Fedora Core 6: 2007-415 Critical PHP Denial Of Service And Injection
fedora
April 17, 2007
This update fixes a number of security issues in PHP.
A denial of service flaw was found in the way PHP processed
a deeply nested array
Summary
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
The php package contains the module which adds support for the PHP
language to Apache HTTP Server.
This update fixes a number of security issues in PHP.
A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)
A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)
- add security fixes for CVE-2007-0455, CVE-2007-1001,
CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
- package /usr/share/php (#225434)
ba011afdd624305632629e3f4605817f8bc47ae3 SRPMS/php-5.1.6-3.5.fc6.src.rpm
ba011afdd624305632629e3f4605817f8bc47ae3 noarch/php-5.1.6-3.5.fc6.src.rpm
6a69d4c8085e24c8148052a2b096d6115b9f39a8 ppc/php-xml-5.1.6-3.5.fc6.ppc.rpm
a447279cb67aaf5e73fc17cde4915e3e78acee86 ppc/php-xmlrpc-5.1.6-3.5.fc6.ppc.rpm
45cdc53d7ad2ff799b0d8c7b8cd55152358eb624 ppc/php-mbstring-5.1.6-3.5.fc6.ppc.rpm
091868a36729e28571baeb2d16155add417c7c9f ppc/php-odbc-5.1.6-3.5.fc6.ppc.rpm
8092df89f00e5199a9411a265e2b408fe77b457d ppc/php-bcmath-5.1.6-3.5.fc6.ppc.rpm
99494ff22c6456475a901d8db21f18d6eb67e65f ppc/php-cli-5.1.6-3.5.fc6.ppc.rpm
8df407db61f53929a0be070af9929b2564449dc9 ppc/php-pgsql-5.1.6-3.5.fc6.ppc.rpm
2ef92a9fff750f61710b9c0f384244b87f4d9242 ppc/php-snmp-5.1.6-3.5.fc6.ppc.rpm
be4779e02b0d0be468b7b1c532798256891c6a61 ppc/php-pdo-5.1.6-3.5.fc6.ppc.rpm
f8b1a756826f64add7b03a6fdd202e8ae7a31ace ppc/php-dba-5.1.6-3.5.fc6.ppc.rpm
da137c91ce49913eefd07f6bff216fd0305b6dc9 ppc/php-devel-5.1.6-3.5.fc6.ppc.rpm
2788c003fac688b1b4a0a76c6f431dc1ef7bbb63 ppc/php-soap-5.1.6-3.5.fc6.ppc.rpm
27017879491266d0d3738b2470d6b1814d1547ac ppc/php-mysql-5.1.6-3.5.fc6.ppc.rpm
9660ed6e6eb74a41e65e4b8979fe696afba7276a ppc/debug/php-debuginfo-5.1.6-3.5.fc6.ppc.rpm
5cecd491edf5871c3943cec7fe33bfb57664098c ppc/php-ldap-5.1.6-3.5.fc6.ppc.rpm
17011e6a2ffb4481326c282dd976620690abb4f0 ppc/php-ncurses-5.1.6-3.5.fc6.ppc.rpm
176eebec3e1c9fcbd563dd44e1c1628b3d05daa4 ppc/php-5.1.6-3.5.fc6.ppc.rpm
bb79b8bfaff6d8a9f1e300102c26dde4291ab030 ppc/php-imap-5.1.6-3.5.fc6.ppc.rpm
c2eef96d1d0b0fdc65feda4f5810a34455b7a3a8 ppc/php-common-5.1.6-3.5.fc6.ppc.rpm
c986d51cf133c82e5f98bd8acdbc24760cf05893 ppc/php-gd-5.1.6-3.5.fc6.ppc.rpm
c5cf959505453323834e669eb26ea853372c632e x86_64/php-common-5.1.6-3.5.fc6.x86_64.rpm
ac85bca1403a6d064428647f9323312853b5ae03 x86_64/php-cli-5.1.6-3.5.fc6.x86_64.rpm
6555217a974ccd1c7e7ff9ef1e1d310082441a03 x86_64/php-xml-5.1.6-3.5.fc6.x86_64.rpm
143d0711da94e0b0bfe218942e7e15b1955467d8 x86_64/debug/php-debuginfo-5.1.6-3.5.fc6.x86_64.rpm
abcc482d25c4e09bed05a62f916f9eff31dbcbd1 x86_64/php-gd-5.1.6-3.5.fc6.x86_64.rpm
16bdeba1a640677b54f87e573624726506196d01 x86_64/php-5.1.6-3.5.fc6.x86_64.rpm
