--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-3768
2009-04-21 23:54:56
--------------------------------------------------------------------------------

Name        : php
Product     : Fedora 10
Version     : 5.2.9
Release     : 2.fc10
URL         : https://www.php.net/
Summary     : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP
language to Apache HTTP Server.

--------------------------------------------------------------------------------
Update Information:

Update to PHP 5.2.9    A heap-based buffer overflow flaw was found in PHP's
mbstring extension. A remote attacker able to pass arbitrary input to a PHP
script using mbstring conversion functions could cause the PHP interpreter to
crash or, possibly, execute arbitrary code. (CVE-2008-5557)    A directory
traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used
to extract a malicious ZIP archive, it could allow an attacker to write
arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it could
cause the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-3658)    A memory disclosure flaw was found in the PHP gd extension's
imagerotate function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions of
the PHP interpreter's memory. (CVE-2008-5498)    A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP interpreter
had "display_errors" enabled, a remote attacker able to set a specially-crafted
cookie on a victim's system could possibly inject arbitrary HTML into an error
message generated by PHP. (CVE-2008-5814)    A flaw was found in the handling of
the "mbstring.func_overload" configuration setting. A value set for one virtual
host, or in a user's .htaccess file, was incorrectly applied to other virtual
hosts on the same server, causing the handling of multibyte character strings to
not work correctly. (CVE-2009-0754)    A flaw was found in PHP's json_decode
function. A remote attacker could use this flaw to create a specially-crafted
string which could cause the PHP interpreter to crash while being decoded in a
PHP script. (CVE-2009-1271)    A flaw was found in the use of the uw-imap
library by the PHP "imap" extension. This could cause the PHP interpreter to
crash if the "imap" extension was used to read specially-crafted mail messages
with long headers. (CVE-2008-2829)    https://www.php.net/releases/5_2_7.php
https://www.php.net/releases/5_2_8.php  https://www.php.net/releases/5_2_9.php
https://www.php.net/ChangeLog-5.php#5.2.9
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 17 2009 Joe Orton  5.2.9-2
- stay at v3 of systzdata patch
* Thu Apr 16 2009 Remi Collet  - 5.2.9-1
- update to 5.2.9
- merge with some rawhide improvments (fix patch fuzz, renumber
  patches, drop obsolete configure args, drop -odbc patch)
* Sat Jan  3 2009 Remi Collet  5.2.8-1
- update to 5.2.8
- add missing php_embed.h (#457777)
- enable pdo_dblib driver in php-mssql
* Tue Nov  4 2008 Joe Orton  5.2.6-6
- move gd_README to php-gd
- update to r4 of systzdata patch; introduces a default timezone
  name of "System/Localtime", which uses /etc/localtime (#469532)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=478425
  [ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode()
        https://bugzilla.redhat.com/show_bug.cgi?id=494530
  [ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
        https://bugzilla.redhat.com/show_bug.cgi?id=459529
  [ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
        https://bugzilla.redhat.com/show_bug.cgi?id=459572
  [ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=452808
  [ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=474824
  [ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
        https://bugzilla.redhat.com/show_bug.cgi?id=478848
  [ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=479272
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update php' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 10 Update: php-5.2.9-2.fc10

May 29, 2009
Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP

language to Apache HTTP Server.

Update Information:

Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used to extract a malicious ZIP archive, it could allow an attacker to write arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode function. A remote attacker could use this flaw to create a specially-crafted string which could cause the PHP interpreter to crash while being decoded in a PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap library by the PHP "imap" extension. This could cause the PHP interpreter to crash if the "imap" extension was used to read specially-crafted mail messages with long headers. (CVE-2008-2829) https://www.php.net/releases/5_2_7.php https://www.php.net/releases/5_2_8.php https://www.php.net/releases/5_2_9.php https://www.php.net/ChangeLog-5.php#5.2.9

Change Log

* Fri Apr 17 2009 Joe Orton 5.2.9-2 - stay at v3 of systzdata patch * Thu Apr 16 2009 Remi Collet - 5.2.9-1 - update to 5.2.9 - merge with some rawhide improvments (fix patch fuzz, renumber patches, drop obsolete configure args, drop -odbc patch) * Sat Jan 3 2009 Remi Collet 5.2.8-1 - update to 5.2.8 - add missing php_embed.h (#457777) - enable pdo_dblib driver in php-mssql * Tue Nov 4 2008 Joe Orton 5.2.6-6 - move gd_README to php-gd - update to r4 of systzdata patch; introduces a default timezone name of "System/Localtime", which uses /etc/localtime (#469532)

References

[ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=478425 [ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode() https://bugzilla.redhat.com/show_bug.cgi?id=494530 [ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension https://bugzilla.redhat.com/show_bug.cgi?id=459529 [ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension https://bugzilla.redhat.com/show_bug.cgi?id=459572 [ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=452808 [ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=474824 [ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution) https://bugzilla.redhat.com/show_bug.cgi?id=478848 [ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service https://bugzilla.redhat.com/show_bug.cgi?id=479272

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php
Product : Fedora 10
Version : 5.2.9
Release : 2.fc10
URL : https://www.php.net/
Summary : PHP scripting language for creating dynamic web sites

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved