Fedora Core 6 Update: php-5.1.6-3.6.fc6

    Date14 May 2007
    CategoryFedora
    6064
    Posted ByLinuxSecurity Advisories
    This update fixes a number of security issues in PHP. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear.
    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2007-503
    2007-05-14
    ---------------------------------------------------------------------
    
    Product     : Fedora Core 6
    Name        : php
    Version     : 5.1.6
    Release     : 3.6.fc6
    Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
    Description :
    PHP is an HTML-embedded scripting language. PHP attempts to make it
    easy for developers to write dynamically generated webpages. PHP also
    offers built-in database integration for several commercial and
    non-commercial database management systems, so writing a
    database-enabled webpage with PHP is fairly simple. The most common
    use of PHP coding is probably as a replacement for CGI scripts.
    
    The php package contains the module which adds support for the PHP
    language to Apache HTTP Server.
    
    ---------------------------------------------------------------------
    Update Information:
    
    This update fixes a number of security issues in PHP.
    
    A heap buffer overflow flaw was found in the PHP 'xmlrpc'
    extension. A PHP script which implements an XML-RPC server
    using this extension could allow a remote attacker to
    execute arbitrary code as the 'apache' user. Note that this
    flaw does not affect PHP applications using the pure-PHP
    XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)
    
    A flaw was found in the PHP 'ftp' extension. If a PHP script
    used this extension to provide access to a private FTP
    server, and passed untrusted script input directly to any
    function provided by this extension, a remote attacker would
    be able to send arbitrary FTP commands to the server.
    (CVE-2007-2509)
    
    A buffer overflow flaw was found in the PHP 'soap' 
    extension, regarding the handling of an HTTP redirect
    response when using the SOAP client provided by this
    extension with an untrusted SOAP server. No mechanism to
    trigger this flaw remotely is known. (CVE-2007-2510) 
    ---------------------------------------------------------------------
    * Wed May  9 2007 Joe Orton  5.1.6-3.6.fc6
    - add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016)
    - add README.FastCGI to -cli subpackage (#236555)
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
    
