Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2006:0501-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0501.html
Issue date: 2006-05-23
Updated on: 2006-05-23
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2933 CVE-2006-0208 CVE-2006-0996
CVE-2006-1990
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An
attacker could use this to perform cross-site scripting attacks against
sites that have publicly-available PHP scripts that call phpinfo().
(CVE-2006-0996)

The error handling output was found to not properly escape HTML output in
certain cases. An attacker could use this flaw to perform cross-site
scripting attacks against sites where both display_errors and html_errors
are enabled. (CVE-2006-0208)

A buffer overflow flaw was discovered in uw-imap, the University of
Washington's IMAP Server. php-imap is compiled against the static c-client
libraries from imap and therefore needed to be recompiled against the fixed
version. (CVE-2005-2933)

The wordwrap() PHP function did not properly check for integer overflow in
the handling of the "break" parameter. An attacker who could control the
string passed to the "break" parameter could cause a heap overflow.
(CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

104249 - php SRPM has silent IMAP dependency
190519 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw
190524 - CVE-2005-2933 imap buffer overflow
190526 - CVE-2006-0996 phpinfo() XSS issue
191474 - CVE-2006-1990 php wordwrap integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.6.src.rpm
45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386:
14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm
bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm
c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm
e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm
87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm
897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm
0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm
4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

ia64:
e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm
33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm
743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm
3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm
165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm
9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm
dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm
e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.6.src.rpm
45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

ia64:
e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm
33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm
743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm
3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm
165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm
9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm
dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm
e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.6.src.rpm
45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386:
14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm
bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm
c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm
e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm
87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm
897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm
0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm
4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.6.src.rpm
45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386:
14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm
bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm
c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm
e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm
87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm
897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm
0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm
4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFEc3YYXlSAg2UNWIIRAsO2AJ4pRvbL3jwTZzfDGRHHxboXzTmzuQCeLPzu
ekbdbUBQufPiK1PMrJGAqdk=
=3eNw
-----END PGP SIGNATURE-----