpm
d880db28130375e82bc78abde75bcd7e php-imap-4.3.2-26.ent.s390.rpm
dd97855b16bb9db0fd6439bcb699c477 php-ldap-4.3.2-26.ent.s390.rpm
e7dbcb83120a51ebba485f4cbbc43f50 php-mysql-4.3.2-26.ent.s390.rpm
a84ba06a5053db4074eadbbc6da72361 php-odbc-4.3.2-26.ent.s390.rpm
42df4a8dfd2ec10ad0081fa541f5ad68 php-pgsql-4.3.2-26.ent.s390.rpm

s390x:
66f783b90235bad52971f7b6b8325cae php-4.3.2-26.ent.s390x.rpm
f88355fae4b772a00ca7c085a819e9c5 php-devel-4.3.2-26.ent.s390x.rpm
fc70ce66b38d5e6c46867985cb4588d8 php-imap-4.3.2-26.ent.s390x.rpm
a8b561fd412269831bc44f4db64571ae php-ldap-4.3.2-26.ent.s390x.rpm
db71f01094bd949c14b6e8ae55d15f50 php-mysql-4.3.2-26.ent.s390x.rpm
3ad660c7e71845f10bb81dad49a096d1 php-odbc-4.3.2-26.ent.s390x.rpm
6878954b18c5e8f45e0cded465818a40 php-pgsql-4.3.2-26.ent.s390x.rpm

x86_64:
1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm
f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm
21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm
284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm
da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm
a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm
733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-26.ent.src.rpm
d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm

i386:
d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm
053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm
bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm
853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm
451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm
22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm
3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm

x86_64:
1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm
f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm
21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm
284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm
da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm
a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm
733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-26.ent.src.rpm
d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm

i386:
d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm
053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm
bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm
853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm
451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm
22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm
3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm

ia64:
bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm
33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm
0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm
2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm
3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm
0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm
70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm

x86_64:
1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm
f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm
21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm
284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm
da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm
a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm
733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-26.ent.src.rpm
d46e8398fdd5b7824c035e1fd1d1da68 php-4.3.2-26.ent.src.rpm

i386:
d93ec4e3c3f203b201943729c0364ffd php-4.3.2-26.ent.i386.rpm
053003467491195a6e115d51ead1aebd php-devel-4.3.2-26.ent.i386.rpm
bf1565d0e0c50902a7d6288ce5bcf579 php-imap-4.3.2-26.ent.i386.rpm
853b0a5358e6e5b9bd25cb4bfa8a67a2 php-ldap-4.3.2-26.ent.i386.rpm
451bd6cbf36b999d99a27709065b8022 php-mysql-4.3.2-26.ent.i386.rpm
22322bb52f035398d2ce7c99776427e3 php-odbc-4.3.2-26.ent.i386.rpm
3a0ddf1eee717e81e4536de19a262915 php-pgsql-4.3.2-26.ent.i386.rpm

ia64:
bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-4.3.2-26.ent.ia64.rpm
33347cbad2ebf3f8ec25c4f39488c3aa php-devel-4.3.2-26.ent.ia64.rpm
0272cc5dc65035ff67d11b191b0eb132 php-imap-4.3.2-26.ent.ia64.rpm
2c8414b3b43f806065de630e4b24850a php-ldap-4.3.2-26.ent.ia64.rpm
3c82d4485790e149eb89c6692cc11438 php-mysql-4.3.2-26.ent.ia64.rpm
0856e5a1db31cadd22b9afc485fe9f41 php-odbc-4.3.2-26.ent.ia64.rpm
70cf8e4f495021d8bcd178ef050a380f php-pgsql-4.3.2-26.ent.ia64.rpm

