Fedora Core 3: FEDORA-2005-517 Critical PHP Security Fix

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a

security issue in the XML_RPC server implementation. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the

name CAN-2005-1921 to this issue.

The bundled version of shtool is also updated, to fix some temporary

file handling races. The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.

- pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)

- update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)

- require autoconf, automake for -devel package (#159283)

a174c30ad5e96498a5e93233ee6385ea SRPMS/php-4.3.11-2.6.src.rpm

a2984b641de63888c6622e9d5e6c131e x86_64/php-4.3.11-2.6.x86_64.rpm

43fcc397d921a0830faf56b971ddd31f x86_64/php-devel-4.3.11-2.6.x86_64.rpm

a98ee7857361a00bb7253af012bcf8ca x86_64/php-pear-4.3.11-2.6.x86_64.rpm

af006624ac19d143821e8589ea1ab41b x86_64/php-imap-4.3.11-2.6.x86_64.rpm

e911a6bc8509791fdb3beb6ec57f9a4f x86_64/php-ldap-4.3.11-2.6.x86_64.rpm

0667770fe1a20ab4377b0f270e86dd24 x86_64/php-mysql-4.3.11-2.6.x86_64.rpm

f9d2a8cf407875991ca3d353bcb7f17c x86_64/php-pgsql-4.3.11-2.6.x86_64.rpm

2d47fd7f1ba7e2a3932917ee4bf9c39d x86_64/php-odbc-4.3.11-2.6.x86_64.rpm

dff854303417c33939adf56b2ff52dd6 x86_64/php-snmp-4.3.11-2.6.x86_64.rpm

830d9e2d023bf789774fb610db5c10ea x86_64/php-domxml-4.3.11-2.6.x86_64.rpm

9c074857fe9a4db0b2cad3e3220a7fa0 x86_64/php-xmlrpc-4.3.11-2.6.x86_64.rpm

8cc21c37e3f46c3091c31d0111043a2f x86_64/php-mbstring-4.3.11-2.6.x86_64.rpm

387e8fbeb1e0ddaba3ed8c9f6c531509 x86_64/php-ncurses-4.3.11-2.6.x86_64.rpm

887ae796ffa6aa12bbc4e7ef227af209 x86_64/php-gd-4.3.11-2.6.x86_64.rpm

1957e6d2ae92be01f79b395736a6bd73 x86_64/debug/php-debuginfo-4.3.11-2.6.x86_64.rpm

093db5829c89aba8af79bcce88d83e2e i386/php-4.3.11-2.6.i386.rpm

9314db2476cbd4840286b0092d603621 i386/php-devel-4.3.11-2.6.i386.rpm

259afaa2af03ea7d879c6a448c3ad70a i386/php-pear-4.3.11-2.6.i386.rpm

aaa0e93451abb3794624520ed7400ace i386/php-imap-4.3.11-2.6.i386.rpm

490d0f1c9b71176e238faa096793bdd4 i386/php-ldap-4.3.11-2.6.i386.rpm

6b773958ade696a8e9b18a3b519c443b i386/php-mysql-4.3.11-2.6.i386.rpm

259498bb42fc271c651d72a4871b9b31 i386/php-pgsql-4.3.11-2.6.i386.rpm

ad1c1a842709494b098979c9f2aa33a7 i386/php-odbc-4.3.11-2.6.i386.rpm

5bdd86ed53246118645d599c07e7909c i386/php-snmp-4.3.11-2.6.i386.rpm

af8af25e3e0319db1c9a325f85112b77 i386/php-domxml-4.3.11-2.6.i386.rpm

bb551acb1b2421ce2d4ac6e7d2cc676b i386/php-xmlrpc-4.3.11-2.6.i386.rpm

4a7ecf8772101604df11e2276b7c9ae2 i386/php-mbstring-4.3.11-2.6.i386.rpm

81fa3c7e75d7e304f6d6a85ca3059630 i386/php-ncurses-4.3.11-2.6.i386.rpm

c76642b88ae71ae50e805af6dfc2d6fe i386/php-gd-4.3.11-2.6.i386.rpm

f3f076e25a64669d98d73965acd66181 i386/debug/php-debuginfo-4.3.11-2.6.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyp5eR/aWnQ5EzwwRAsEZAJ9bfHTz8RVm8clEHtQIRSB7dl5g3gCfezDV

GNylh/DbqSa7v5T4qCTvfn8=h1a/

-----END PGP SIGNATURE-------OgqxwSJOaUobr8KG--

--===============1728576472=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com