Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2006:0682-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0682.html
Issue date: 2006-09-21
Updated on: 2006-09-21
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-3016 CVE-2006-4020 CVE-2006-4482
CVE-2006-4486
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)

A buffer overflow was discovered found in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the format
string, a remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)

An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the "memory_limit" setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain a
fix for a bug where certain input strings to the metaphone() function could
cause memory corruption.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

206934 - CVE-2006-4482 PHP heap overflow
206935 - metaphone() function causing Apache segfaults
206936 - CVE-2006-4486 PHP integer overflows in Zend
206937 - CVE-2006-4020 PHP buffer overread flaw
206964 - CVE-2006-3016 PHP session ID validation

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.11.src.rpm
dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm

i386:
3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm
b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm
66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm
34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm
3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm
6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm
9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm
a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm

ia64:
62d9ec481bee82602963c545d4ae270d php-4.1.2-2.11.ia64.rpm
6f6c5b533f079fde524c35ac4f909eb0 php-devel-4.1.2-2.11.ia64.rpm
8ac19aed8a568996ec99e5d37dbb222e php-imap-4.1.2-2.11.ia64.rpm
62f12475db39e5cb619713c1cc73e889 php-ldap-4.1.2-2.11.ia64.rpm
e947e6f327da3ddca5b2db538bb44643 php-manual-4.1.2-2.11.ia64.rpm
d1de9bf1cb6674b4edf391ddea0a1c52 php-mysql-4.1.2-2.11.ia64.rpm
6f2b3fe22330361b6bde789402403484 php-odbc-4.1.2-2.11.ia64.rpm
30ac774ef5e207f9a5ef0cfb10ef5ce7 php-pgsql-4.1.2-2.11.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.11.src.rpm
dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm

ia64:
62d9ec481bee82602963c545d4ae270d php-4.1.2-2.11.ia64.rpm
6f6c5b533f079fde524c35ac4f909eb0 php-devel-4.1.2-2.11.ia64.rpm
8ac19aed8a568996ec99e5d37dbb222e php-imap-4.1.2-2.11.ia64.rpm
62f12475db39e5cb619713c1cc73e889 php-ldap-4.1.2-2.11.ia64.rpm
e947e6f327da3ddca5b2db538bb44643 php-manual-4.1.2-2.11.ia64.rpm
d1de9bf1cb6674b4edf391ddea0a1c52 php-mysql-4.1.2-2.11.ia64.rpm
6f2b3fe22330361b6bde789402403484 php-odbc-4.1.2-2.11.ia64.rpm
30ac774ef5e207f9a5ef0cfb10ef5ce7 php-pgsql-4.1.2-2.11.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.11.src.rpm
dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm

i386:
3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm
b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm
66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm
34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm
3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm
6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm
9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm
a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.11.src.rpm
dd5bc1563b29fde5c829bdcefc39eac4 php-4.1.2-2.11.src.rpm

i386:
3a3d5e4ae4b3aa8a9320841783f543fc php-4.1.2-2.11.i386.rpm
b85a26c079218ff55fe92fcf782d5be5 php-devel-4.1.2-2.11.i386.rpm
66ab7bfe501dcf33bad4a22934947e82 php-imap-4.1.2-2.11.i386.rpm
34e203aca0a2f29b4b102cc8c48c2787 php-ldap-4.1.2-2.11.i386.rpm
3752f3f4095f3262b7b119eae0ca755e php-manual-4.1.2-2.11.i386.rpm
6272d1bc3133f429d5faf55197881339 php-mysql-4.1.2-2.11.i386.rpm
9c8da08015cd2611fa59286f4ed214db php-odbc-4.1.2-2.11.i386.rpm
a74c29a6916b0e01c2266a4c9f06616a php-pgsql-4.1.2-2.11.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFFEm+vXlSAg2UNWIIRAvp9AJ9HCwZ4oCJi5g/yE+lhcGuY2OH0HgCfUV9H
wk5WhfOy5JHpt3jcLrVBZFM=
=+r0n
-----END PGP SIGNATURE-----