x86_64:
1f6ad6872aa68c65fe129ffd0ebae3c7 php-4.3.2-26.ent.x86_64.rpm
f767a494e0124ff0b4db922acc00d205 php-devel-4.3.2-26.ent.x86_64.rpm
21ef0dfa84983afb4d97031e84e3d331 php-imap-4.3.2-26.ent.x86_64.rpm
284bcd98fe1b9280c025372f480d0e0c php-ldap-4.3.2-26.ent.x86_64.rpm
da7cb0a6caafd4c1b5e0a0ab280c7b68 php-mysql-4.3.2-26.ent.x86_64.rpm
a41070197293f10cd69fdc0eca53d8b5 php-odbc-4.3.2-26.ent.x86_64.rpm
733a7d34cf81a8d36c6677f70798c8f2 php-pgsql-4.3.2-26.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.9.src.rpm
7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm

i386:
3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm
a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm
335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm
ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm
bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm
195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm
a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm
3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm
8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm
1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm
d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm
a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm
b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm
c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm

ia64:
38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm
6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm
c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm
19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm
ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm
a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm
195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm
05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm
e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm
8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm
eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm
7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm
da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm
7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm

ppc:
d4dac54549328cf2ff8bc5ae0d824e61 php-4.3.9-3.9.ppc.rpm
9c620f638a126eb2c8af88ce98c57f7d php-devel-4.3.9-3.9.ppc.rpm
d3225c82fa9620b32f992809d428f914 php-domxml-4.3.9-3.9.ppc.rpm
d6ed5fdda80868cba05deca4a17b5bd1 php-gd-4.3.9-3.9.ppc.rpm
1ead9724f6db9b85b0557f4bbe325c67 php-imap-4.3.9-3.9.ppc.rpm
2e5a8fc1abf984fd633790c9262b18de php-ldap-4.3.9-3.9.ppc.rpm
48099e091ec856cf07e113a42fa86aa5 php-mbstring-4.3.9-3.9.ppc.rpm
3c5f6267d377927eab8d8f661dd35f31 php-mysql-4.3.9-3.9.ppc.rpm
642f49e77bdde84fa27e38c4c2c8ca3a php-ncurses-4.3.9-3.9.ppc.rpm
08628cc16fe3d543571e065dfb9ca40a php-odbc-4.3.9-3.9.ppc.rpm
538447d84fab27658b72aa86a87904b0 php-pear-4.3.9-3.9.ppc.rpm
5ddb04a978ed936b2135445e7c8f29f8 php-pgsql-4.3.9-3.9.ppc.rpm
250c8919ecdebbed3681a406ba774584 php-snmp-4.3.9-3.9.ppc.rpm
0b0c0a49a7563d4ce8e53fecf92f54c1 php-xmlrpc-4.3.9-3.9.ppc.rpm

s390:
6c26a422564613c8594fa0e7411c6805 php-4.3.9-3.9.s390.rpm
7e77ba77044e0e61aa7163086ef7868a php-devel-4.3.9-3.9.s390.rpm
5facdb7246b38e6d4ff6f98100aeade4 php-domxml-4.3.9-3.9.s390.rpm
a4e5e0a0fa51439242914c23c69e1d21 php-gd-4.3.9-3.9.s390.rpm
271f1b11e28ec5db32107eb507d19114 php-imap-4.3.9-3.9.s390.rpm
7e8cdf3fa15616356e3a42023ed23316 php-ldap-4.3.9-3.9.s390.rpm
03359db5632cef53985230794f086ce1 php-mbstring-4.3.9-3.9.s390.rpm
5f32c8c3ba6f802bd7d28c2ae962d21b php-mysql-4.3.9-3.9.s390.rpm
2d174148612c679e9fe3e2f98df1ebe7 php-ncurses-4.3.9-3.9.s390.rpm
f5116f15e905f8def2ed9a624d360653 php-odbc-4.3.9-3.9.s390.rpm
daf5cd69c63cc742a208282a28d526e0 php-pear-4.3.9-3.9.s390.rpm
f3ac3d57b259e887ed590a8414052e7a php-pgsql-4.3.9-3.9.s390.rpm
666903bf6b1beedbd70f883caf143c58 php-snmp-4.3.9-3.9.s390.rpm
e8e180dacc0d658830d49d2da6419064 php-xmlrpc-4.3.9-3.9.s390.rpm