369bb74f995633beee49a20df9f26282ee3c92e5 x86_64/php-imap-5.1.6-3.5.fc6.x86_64.rpm
caad40c6edea6caa3889617663bb7c4233e90d62 x86_64/php-snmp-5.1.6-3.5.fc6.x86_64.rpm
cadef18d28fdd3dce9962a453438a9820b9aab5e x86_64/php-bcmath-5.1.6-3.5.fc6.x86_64.rpm
d903f3cfbe25bc6af7fd366fd1ab2e1d2c262062 x86_64/php-soap-5.1.6-3.5.fc6.x86_64.rpm
78bb21621fa9d467d0e23b99ec91ee8fa388ad09 x86_64/php-xmlrpc-5.1.6-3.5.fc6.x86_64.rpm
d4a8e552d867028fffccfd69b19fe4a79e217319 x86_64/php-pgsql-5.1.6-3.5.fc6.x86_64.rpm
f9a79bcb2cf6fb1040a133de146bfd416060c168 x86_64/php-odbc-5.1.6-3.5.fc6.x86_64.rpm
35df5d9f454872ef4aba17d0fbb05805bd13915f x86_64/php-devel-5.1.6-3.5.fc6.x86_64.rpm
a526508c539c96332c4032c64056c6dc05a1907d x86_64/php-pdo-5.1.6-3.5.fc6.x86_64.rpm
2b46cbf4e45ccdbb0b9e07d7a8e4addded58c580 x86_64/php-ncurses-5.1.6-3.5.fc6.x86_64.rpm
43d04dc9e504fa7a4100fafd9ab49b7a6c567860 x86_64/php-dba-5.1.6-3.5.fc6.x86_64.rpm
faa041477091e854580c6fa31790e7a734bc4f16 x86_64/php-mbstring-5.1.6-3.5.fc6.x86_64.rpm
9441985700ff3b54298371e172c1a1ed44324315 x86_64/php-mysql-5.1.6-3.5.fc6.x86_64.rpm
a2b9b64b37d12fd1f82028af68b6983a23260fec x86_64/php-ldap-5.1.6-3.5.fc6.x86_64.rpm
5367195a555f989eb1ddbc5bd705ed162682f9f8 i386/php-pgsql-5.1.6-3.5.fc6.i386.rpm
4cc47437ac53309cb89dfea123a7e850c969b78a i386/php-snmp-5.1.6-3.5.fc6.i386.rpm
bad2b66597bbd28074ace741872ae97d0398b099 i386/php-mysql-5.1.6-3.5.fc6.i386.rpm
4817d6b666313082214c1ac38d8ddd3970d749e5 i386/php-ncurses-5.1.6-3.5.fc6.i386.rpm
54fc6912d36132f2a3eae853707242256fcb0a05 i386/php-imap-5.1.6-3.5.fc6.i386.rpm
384bce7e76e014016e3a9a20fa7b56d36f973f38 i386/debug/php-debuginfo-5.1.6-3.5.fc6.i386.rpm
1f05cab5925291969629a4631c6a10fc932975f5 i386/php-odbc-5.1.6-3.5.fc6.i386.rpm
aa81faf2a78f217fb17396fb6e72a7c41a230b81 i386/php-devel-5.1.6-3.5.fc6.i386.rpm
b59307c9ffe18a51e6ea21437d44d42fbd9d8077 i386/php-common-5.1.6-3.5.fc6.i386.rpm
39d16e0c60d11c0155e76e0726f0b7fb6078d9f8 i386/php-xml-5.1.6-3.5.fc6.i386.rpm
958b379478fa4356c6d7d292d3ba20f257926794 i386/php-dba-5.1.6-3.5.fc6.i386.rpm
2cf9fe08fc9a24e30ec74886782012dfb1e6392f i386/php-5.1.6-3.5.fc6.i386.rpm
f6cdca4e0297e2b14282d8d6f57cc76d537d284f i386/php-ldap-5.1.6-3.5.fc6.i386.rpm
76cbaf17f6f3dfc806386615f34e3acf43ea9234 i386/php-pdo-5.1.6-3.5.fc6.i386.rpm
7e422ba0219af41bd67dfb6ca12024c0cc16df47 i386/php-xmlrpc-5.1.6-3.5.fc6.i386.rpm
f643d304b5e6c1a8f7869f812425e20e91c52e43 i386/php-soap-5.1.6-3.5.fc6.i386.rpm
be77b675d2d0d5c6b4a0e6792a0349d580ee02b9 i386/php-gd-5.1.6-3.5.fc6.i386.rpm
c6f2474f043d5e8ed6a86fb8f11f55c47d4ca3e7 i386/php-bcmath-5.1.6-3.5.fc6.i386.rpm
9e9ccbd388fad93fff8c94ffe124c2bc516c7455 i386/php-mbstring-5.1.6-3.5.fc6.i386.rpm
294389ebf2e45c7a2bc36cb5c9a29ecfe74b3379 i386/php-cli-5.1.6-3.5.fc6.i386.rpm
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at .
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: php
Version: 5.1.6
Release: 3.5.fc6
Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!