    025c738382f6f1ede22904ae13bd532bd1d4883a  SRPMS/php-5.1.6-3.6.fc6.src.rpm
    025c738382f6f1ede22904ae13bd532bd1d4883a  noarch/php-5.1.6-3.6.fc6.src.rpm
    6639a47dfd79e3953a4cc141b0c82ddc2b0714eb  ppc/php-mysql-5.1.6-3.6.fc6.ppc.rpm
    5daffc576883dfaa66e902b2a360175899b8f8c0  ppc/php-common-5.1.6-3.6.fc6.ppc.rpm
    275cc10496aeb272100b89952268002e118a76b5  ppc/php-dba-5.1.6-3.6.fc6.ppc.rpm
    0a47a09be3b0be8f693f807400d0a74ffa89c2a0  ppc/php-mbstring-5.1.6-3.6.fc6.ppc.rpm
    7d62260422678e595c226e31d02f06bdb87a507f  ppc/php-odbc-5.1.6-3.6.fc6.ppc.rpm
    7906fabf744a8d9477aaa8dc3a6ca02eeb5c2ef6  ppc/php-xml-5.1.6-3.6.fc6.ppc.rpm
    1ebc07839be9a2cdd04cedbdd927a295e674eee3  ppc/php-ldap-5.1.6-3.6.fc6.ppc.rpm
    aff32372a66f1b6cd24471df378ca16c10728f7a  ppc/php-pdo-5.1.6-3.6.fc6.ppc.rpm
    0dd91b0c21b9fa4fd0cb2f3b8cbb6c4fe96704a2  ppc/php-cli-5.1.6-3.6.fc6.ppc.rpm
    fa90930a9c67a3756acb2f7dfad43b0c75e5c37d  ppc/php-bcmath-5.1.6-3.6.fc6.ppc.rpm
    5d85b54f9c0c29b1afce18a3230161b3c749b7c3  ppc/php-xmlrpc-5.1.6-3.6.fc6.ppc.rpm
    e17cc525e2febe8aff7f00fd012c4552c9af2338  ppc/php-soap-5.1.6-3.6.fc6.ppc.rpm
    d2c3b18f00437f63220afcf3cddcccda79e43a92  ppc/php-ncurses-5.1.6-3.6.fc6.ppc.rpm
    78bcd56e059cf23112c484ce0a7295cd9ce8c2df  ppc/php-imap-5.1.6-3.6.fc6.ppc.rpm
    83502b3ee4ec92d9071653713d53b574bd483673  ppc/php-pgsql-5.1.6-3.6.fc6.ppc.rpm
    b4486a2d7f429602bf62df9ae3be431ce4cf2993  ppc/php-gd-5.1.6-3.6.fc6.ppc.rpm
    ab27e14e22be9f60aa5a6c12d26764b6f5576b40  ppc/php-5.1.6-3.6.fc6.ppc.rpm
    365b2eff5d76472fd8fc0377439516cbda9b2c0b  ppc/debug/php-debuginfo-5.1.6-3.6.fc6.ppc.rpm
    646ec0be7c5dbf36f3e98a5f71d88134d08f6a4f  ppc/php-devel-5.1.6-3.6.fc6.ppc.rpm
    000dfbe6c080ce0ca757e05b8384b1439da0bdf7  ppc/php-snmp-5.1.6-3.6.fc6.ppc.rpm
    99fa48c00b8957848f0be19a740128287ad28a9a  x86_64/php-mysql-5.1.6-3.6.fc6.x86_64.rpm
    e51d0f7620a3a077680637bff72151efbda7fc7d  x86_64/php-pdo-5.1.6-3.6.fc6.x86_64.rpm
    3d94b55e57d3884303090384319a2b2a6dbb87f5  x86_64/php-imap-5.1.6-3.6.fc6.x86_64.rpm
    eaa5dc9566c805672076f7ee99eda7527a2fa81d  x86_64/php-devel-5.1.6-3.6.fc6.x86_64.rpm
    e868c68203474032791eef1ec60efc355c8a35dc  x86_64/php-pgsql-5.1.6-3.6.fc6.x86_64.rpm
    5ee65d504fbfe508bae88e1cd5d53ca2e861dc79  x86_64/php-odbc-5.1.6-3.6.fc6.x86_64.rpm
    86b255e7ba2860728b36b02f519f70528c61ee67  x86_64/debug/php-debuginfo-5.1.6-3.6.fc6.x86_64.rpm
    17956ed917566a550c31eb99e868f40cda2742b7  x86_64/php-gd-5.1.6-3.6.fc6.x86_64.rpm
    79341e6bc0b70c2b2d417c5ba69589d521f8cc82  x86_64/php-soap-5.1.6-3.6.fc6.x86_64.rpm
    05c0f6da52c9d79d716cccf62d5f0c32877119b9  x86_64/php-cli-5.1.6-3.6.fc6.x86_64.rpm
    b1968843b5906ee7c87db88cd5e5687dd0f6954c  x86_64/php-dba-5.1.6-3.6.fc6.x86_64.rpm