s390x:
8cd00f6b90019e7f29f01d6831485250 php-4.3.9-3.9.s390x.rpm
ab838be9e5b90d5577b65937943e43c7 php-devel-4.3.9-3.9.s390x.rpm
75dde8adeb07fd1567cee1140e45ae15 php-domxml-4.3.9-3.9.s390x.rpm
ce08a6ccecb56572e9d71f2ec0de396e php-gd-4.3.9-3.9.s390x.rpm
903d2201f39da2474bcba6257552681c php-imap-4.3.9-3.9.s390x.rpm
fe13abbc3b945a287c17ab65f805765a php-ldap-4.3.9-3.9.s390x.rpm
8d197539a796d266189f986f343b76e0 php-mbstring-4.3.9-3.9.s390x.rpm
561417a7e995cec1d2a93da8a9d385d2 php-mysql-4.3.9-3.9.s390x.rpm
039ccd184163ac72eef384ee9a097aa0 php-ncurses-4.3.9-3.9.s390x.rpm
07a86f95ee41f31945e3af392cae3af4 php-odbc-4.3.9-3.9.s390x.rpm
968f65375285a0d3673d08a9d4a883d6 php-pear-4.3.9-3.9.s390x.rpm
05c4f42f1b464bfae4e79c9e1c8a6e37 php-pgsql-4.3.9-3.9.s390x.rpm
995be28f2c93c3dbe67119e2791bbfd0 php-snmp-4.3.9-3.9.s390x.rpm
7729607b5682629acf4e8d4d727bcba7 php-xmlrpc-4.3.9-3.9.s390x.rpm

x86_64:
90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm
2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm
31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm
8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm
fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm
687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm
559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm
0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm
928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm
e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm
5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm
b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm
3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm
cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.9.src.rpm
7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm

i386:
3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm
a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm
335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm
ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm
bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm
195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm
a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm
3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm
8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm
1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm
d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm
a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm
b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm
c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm

x86_64:
90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm
2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm
31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm
8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm
fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm
687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm
559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm
0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm
928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm
e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm
5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm
b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm
3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm
cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.9.src.rpm
7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm

i386:
3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm
a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm
335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm
ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm
bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm
195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm
a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm
3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm
8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm
1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm
d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm
a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm
b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm
c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm

ia64:
38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm
6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm
c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm
19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm
ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm
a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm
195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm
05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm
e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm
8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm
eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm
7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm
da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm
7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm

x86_64:
90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm
2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm
31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm
8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm
fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm
687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm
559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm
0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm
928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm
e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm
5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm
b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm
3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm
cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.9.src.rpm
7493ae509d6129a32c5ce3bd998fd68a php-4.3.9-3.9.src.rpm

i386:
3a0734832da6be3b2f1e910ceee773f4 php-4.3.9-3.9.i386.rpm
a256cc6a4dd5ee99ffd683da89beb1ac php-devel-4.3.9-3.9.i386.rpm
335d54777f27ef02576cc0a7adf5af56 php-domxml-4.3.9-3.9.i386.rpm
ea53e838519685d493612d0bbf2a67dc php-gd-4.3.9-3.9.i386.rpm
bb141447a9e98510ffc25abdf4e9006e php-imap-4.3.9-3.9.i386.rpm
195e680107e9a1d40abf07fbc80ed865 php-ldap-4.3.9-3.9.i386.rpm
a0c41be5a1bda27540f43a8107fb6939 php-mbstring-4.3.9-3.9.i386.rpm
3da385c562d5c3beb8520699d84b198b php-mysql-4.3.9-3.9.i386.rpm
8ff6dd7a0951d83c43a5fe17e88ec088 php-ncurses-4.3.9-3.9.i386.rpm
1c111fb9b5175448b6952a94197631c6 php-odbc-4.3.9-3.9.i386.rpm
d1c4e5b4030588a941508940d75d41ed php-pear-4.3.9-3.9.i386.rpm
a5996fcc6334eedb9dc2f77301c7e026 php-pgsql-4.3.9-3.9.i386.rpm
b1e993a096b30326e5ccf76661f29d08 php-snmp-4.3.9-3.9.i386.rpm
c43ee16df0d60804d762a5dbdb5a67eb php-xmlrpc-4.3.9-3.9.i386.rpm

