Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2007:0153-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0153.html
Issue date: 2007-04-20
Updated on: 2007-04-20
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1718
CVE-2007-1583
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd extension. A script that
could be forced to write arbitrary string using a JIS font from an
untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)

A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

235016 - CVE-2007-1583 mbstring register_globals activation and mail() header injection (CVE-2007-1718)
235036 - CVE-2007-1001 gd flaws in wbmp, JIS font handling (CVE-2007-0455)

6. RPMs required:

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-11.el5.src.rpm
6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm

i386:
d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm
a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm
65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm
00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm
0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm
5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm
8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm
101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm
78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm
c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm
f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm
7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm
e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm
2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm
97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm
6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm
773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm
1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm
4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm
590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm

x86_64:
eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm
8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm
f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm
d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm
705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm
1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm
a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm
25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm
1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm
7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm
649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm
c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm
e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm
6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm
6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm
0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm
a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm
3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm
4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm
9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-11.el5.src.rpm
6bb51aa2c094e0073d355539601158d2 php-5.1.6-11.el5.src.rpm

i386:
d53bd0f7f66bd5cb9f0c5dd8376aaa10 php-5.1.6-11.el5.i386.rpm
a3120b1d8e25e0a140f3ab478d455ef0 php-bcmath-5.1.6-11.el5.i386.rpm
65e8d1207657e293fc1ceb5df8ef5542 php-cli-5.1.6-11.el5.i386.rpm
00f59127e8297d45e87eed974913398f php-common-5.1.6-11.el5.i386.rpm
0e54b49ad88811e5667b22683597359c php-dba-5.1.6-11.el5.i386.rpm
5f07c0a80c7edeb9fca14c6179f4fd94 php-debuginfo-5.1.6-11.el5.i386.rpm
8b5c86ad82c07a30bdb2bd4a729a7084 php-devel-5.1.6-11.el5.i386.rpm
101002cf8b2cf6e51705fcace07f250d php-gd-5.1.6-11.el5.i386.rpm
78e84e93106dccba49311b9654b89dbd php-imap-5.1.6-11.el5.i386.rpm
c71cd331c511fc3e3c0f02dc198fdfa3 php-ldap-5.1.6-11.el5.i386.rpm
f5deb5a99bce0524abe71ac1b7541f35 php-mbstring-5.1.6-11.el5.i386.rpm
7ea600da7c59dab628c95faff735e7bb php-mysql-5.1.6-11.el5.i386.rpm
e59b54ab91380f04ccd6a85932170a14 php-ncurses-5.1.6-11.el5.i386.rpm
2535008822ba4102c6ea3399ea3e6592 php-odbc-5.1.6-11.el5.i386.rpm
97d3386be258cfb5c8adfdc993c81b71 php-pdo-5.1.6-11.el5.i386.rpm
6bfda2a0428775ae0c5246027c6576b2 php-pgsql-5.1.6-11.el5.i386.rpm
773077dfc0d46c268b5bcbf2ed546a43 php-snmp-5.1.6-11.el5.i386.rpm
1da346df94ec940e1fb83d68a79738c7 php-soap-5.1.6-11.el5.i386.rpm
4cad86f42866176ef8df9b0315cd6eea php-xml-5.1.6-11.el5.i386.rpm
590d277c31f7b57a23199d4edf8502a4 php-xmlrpc-5.1.6-11.el5.i386.rpm