    5e067abee811e071f627d9e817defdf87d4fac24  x86_64/php-bcmath-5.1.6-3.6.fc6.x86_64.rpm
    c407ba010219e485ac08b1641b4fa3e670b2be86  x86_64/php-xmlrpc-5.1.6-3.6.fc6.x86_64.rpm
    7d85318b2fc4bcc80f59292ddad5c84952c335a9  x86_64/php-ncurses-5.1.6-3.6.fc6.x86_64.rpm
    a195364ed05efdd090c630fe9c31b5512e60723b  x86_64/php-snmp-5.1.6-3.6.fc6.x86_64.rpm
    1b1b505ceed75bc1088eb543b976e4b741c06c53  x86_64/php-ldap-5.1.6-3.6.fc6.x86_64.rpm
    0ae538a20ab854d6939d5c866ef461357b3ea429  x86_64/php-mbstring-5.1.6-3.6.fc6.x86_64.rpm
    dd98183718043e8954ea0caf5824874d9f565452  x86_64/php-common-5.1.6-3.6.fc6.x86_64.rpm
    db87c758dec5768839d24929666e3002ec402ed2  x86_64/php-5.1.6-3.6.fc6.x86_64.rpm
    d1bcdfdc4829dad5fbd5e368fd5e2c3f4bac924a  x86_64/php-xml-5.1.6-3.6.fc6.x86_64.rpm
    4221bd8ad5f9eeb919cbcab8610b683ccc267652  i386/php-imap-5.1.6-3.6.fc6.i386.rpm
    28e43258ea27104ece07f406f150fe12b4cc5d25  i386/php-snmp-5.1.6-3.6.fc6.i386.rpm
    edc8329aebf6f3a21228d336b63e36310b2a3216  i386/php-common-5.1.6-3.6.fc6.i386.rpm
    43cee34fd3796f235f7592e2e18fb58520c15a5d  i386/php-xmlrpc-5.1.6-3.6.fc6.i386.rpm
    e7bef5c9d67f4dfafd4f546ac0c3da81a6310958  i386/php-xml-5.1.6-3.6.fc6.i386.rpm
    3030d7c005509f9c26ad8904bc38ed0ea462204c  i386/php-mysql-5.1.6-3.6.fc6.i386.rpm
    6a70f36a5405691931fe47284055b32638b38025  i386/php-dba-5.1.6-3.6.fc6.i386.rpm
    f862dfd87d4c093973c84adc0c657e843c310889  i386/php-ncurses-5.1.6-3.6.fc6.i386.rpm
    2de47b3f6ff2de50ce15d7906fc8295127305f1f  i386/php-gd-5.1.6-3.6.fc6.i386.rpm
    24739795c8f6f8711550e3596228eb4ffa8447b9  i386/php-devel-5.1.6-3.6.fc6.i386.rpm
    32f0edfc011a12f43bf1f0e0f5c43a921df36a48  i386/php-5.1.6-3.6.fc6.i386.rpm
    9e78d97bb36a1ad342b7e50fdff57350571e53a6  i386/php-mbstring-5.1.6-3.6.fc6.i386.rpm
    95ee47c8ddd4e320a0271cd4036caf5befbefc1b  i386/php-odbc-5.1.6-3.6.fc6.i386.rpm
    96459f3dbc08507e742f7549d9c79ffd9f68802c  i386/php-pgsql-5.1.6-3.6.fc6.i386.rpm
    b9b5b88f4e0f1f383152e92609d291a7f889362c  i386/php-cli-5.1.6-3.6.fc6.i386.rpm
    16d1d49c871f501c7ab94dea03abfb2a7b3a2d44  i386/php-bcmath-5.1.6-3.6.fc6.i386.rpm
    4272095a7a88337ad1bd99f2fc513c9dea2fbc5a  i386/php-pdo-5.1.6-3.6.fc6.i386.rpm
    fc84a09cd9fd46ea308b35f2c429d4b950f767c6  i386/debug/php-debuginfo-5.1.6-3.6.fc6.i386.rpm
    e89eff0339fb72a8a44f2aaa917739a3002d3c3b  i386/php-ldap-5.1.6-3.6.fc6.i386.rpm
    32770eea8b45127aab2bcb7d9941666622e35800  i386/php-soap-5.1.6-3.6.fc6.i386.rpm
    
    This update can be installed with the 'yum' update program.  Use 'yum update
    package-name' at the command line.  For more information, refer to 'Managing
    Software with yum,' available at http://fedora.redhat.com/docs/yum/.
    ---------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.