Red Hat 9062 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: php security update
Advisory ID: RHSA-2007:0162-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0162.html
Issue date: 2007-04-16
Updated on: 2007-04-16
Product: Red Hat Application Stack
CVE Names: CVE-2007-0455 CVE-2007-1001 CVE-2007-1285
CVE-2007-1718 CVE-2007-1583
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack v1.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd extension. A script that
could be forced to write arbitrary strings using a JIS font from an
untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

235354 - CVE-2007-1285 Multiple PHP Vulnerabilities (CVE-2007-1583, CVE-2007-1718, CVE-2007-1001, CVE-2007-0455)

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm
7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm

i386:
3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm
c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm
b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm
7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm
a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm
d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm
4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm
1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm
492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm
3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm
1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm
87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm
6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm
218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm
87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm
d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm
971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm
9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm
49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm
1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm

x86_64:
253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm
860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm
7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm
6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm
1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm
6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm
bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm
47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm
c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm
095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm
9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm
efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm
0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm
6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm
cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm
72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm
20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm
a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm
e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm
59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.6.src.rpm
7d2dad5706ad3043f2de3ee54a76337d php-5.1.6-3.el4s1.6.src.rpm

i386:
3bc1f82011bb83af79baf03c46cd97d3 php-5.1.6-3.el4s1.6.i386.rpm
c92ee91ece1cc2e162c97cc730b6ef2f php-bcmath-5.1.6-3.el4s1.6.i386.rpm
b8e223b04293bec7b59bef5959ca8d38 php-cli-5.1.6-3.el4s1.6.i386.rpm
7b09d67e7ea01af4adde2fff06c45984 php-common-5.1.6-3.el4s1.6.i386.rpm
a2ee349fe353eab1eebd6311350860ed php-dba-5.1.6-3.el4s1.6.i386.rpm
d227f876474d6657e3d944d63128d511 php-debuginfo-5.1.6-3.el4s1.6.i386.rpm
4238ee90b272b68be2793e3285086fda php-devel-5.1.6-3.el4s1.6.i386.rpm
1578b049f3ea33037ae1bb56b3cb6a39 php-gd-5.1.6-3.el4s1.6.i386.rpm
492c0b8f4680ce63b4fdb00006baba53 php-imap-5.1.6-3.el4s1.6.i386.rpm
3208a7dc04b82284ad2151ca37ab72c9 php-ldap-5.1.6-3.el4s1.6.i386.rpm
1c80c4ca194000cf3a0ae52ec65cee55 php-mbstring-5.1.6-3.el4s1.6.i386.rpm
87658b40797d36475f90098519b5fed4 php-mysql-5.1.6-3.el4s1.6.i386.rpm
6c114c68c9adc032cb701cd2e26717f6 php-ncurses-5.1.6-3.el4s1.6.i386.rpm
218d013a54c4204751512625d3253df8 php-odbc-5.1.6-3.el4s1.6.i386.rpm
87c26d339ad08e0549f27f99b79f0dd4 php-pdo-5.1.6-3.el4s1.6.i386.rpm
d660b8e6d5a3cb6b309d39ef39844e88 php-pgsql-5.1.6-3.el4s1.6.i386.rpm
971f652d5e4afbd727b44888982d118e php-snmp-5.1.6-3.el4s1.6.i386.rpm
9a12c8e6a9fb06c5156f44e46113478c php-soap-5.1.6-3.el4s1.6.i386.rpm
49452a17684968cbbf5b1a3e83aeafae php-xml-5.1.6-3.el4s1.6.i386.rpm
1824a05dea1e6d30b94707aac471a1a7 php-xmlrpc-5.1.6-3.el4s1.6.i386.rpm

x86_64:
253066e45756f2c6cdc989c04afc70b1 php-5.1.6-3.el4s1.6.x86_64.rpm
860964f19acc4ce9925a710d7012550f php-bcmath-5.1.6-3.el4s1.6.x86_64.rpm
7282ce839126ebfe0552c54ff36a59f9 php-cli-5.1.6-3.el4s1.6.x86_64.rpm
6daa6b316c2d56bce470801e5bf7157b php-common-5.1.6-3.el4s1.6.x86_64.rpm
1a03721047f3b63f708627468eb874e6 php-dba-5.1.6-3.el4s1.6.x86_64.rpm
6bee1b5958ff6d7dd637f18e6a30cad9 php-debuginfo-5.1.6-3.el4s1.6.x86_64.rpm
bd5b063d83a4dbc5157606dae09c2019 php-devel-5.1.6-3.el4s1.6.x86_64.rpm
47063dc55a9d2d65a71062ba2a26a833 php-gd-5.1.6-3.el4s1.6.x86_64.rpm
c36277816e0da97fc8bc858a833f294d php-imap-5.1.6-3.el4s1.6.x86_64.rpm
095eb622d8f72f70f9048a333b78c793 php-ldap-5.1.6-3.el4s1.6.x86_64.rpm
9d3190e3ed9bbcbb92b67293d4f75ab0 php-mbstring-5.1.6-3.el4s1.6.x86_64.rpm
efd0a92f9828fcf979c8f9442495dd21 php-mysql-5.1.6-3.el4s1.6.x86_64.rpm
0d6b4ad7ef760264478b1b4cb267447e php-ncurses-5.1.6-3.el4s1.6.x86_64.rpm
6ca36fc332e136f36e4fb7cd03b3a5c7 php-odbc-5.1.6-3.el4s1.6.x86_64.rpm
cf656720e224b3897fa203cb80d91282 php-pdo-5.1.6-3.el4s1.6.x86_64.rpm
72e67935a588ddfed7abfb73f58d337a php-pgsql-5.1.6-3.el4s1.6.x86_64.rpm
20bea80ab4cd427f6fb44da4b08fb1a3 php-snmp-5.1.6-3.el4s1.6.x86_64.rpm
a1ce135048dc04bc34bf590a96fe1393 php-soap-5.1.6-3.el4s1.6.x86_64.rpm
e22816d5b064cdb97823a44a3c9aadb1 php-xml-5.1.6-3.el4s1.6.x86_64.rpm
59ce32d3f90a43ce6a14fd18316315c5 php-xmlrpc-5.1.6-3.el4s1.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1583
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGI2OOXlSAg2UNWIIRAlRPAJwJAkb9HUXNTTLvoJiKp7Fg7+21YQCgl9Vr
gYseL4OvE9iM2mytx32384g=
=fual
-----END PGP SIGNATURE-----