Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora Core 6: FEDORA-2007-503 Moderate: PHP Buffer Overflow Threat

fedora
Calendar Grey May 14, 2007
Dist Fedora Esm H88
Addressing severe PHP shortcomings involves rectifying buffer overflow risks in xmlrpc, ftp, and soap modules.
This update fixes a number of security issues in PHP

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP

language to Apache HTTP Server.

This update fixes a number of security issues in PHP.

A heap buffer overflow flaw was found in the PHP 'xmlrpc'

extension. A PHP script which implements an XML-RPC server

using this extension could allow a remote attacker to

execute arbitrary code as the 'apache' user. Note that this

flaw does not affect PHP applications using the pure-PHP

XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script

used this extension to provide access to a private FTP

server, and passed untrusted script input directly to any

function provided by this extension, a remote attacker would

be able to send arbitrary FTP commands to the server.

(CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap'

extension, regarding the handling of an HTTP redirect

response when using the SOAP client provided by this

extension with an untrusted SOAP server. No mechanism to

trigger this flaw remotely is known. (CVE-2007-2510)

- add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016)

- add README.FastCGI to -cli subpackage (#236555)

025c738382f6f1ede22904ae13bd532bd1d4883a SRPMS/php-5.1.6-3.6.fc6.src.rpm

025c738382f6f1ede22904ae13bd532bd1d4883a noarch/php-5.1.6-3.6.fc6.src.rpm

6639a47dfd79e3953a4cc141b0c82ddc2b0714eb ppc/php-mysql-5.1.6-3.6.fc6.ppc.rpm

5daffc576883dfaa66e902b2a360175899b8f8c0 ppc/php-common-5.1.6-3.6.fc6.ppc.rpm

275cc10496aeb272100b89952268002e118a76b5 ppc/php-dba-5.1.6-3.6.fc6.ppc.rpm

0a47a09be3b0be8f693f807400d0a74ffa89c2a0 ppc/php-mbstring-5.1.6-3.6.fc6.ppc.rpm

7d62260422678e595c226e31d02f06bdb87a507f ppc/php-odbc-5.1.6-3.6.fc6.ppc.rpm

7906fabf744a8d9477aaa8dc3a6ca02eeb5c2ef6 ppc/php-xml-5.1.6-3.6.fc6.ppc.rpm

1ebc07839be9a2cdd04cedbdd927a295e674eee3 ppc/php-ldap-5.1.6-3.6.fc6.ppc.rpm

aff32372a66f1b6cd24471df378ca16c10728f7a ppc/php-pdo-5.1.6-3.6.fc6.ppc.rpm

0dd91b0c21b9fa4fd0cb2f3b8cbb6c4fe96704a2 ppc/php-cli-5.1.6-3.6.fc6.ppc.rpm

fa90930a9c67a3756acb2f7dfad43b0c75e5c37d ppc/php-bcmath-5.1.6-3.6.fc6.ppc.rpm

5d85b54f9c0c29b1afce18a3230161b3c749b7c3 ppc/php-xmlrpc-5.1.6-3.6.fc6.ppc.rpm

e17cc525e2febe8aff7f00fd012c4552c9af2338 ppc/php-soap-5.1.6-3.6.fc6.ppc.rpm

d2c3b18f00437f63220afcf3cddcccda79e43a92 ppc/php-ncurses-5.1.6-3.6.fc6.ppc.rpm

78bcd56e059cf23112c484ce0a7295cd9ce8c2df ppc/php-imap-5.1.6-3.6.fc6.ppc.rpm

83502b3ee4ec92d9071653713d53b574bd483673 ppc/php-pgsql-5.1.6-3.6.fc6.ppc.rpm

b4486a2d7f429602bf62df9ae3be431ce4cf2993 ppc/php-gd-5.1.6-3.6.fc6.ppc.rpm

ab27e14e22be9f60aa5a6c12d26764b6f5576b40 ppc/php-5.1.6-3.6.fc6.ppc.rpm

365b2eff5d76472fd8fc0377439516cbda9b2c0b ppc/debug/php-debuginfo-5.1.6-3.6.fc6.ppc.rpm

646ec0be7c5dbf36f3e98a5f71d88134d08f6a4f ppc/php-devel-5.1.6-3.6.fc6.ppc.rpm

000dfbe6c080ce0ca757e05b8384b1439da0bdf7 ppc/php-snmp-5.1.6-3.6.fc6.ppc.rpm

99fa48c00b8957848f0be19a740128287ad28a9a x86_64/php-mysql-5.1.6-3.6.fc6.x86_64.rpm

e51d0f7620a3a077680637bff72151efbda7fc7d x86_64/php-pdo-5.1.6-3.6.fc6.x86_64.rpm

3d94b55e57d3884303090384319a2b2a6dbb87f5 x86_64/php-imap-5.1.6-3.6.fc6.x86_64.rpm

eaa5dc9566c805672076f7ee99eda7527a2fa81d x86_64/php-devel-5.1.6-3.6.fc6.x86_64.rpm

e868c68203474032791eef1ec60efc355c8a35dc x86_64/php-pgsql-5.1.6-3.6.fc6.x86_64.rpm