ia64:
38c446f563ccade410b70440b8b67677 php-4.3.9-3.9.ia64.rpm
6aabf55df846c96c72b236f2632dc966 php-devel-4.3.9-3.9.ia64.rpm
c23e8d86007cad9a7823c1dc0e3d155e php-domxml-4.3.9-3.9.ia64.rpm
19c46d57b82b105a0c2666508206d375 php-gd-4.3.9-3.9.ia64.rpm
ad908e367fcee4cc061043157df6b126 php-imap-4.3.9-3.9.ia64.rpm
a266652f6bbc80d40d16a1356226e325 php-ldap-4.3.9-3.9.ia64.rpm
195d5c8df90f8f368aa25beb0746f9ee php-mbstring-4.3.9-3.9.ia64.rpm
05dddd1f73ad1dd682eed2143d9dfb35 php-mysql-4.3.9-3.9.ia64.rpm
e000540478ca795e05ca1cc4e2087194 php-ncurses-4.3.9-3.9.ia64.rpm
8fd55a417536a3068467d6450b02f70e php-odbc-4.3.9-3.9.ia64.rpm
eb33f45a81e1fbf0470cf52fb11dcd87 php-pear-4.3.9-3.9.ia64.rpm
7b7cd7373a87c1eff02e89b3acbe754c php-pgsql-4.3.9-3.9.ia64.rpm
da5bea293e9d6254998719f12a6c1e7f php-snmp-4.3.9-3.9.ia64.rpm
7440c3dbf7b7850e43efb2f094e87970 php-xmlrpc-4.3.9-3.9.ia64.rpm

x86_64:
90ee43072ba7a774e58abb90e0a24d30 php-4.3.9-3.9.x86_64.rpm
2b41833c26f7565b5bcda0d103a33ae3 php-devel-4.3.9-3.9.x86_64.rpm
31e98b8c2e7f30ec8de06b7d9306d9b3 php-domxml-4.3.9-3.9.x86_64.rpm
8aab7ae77993e0149530933138814858 php-gd-4.3.9-3.9.x86_64.rpm
fe18be11ce81f6b29f284ec70ab10bef php-imap-4.3.9-3.9.x86_64.rpm
687498617112998740fad6217c2c380b php-ldap-4.3.9-3.9.x86_64.rpm
559f653ca43e45b9ffa8f22ea0302b96 php-mbstring-4.3.9-3.9.x86_64.rpm
0db17be2a498a79be41d4ac195b090a4 php-mysql-4.3.9-3.9.x86_64.rpm
928912c4585003aa93b185c84578ab54 php-ncurses-4.3.9-3.9.x86_64.rpm
e38dd82d8ec5457c0273f81eb7744878 php-odbc-4.3.9-3.9.x86_64.rpm
5402c1d977225f0ca154326d08781a3c php-pear-4.3.9-3.9.x86_64.rpm
b23f844669f5bedfaeca5b36f715bdea php-pgsql-4.3.9-3.9.x86_64.rpm
3faae8587aa351f95cf814077650d76c php-snmp-4.3.9-3.9.x86_64.rpm
cb1b67f5ba3412b48f447ed610d2612b php-xmlrpc-4.3.9-3.9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDc6MlXlSAg2UNWIIRAkeBAJ0e7Hf9SlqYHPSHD+Da4iQEJ1fVggCeJRA/
vL+EPs+i+ZeUBo7oDxxRN0c=
=gQiN
-----END PGP SIGNATURE-----