Fedora Core 5: FEDORA-2006-629 Critical PHP XML_RPC Server Threat

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a

security issue in the XML_RPC server implementation. The Common

Vulnerabilities and Exposures project (cve.mitre.org) has assigned the

name CAN-2005-1921 to this issue.

The bundled version of shtool is also updated, to fix some temporary

file handling races. The Common Vulnerabilities and Exposures project

(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.

Bug fixes for the dom, ldap, and gd extensions are also included in

this update.

- pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)

- update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)

* Tue Jun 21 2005 Joe Orton 5.0.4-10.2

- fix imports from dom module (Rob Richards, #161447)

- fix detection and support for ldap_start_tls (#160527)

- fix imagettftext et al (upstream, #161001)

- mark php.ini and php.conf as noreplace again for updates

0c6522a88226f54f5e5b7de87fbc0c11 SRPMS/php-5.0.4-10.3.src.rpm

bfaea50f076c4e099c268da5e7620f4b ppc/php-5.0.4-10.3.ppc.rpm

8a07fa05c8405b8e57d132b6ea1f35b1 ppc/php-devel-5.0.4-10.3.ppc.rpm

565d15f4846387a847f8ec46b5c0b396 ppc/php-pear-5.0.4-10.3.ppc.rpm

dbec56b97f22708db35526087110f421 ppc/php-imap-5.0.4-10.3.ppc.rpm

3ae7074cf4ab82f5c8204f72b126dde0 ppc/php-ldap-5.0.4-10.3.ppc.rpm

51836fcd1e96516e78a4e1d109733674 ppc/php-mysql-5.0.4-10.3.ppc.rpm

ea5e7470d83768e1ac5c68796b5b84f3 ppc/php-pgsql-5.0.4-10.3.ppc.rpm

d56a9554078b3b24840025487aa9dfed ppc/php-odbc-5.0.4-10.3.ppc.rpm

5c785d8775d0a627ea2ba976245824e4 ppc/php-soap-5.0.4-10.3.ppc.rpm

bffafd1150b30fde9993f928d4a2d7c0 ppc/php-snmp-5.0.4-10.3.ppc.rpm

784f81cc2692689a585c1fc370a2f17d ppc/php-xml-5.0.4-10.3.ppc.rpm

57bee6798a5722698e33d03132f56583 ppc/php-xmlrpc-5.0.4-10.3.ppc.rpm

b0f76a1c4b916b21f47264f5f87c52bb ppc/php-mbstring-5.0.4-10.3.ppc.rpm

579b1ed7ce37a414adb620cbae082dd1 ppc/php-ncurses-5.0.4-10.3.ppc.rpm

64bef62199d03684373798f4f9c10e06 ppc/php-gd-5.0.4-10.3.ppc.rpm

f1efef76a385b5a0dd021a893a8bae82 ppc/php-bcmath-5.0.4-10.3.ppc.rpm

478a276f46917bb4d6dcea26d9fa661c ppc/php-dba-5.0.4-10.3.ppc.rpm

322bc6293f6c8deb9221241c18c93c82 ppc/debug/php-debuginfo-5.0.4-10.3.ppc.rpm

8efec10a38d939add4eb3c3282e15a61 x86_64/php-5.0.4-10.3.x86_64.rpm

d673f5d0bbed054802b976c7f64325f2 x86_64/php-devel-5.0.4-10.3.x86_64.rpm

5d45dc58614ff16f725e975e20d9405e x86_64/php-pear-5.0.4-10.3.x86_64.rpm

aada20087705846a32f51eb479a340e4 x86_64/php-imap-5.0.4-10.3.x86_64.rpm

9c38732c237643b6ab15d9eb8ac38690 x86_64/php-ldap-5.0.4-10.3.x86_64.rpm

2509b955a13e7d4dc5b601b4378eb73e x86_64/php-mysql-5.0.4-10.3.x86_64.rpm

