Fedora Core 5: 2007-456 Moderate: PHP Denial Of Service

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed

a deeply nested array. A remote attacker could cause the PHP

interpreter to crash by submitting an input variable with a

deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set

global variables. A script which used the mb_parse_str()

function to set global variables could be forced to enable

the register_globals configuration option, possibly

resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function

processed header data. If a script sent mail using a Subject

header containing a string from an untrusted source, a

remote attacker could send bulk e-mail to unintended

recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd

extension. A script that could be forced to process WBMP

images from an untrusted source could result in arbitrary

code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd

extension. A script that could be forced to write arbitrary

strings using a JIS font from an untrusted source could

cause the PHP interpreter to crash. (CVE-2007-0455)

- add security fixes for CVE-2007-0455, CVE-2007-1001,

CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)

* Fri Feb 23 2007 Joe Orton 5.1.6-1.4

- fix pdo-abi provide

* Tue Feb 20 2007 Joe Orton 5.1.6-1.3

- add security fixes for: CVE-2007-0906, CVE-2007-0907,

CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)

* Fri Nov 3 2006 Joe Orton 5.1.6-1.2

- add security fix for CVE-2006-5465 (#213732)

* Fri Oct 6 2006 Joe Orton 5.1.6-1.1

- update to 5.1.6 (#201767, #204995)

- add fix for upstream #38801

- add security fix for CVE-2006-4812

- drop Obsoletes for mod_php (#194590)

- add php-pdo-abi versioning (#193202)

- move php{-config,ize} man pages to -devel (#199382)

3acc2efde826494f4403464cab0ca7657100ebfb SRPMS/php-5.1.6-1.5.src.rpm

3acc2efde826494f4403464cab0ca7657100ebfb noarch/php-5.1.6-1.5.src.rpm

a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab ppc/php-imap-5.1.6-1.5.ppc.rpm

2371ff00318392511255a098abe3dc60a02afc57 ppc/php-xml-5.1.6-1.5.ppc.rpm

67fc96ee713a8b232ca2235db81ec3ff34091d5e ppc/php-snmp-5.1.6-1.5.ppc.rpm

8a358224691dad2a5a104f85273164833e1716ed ppc/php-ncurses-5.1.6-1.5.ppc.rpm

bb92f83ca915d03aa32c271406605a093163171b ppc/php-bcmath-5.1.6-1.5.ppc.rpm

9a0ba2559665bce0c4d98e84e368748a39d261aa ppc/php-5.1.6-1.5.ppc.rpm

93733fb5febe43b95945b7fb14682a7c3e50d6e6 ppc/php-pdo-5.1.6-1.5.ppc.rpm

6259e0b788eecdc623175455d99ae2795d31b43a ppc/php-devel-5.1.6-1.5.ppc.rpm

ce67182f097f10f8f164b256058d5373b0527fe6 ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm

46412fad50c6b995e0845c937a9f66e2187d0141 ppc/php-soap-5.1.6-1.5.ppc.rpm

b648af44ace9e22057d2a42c7c874a85e6bd6a4a ppc/php-odbc-5.1.6-1.5.ppc.rpm

0d2f2df06d1460640206cbbbb125614709792d21 ppc/php-dba-5.1.6-1.5.ppc.rpm

31528990ef677c95430426ae3334ab6666186766 ppc/php-mbstring-5.1.6-1.5.ppc.rpm

68ffe16f2bd35431bca5a5b7460013b7ef169083 ppc/php-gd-5.1.6-1.5.ppc.rpm

5fb8781025762d46e70ec8b9b8a35e3d31b5ed04 ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm

f0eadde0805284ba5c11c177de0dc79abe43d79d ppc/php-ldap-5.1.6-1.5.ppc.rpm

d2b14eba25de2c971cb229aa049b5fff0a516068 ppc/php-mysql-5.1.6-1.5.ppc.rpm

688327e56543579c4a2492edeb23d246a835017e ppc/php-pgsql-5.1.6-1.5.ppc.rpm

a261ef8bec5f88705133aa6d819455a43cc85bcd x86_64/php-mysql-5.1.6-1.5.x86_64.rpm

ec119d6df73f337e4c77f89824c1c71fcb41f148 x86_64/php-xml-5.1.6-1.5.x86_64.rpm

395d8f9d19755138343e8c29de0ecd633bfe1894 x86_64/php-soap-5.1.6-1.5.x86_64.rpm

7995f07ffd64492ea2b3164bfb3c091c69657703 x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm

13c77b3cbf07db7881f885e85a74dde07c910b57 x86_64/php-5.1.6-1.5.x86_64.rpm

f285207c77e8d119fc741399c22af7ada04821db x86_64/php-pdo-5.1.6-1.5.x86_64.rpm

612314a9dcc3fd058fc89dde4140b47af5587eca x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm

780e74eb7233c6caaab6d3b0013f0fb3425bcdfb x86_64/php-ldap-5.1.6-1.5.x86_64.rpm

bda586c6d3129cd4ec3a954def127b5b5a74d7c4 x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm

c4545ee4c0c266222d2767edc70a6c1890cefc26 x86_64/php-dba-5.1.6-1.5.x86_64.rpm

97b9935c912432ccac25185a5d1b61c282c574c9 x86_64/php-odbc-5.1.6-1.5.x86_64.rpm

77f7ada0f37bd8ee02c01438572d833e8bdace0f x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm

971ddb46656a97d7936baffa3f048d57591a5ea9 x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm

f61bdeda008058af56ae95bb7b4095df619ea696 x86_64/php-devel-5.1.6-1.5.x86_64.rpm

8d33b1406833a0f9e291e69adeea2fd382708ec9 x86_64/php-snmp-5.1.6-1.5.x86_64.rpm

5dd0f84a2f6be21bed6db74292b617fd88a0f502 x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm

7739c9ebafc087eb5e550be208c93e3e0782463c x86_64/php-imap-5.1.6-1.5.x86_64.rpm

b8b31652e28d3ee2d31c644b2685639c161843f1 x86_64/php-gd-5.1.6-1.5.x86_64.rpm

5182fd38d92865263c2334b4889eb85eadf2d1be i386/php-mbstring-5.1.6-1.5.i386.rpm

04f3f2f49ba7bfafdc4b6edfa87023f48d94f168 i386/php-xmlrpc-5.1.6-1.5.i386.rpm

80a526ca1f9a88a6acd2e307b8c297ffd77c4268 i386/php-dba-5.1.6-1.5.i386.rpm

a63ccf9714d62794eb43f3cd649eb55ddd932139 i386/php-devel-5.1.6-1.5.i386.rpm

fb29c291bddfbc1edbc22198308cc85248d79d58 i386/php-mysql-5.1.6-1.5.i386.rpm

8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060 i386/php-snmp-5.1.6-1.5.i386.rpm

95fda6708a4456c0d35c9392e52cb294af3da7e5 i386/php-xml-5.1.6-1.5.i386.rpm

1a6285aae244b6c57a1ecb439b958a409276e45a i386/php-pgsql-5.1.6-1.5.i386.rpm

766d8b6740ee93bf80123d6861fd7ff3fcbf1223 i386/php-bcmath-5.1.6-1.5.i386.rpm

9d5f62294afc525b6d0adcc22faab62ad9d9f290 i386/php-imap-5.1.6-1.5.i386.rpm

562d315769c26db6b75825993e854ecc73e816fa i386/php-pdo-5.1.6-1.5.i386.rpm

fe3298930192b04874edd49f513cf6a1617e5f2f i386/php-odbc-5.1.6-1.5.i386.rpm

5f00f0bdb98693b10410af42681b6909128c1ce1 i386/php-gd-5.1.6-1.5.i386.rpm

259da340d4e9c240e3a0577334e274461a6e6189 i386/php-5.1.6-1.5.i386.rpm

8867d1852d6fbe2178034840c651c14301982af5 i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm

5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f i386/php-soap-5.1.6-1.5.i386.rpm

72693d70434fc6fc8281be8f85f6dcc3eb53a4a5 i386/php-ncurses-5.1.6-1.5.i386.rpm

9b3a6d07c3580034204654008fe8898a4e24c84c i386/php-ldap-5.1.6-1.5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/