ia64:
6fbc0e4156c6779e7447d7acfd979787 php-5.1.6-11.el5.ia64.rpm
fa926ee03b6d8d8657a9bbc48c666291 php-bcmath-5.1.6-11.el5.ia64.rpm
1e2fb09743054b16862a698bacd6c8f3 php-cli-5.1.6-11.el5.ia64.rpm
d992b8f6b824930d58e3651715259745 php-common-5.1.6-11.el5.ia64.rpm
42f9b945b95d04a19c37ac543d64e92a php-dba-5.1.6-11.el5.ia64.rpm
cdbb679383d41ad092d7b799c3948b6c php-debuginfo-5.1.6-11.el5.ia64.rpm
c9f6555c46d5a43572e29e78b7ec266a php-devel-5.1.6-11.el5.ia64.rpm
6da9aba1aa0b1554895e607b29795f41 php-gd-5.1.6-11.el5.ia64.rpm
779ae74bfd7cd0a1c6778370948d3069 php-imap-5.1.6-11.el5.ia64.rpm
bee411a3917d621a21e630a0df278362 php-ldap-5.1.6-11.el5.ia64.rpm
cacef16531e6560a69fe20f3becf0f8a php-mbstring-5.1.6-11.el5.ia64.rpm
96ed534d298db11d6189603d4a4a1b46 php-mysql-5.1.6-11.el5.ia64.rpm
c41c1b55283a6a52f761246e96e765d9 php-ncurses-5.1.6-11.el5.ia64.rpm
76fabcb8bf8b8395ba97962e5a84e0a4 php-odbc-5.1.6-11.el5.ia64.rpm
395cd8ab832c72d27954f2fcff14f5b2 php-pdo-5.1.6-11.el5.ia64.rpm
e7838476e6288e7b96b37a38e94aff7f php-pgsql-5.1.6-11.el5.ia64.rpm
7465e1b6b9e40e264c581ef9eea18b08 php-snmp-5.1.6-11.el5.ia64.rpm
07e19feffca99486f1658fac2f66f484 php-soap-5.1.6-11.el5.ia64.rpm
b0d574612016dd8e2fca1d06364f75c2 php-xml-5.1.6-11.el5.ia64.rpm
70f19c815037ee3d98a85e879018b80d php-xmlrpc-5.1.6-11.el5.ia64.rpm

ppc:
2e0a33efafcdf78b5882e0ab03ff065d php-5.1.6-11.el5.ppc.rpm
b3bf05016ba8bb376bd2597420b15c59 php-bcmath-5.1.6-11.el5.ppc.rpm
bd9a12f42c3859d251636736b5c41615 php-cli-5.1.6-11.el5.ppc.rpm
4c8d3b8d237ccb59de0232e2d9d0d4cf php-common-5.1.6-11.el5.ppc.rpm
ec6609133713b50e807dcf96b8900275 php-dba-5.1.6-11.el5.ppc.rpm
24830ad29a08b881da9b30e96d4d547f php-debuginfo-5.1.6-11.el5.ppc.rpm
5035f6ae3d92b9dda48540beb765a5de php-devel-5.1.6-11.el5.ppc.rpm
571bb8cfdf27b1de242b96b08e7782db php-gd-5.1.6-11.el5.ppc.rpm
3d905e8e2e49c4dd7a0dbaa744b4df9e php-imap-5.1.6-11.el5.ppc.rpm
f9f3424c9a571b6d7df4f3e9cdbe1806 php-ldap-5.1.6-11.el5.ppc.rpm
6802616d81b7699ec841e7efa134ef1c php-mbstring-5.1.6-11.el5.ppc.rpm
aa2eea656e7a13d95884e83611ac666d php-mysql-5.1.6-11.el5.ppc.rpm
d44546ce79b9fe8915b972c948e329a7 php-ncurses-5.1.6-11.el5.ppc.rpm
783c28604cc426785187175ccc8bcd2c php-odbc-5.1.6-11.el5.ppc.rpm
a53c9d6dcf93f565c507be75b634b7c4 php-pdo-5.1.6-11.el5.ppc.rpm
5939ecafbdf9154673068092ab56b702 php-pgsql-5.1.6-11.el5.ppc.rpm
164d1301fc9cfe67c8a390a3e8b13203 php-snmp-5.1.6-11.el5.ppc.rpm
b645a0e76b0fb300581a4e43b8764cfb php-soap-5.1.6-11.el5.ppc.rpm
4c004ecb53a40dd0e76e14d8715e27f6 php-xml-5.1.6-11.el5.ppc.rpm
02bb2911d00505dfd67079cb119cdfab php-xmlrpc-5.1.6-11.el5.ppc.rpm