5ee65d504fbfe508bae88e1cd5d53ca2e861dc79 x86_64/php-odbc-5.1.6-3.6.fc6.x86_64.rpm

86b255e7ba2860728b36b02f519f70528c61ee67 x86_64/debug/php-debuginfo-5.1.6-3.6.fc6.x86_64.rpm

17956ed917566a550c31eb99e868f40cda2742b7 x86_64/php-gd-5.1.6-3.6.fc6.x86_64.rpm

79341e6bc0b70c2b2d417c5ba69589d521f8cc82 x86_64/php-soap-5.1.6-3.6.fc6.x86_64.rpm

05c0f6da52c9d79d716cccf62d5f0c32877119b9 x86_64/php-cli-5.1.6-3.6.fc6.x86_64.rpm

b1968843b5906ee7c87db88cd5e5687dd0f6954c x86_64/php-dba-5.1.6-3.6.fc6.x86_64.rpm

5e067abee811e071f627d9e817defdf87d4fac24 x86_64/php-bcmath-5.1.6-3.6.fc6.x86_64.rpm

c407ba010219e485ac08b1641b4fa3e670b2be86 x86_64/php-xmlrpc-5.1.6-3.6.fc6.x86_64.rpm

7d85318b2fc4bcc80f59292ddad5c84952c335a9 x86_64/php-ncurses-5.1.6-3.6.fc6.x86_64.rpm

a195364ed05efdd090c630fe9c31b5512e60723b x86_64/php-snmp-5.1.6-3.6.fc6.x86_64.rpm

1b1b505ceed75bc1088eb543b976e4b741c06c53 x86_64/php-ldap-5.1.6-3.6.fc6.x86_64.rpm

0ae538a20ab854d6939d5c866ef461357b3ea429 x86_64/php-mbstring-5.1.6-3.6.fc6.x86_64.rpm

dd98183718043e8954ea0caf5824874d9f565452 x86_64/php-common-5.1.6-3.6.fc6.x86_64.rpm

db87c758dec5768839d24929666e3002ec402ed2 x86_64/php-5.1.6-3.6.fc6.x86_64.rpm

d1bcdfdc4829dad5fbd5e368fd5e2c3f4bac924a x86_64/php-xml-5.1.6-3.6.fc6.x86_64.rpm

4221bd8ad5f9eeb919cbcab8610b683ccc267652 i386/php-imap-5.1.6-3.6.fc6.i386.rpm

28e43258ea27104ece07f406f150fe12b4cc5d25 i386/php-snmp-5.1.6-3.6.fc6.i386.rpm

edc8329aebf6f3a21228d336b63e36310b2a3216 i386/php-common-5.1.6-3.6.fc6.i386.rpm

43cee34fd3796f235f7592e2e18fb58520c15a5d i386/php-xmlrpc-5.1.6-3.6.fc6.i386.rpm

e7bef5c9d67f4dfafd4f546ac0c3da81a6310958 i386/php-xml-5.1.6-3.6.fc6.i386.rpm

3030d7c005509f9c26ad8904bc38ed0ea462204c i386/php-mysql-5.1.6-3.6.fc6.i386.rpm

6a70f36a5405691931fe47284055b32638b38025 i386/php-dba-5.1.6-3.6.fc6.i386.rpm

f862dfd87d4c093973c84adc0c657e843c310889 i386/php-ncurses-5.1.6-3.6.fc6.i386.rpm

2de47b3f6ff2de50ce15d7906fc8295127305f1f i386/php-gd-5.1.6-3.6.fc6.i386.rpm

24739795c8f6f8711550e3596228eb4ffa8447b9 i386/php-devel-5.1.6-3.6.fc6.i386.rpm

32f0edfc011a12f43bf1f0e0f5c43a921df36a48 i386/php-5.1.6-3.6.fc6.i386.rpm

9e78d97bb36a1ad342b7e50fdff57350571e53a6 i386/php-mbstring-5.1.6-3.6.fc6.i386.rpm

95ee47c8ddd4e320a0271cd4036caf5befbefc1b i386/php-odbc-5.1.6-3.6.fc6.i386.rpm

96459f3dbc08507e742f7549d9c79ffd9f68802c i386/php-pgsql-5.1.6-3.6.fc6.i386.rpm

b9b5b88f4e0f1f383152e92609d291a7f889362c i386/php-cli-5.1.6-3.6.fc6.i386.rpm

16d1d49c871f501c7ab94dea03abfb2a7b3a2d44 i386/php-bcmath-5.1.6-3.6.fc6.i386.rpm

4272095a7a88337ad1bd99f2fc513c9dea2fbc5a i386/php-pdo-5.1.6-3.6.fc6.i386.rpm

fc84a09cd9fd46ea308b35f2c429d4b950f767c6 i386/debug/php-debuginfo-5.1.6-3.6.fc6.i386.rpm

e89eff0339fb72a8a44f2aaa917739a3002d3c3b i386/php-ldap-5.1.6-3.6.fc6.i386.rpm

32770eea8b45127aab2bcb7d9941666622e35800 i386/php-soap-5.1.6-3.6.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora PHP ftp xmlrpc soap

Change Log

References

Update Instructions

Name: php
Version: 5.1.6
Release: 3.6.fc6
Summary: The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora PHP ftp xmlrpc soap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here