7733267f9c4aee9145b1150ad066c15b x86_64/php-pgsql-5.0.4-10.3.x86_64.rpm

69e34aadb84a83984f4f1e5f8f0351f1 x86_64/php-odbc-5.0.4-10.3.x86_64.rpm

421f3f0e308ac094dfdd3e9e33f5a2ab x86_64/php-soap-5.0.4-10.3.x86_64.rpm

c392b1c9377612dfacbb739b091e802d x86_64/php-snmp-5.0.4-10.3.x86_64.rpm

7ff88a5d7a91e4d5038257deadae3b0f x86_64/php-xml-5.0.4-10.3.x86_64.rpm

f9d2c7f91395ab69be20f1872fc97842 x86_64/php-xmlrpc-5.0.4-10.3.x86_64.rpm

16a3f115bfaa44ac7d5ff92e9146253b x86_64/php-mbstring-5.0.4-10.3.x86_64.rpm

44826fa9acef498c42eb49f1e51f87d7 x86_64/php-ncurses-5.0.4-10.3.x86_64.rpm

5c2556e825a490c2db2f555dc4d016b9 x86_64/php-gd-5.0.4-10.3.x86_64.rpm

21568c6ad605a84b1a240f414b7166be x86_64/php-bcmath-5.0.4-10.3.x86_64.rpm

cdc560b1d7c7237dc918764c1370f08e x86_64/php-dba-5.0.4-10.3.x86_64.rpm

233dc431c4fccc4adbb0797007b1a78a x86_64/debug/php-debuginfo-5.0.4-10.3.x86_64.rpm

8e745631a8ac72c8beb28707dda1b407 i386/php-5.0.4-10.3.i386.rpm

fdfd59d4504f9ac5c52a251dad404a8b i386/php-devel-5.0.4-10.3.i386.rpm

90bddaf9f48d94e584c35a82c7fe89fe i386/php-pear-5.0.4-10.3.i386.rpm

4fcbed04dfe357a9b2c4a5fb85058304 i386/php-imap-5.0.4-10.3.i386.rpm

dea52cc729d8f224e0ea17bf219f320b i386/php-ldap-5.0.4-10.3.i386.rpm

e6ee42402a1cbd8a01a58b84e790efb3 i386/php-mysql-5.0.4-10.3.i386.rpm

8d562d334790734b3a7fda48d43c3cb9 i386/php-pgsql-5.0.4-10.3.i386.rpm

24a01a9e32073783a56cf487228ab9be i386/php-odbc-5.0.4-10.3.i386.rpm

7308e2120909b36d3d7e98bcc0ee0400 i386/php-soap-5.0.4-10.3.i386.rpm

438b9b67b75e0ff9a3d797d091be3670 i386/php-snmp-5.0.4-10.3.i386.rpm

483af673a9d33df179dcfca20eb94e73 i386/php-xml-5.0.4-10.3.i386.rpm

2ee878c5bca760a4f3ed01549657ec74 i386/php-xmlrpc-5.0.4-10.3.i386.rpm

a7b3d134abda5a134de5fb8b86558086 i386/php-mbstring-5.0.4-10.3.i386.rpm

4ccd1e7dd776cc5a13f9b4071755a36c i386/php-ncurses-5.0.4-10.3.i386.rpm

c447d59cec28198b72e63de1d34416d0 i386/php-gd-5.0.4-10.3.i386.rpm

d411c4ed89ada9f064fe43e793df09f7 i386/php-bcmath-5.0.4-10.3.i386.rpm

50c8efd1eba45c3cdecf6f94429816f1 i386/php-dba-5.0.4-10.3.i386.rpm

6cc243c39853ec33401b5fb772378c98 i386/debug/php-debuginfo-5.0.4-10.3.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command. =20

Content-Type: application/pgp-signature

Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyp5+R/aWnQ5EzwwRAgAUAJ4yOXMBProsqtUs596LgAf4beBIswCgjTZQ

gneAs2HgAzKL5CM+02H3W6Q=2MWH

-----END PGP SIGNATURE-------jho1yZJdad60DJr+--

--===============2050808365=Content-Type: text/plain; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Content-Disposition: inline

--fedora-announce-list mailing list

fedora-announce-list@redhat.com