s390x:
d0d56e20f7f30ccbc278848472950fd8 php-5.1.6-11.el5.s390x.rpm
447f7beeadd7fbf5c20bff791aa01993 php-bcmath-5.1.6-11.el5.s390x.rpm
a1945ee0fb7292318e5d2e94771f74a3 php-cli-5.1.6-11.el5.s390x.rpm
32dee0fc91006ae761fcfde592cd94ad php-common-5.1.6-11.el5.s390x.rpm
623b96dade743a60ca60aff42d77dfb9 php-dba-5.1.6-11.el5.s390x.rpm
70a523efb5dd8ef8142baca5c1843195 php-debuginfo-5.1.6-11.el5.s390x.rpm
023a3125038045d0ad91a837619c31f4 php-devel-5.1.6-11.el5.s390x.rpm
3918ccb7b01723501741b727e7d37c98 php-gd-5.1.6-11.el5.s390x.rpm
d3620373bb72c6f106f49e10d92517c4 php-imap-5.1.6-11.el5.s390x.rpm
daff492934155941111ad2cfa3dda25b php-ldap-5.1.6-11.el5.s390x.rpm
bd3f9060ad1e210ea418e74574b8d8ec php-mbstring-5.1.6-11.el5.s390x.rpm
5aad9fab17b78542fed284605ae7db8c php-mysql-5.1.6-11.el5.s390x.rpm
d90329cda9386195f0ee10803474474a php-ncurses-5.1.6-11.el5.s390x.rpm
2777213261dc62b7b6269bf694bbc532 php-odbc-5.1.6-11.el5.s390x.rpm
579567b50e96e4250c81ada9a6a42318 php-pdo-5.1.6-11.el5.s390x.rpm
8117672429d790b5791a80d51c43ef9b php-pgsql-5.1.6-11.el5.s390x.rpm
240087bce7f67e35c63193e2589a703c php-snmp-5.1.6-11.el5.s390x.rpm
645cbd9c82fa2501bc69b681fa3a644a php-soap-5.1.6-11.el5.s390x.rpm
bd3c21a09517b135c8cdf8de61eb9fe2 php-xml-5.1.6-11.el5.s390x.rpm
2419051b6081fa84181b05baaefcaafd php-xmlrpc-5.1.6-11.el5.s390x.rpm

x86_64:
eb30d9a59029cb441b770df74e4bb120 php-5.1.6-11.el5.x86_64.rpm
8c430e36ca52c690ffc64410f4e9a97b php-bcmath-5.1.6-11.el5.x86_64.rpm
f40a8a0f122e84f551c2b56125b72f7a php-cli-5.1.6-11.el5.x86_64.rpm
d807f7e7f7dbb6392f20a0da9c94a7b0 php-common-5.1.6-11.el5.x86_64.rpm
705c7666de1d24f0460bda27f83acef4 php-dba-5.1.6-11.el5.x86_64.rpm
1c99fd880620a2fa24f5d637339666f7 php-debuginfo-5.1.6-11.el5.x86_64.rpm
a13ad5a1023646fef9609f8f6b94e65d php-devel-5.1.6-11.el5.x86_64.rpm
25e164d3270a72b10fa14ad73929f70c php-gd-5.1.6-11.el5.x86_64.rpm
1bf9e5e14910abd12be86c5de065c0a1 php-imap-5.1.6-11.el5.x86_64.rpm
7206536783846f283b2b618c7602b43d php-ldap-5.1.6-11.el5.x86_64.rpm
649ddff34b26b747309537c02a1ebf31 php-mbstring-5.1.6-11.el5.x86_64.rpm
c08d703a5602d801aaca95c02b25126a php-mysql-5.1.6-11.el5.x86_64.rpm
e376de4524c7a6cc35d57a10edcaceb1 php-ncurses-5.1.6-11.el5.x86_64.rpm
6f0f33e91cc3f46da73ce37962093dfa php-odbc-5.1.6-11.el5.x86_64.rpm
6f51fec2e9e703c44968b5bc45bd5b71 php-pdo-5.1.6-11.el5.x86_64.rpm
0d5022bec64a6378819b4f4a51dd2f7e php-pgsql-5.1.6-11.el5.x86_64.rpm
a543a653849fea7676fe80c71000063b php-snmp-5.1.6-11.el5.x86_64.rpm
3fd0162bdfd5f9890e4e228f37e8001c php-soap-5.1.6-11.el5.x86_64.rpm
4be0a0b9aac607f16c520faaa0ba8da4 php-xml-5.1.6-11.el5.x86_64.rpm
9c9861a1ca2dfdd59444638b6c479191 php-xmlrpc-5.1.6-11.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGKIx/XlSAg2UNWIIRAln1AKCXgSf0DNCk3TH1y8Zc6BjxE37vIQCfZP5q
uYkGk48K8XyhZcfhqWOwhpM=
=ItHC
-----END PGP SIGNATURE-----