
CORE 2:

Fedora Update Notification
FEDORA-2004-223
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : php
Version     : 4.3.8                      
Release     : 2.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI


---------------------------------------------------------------------
This update can be downloaded from:
    

13c752c5f7f5a6564f2f6bd5bc8e7b0e  SRPMS/php-4.3.8-2.1.src.rpm
65095fc26ad128d360997f903561b7d5  x86_64/php-4.3.8-2.1.x86_64.rpm
3b15e51fc58965ce96756a71f1c5b5de  x86_64/php-devel-4.3.8-2.1.x86_64.rpm
231d87f5d179c2b3b05f5c32414d14cd  x86_64/php-pear-4.3.8-2.1.x86_64.rpm
f9c27929bf99768ce5b59b26f73bccb2  x86_64/php-imap-4.3.8-2.1.x86_64.rpm
7ff188fe29a3d35239e22b5e0ceaa8f7  x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
31df367d75e1983a35cb72fd3b139868  x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
203e65f95c421e7349a1ab756cf82bde  x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
dd98e42d71494638ac839a16636e1550  x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
8d901500f5d1f5ff28b33d7970e22c99  x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
1f497d638c34ae5712261fdf3553148c  x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
76ecadb87e33d92c75c3f87d0cea0453  x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
8901decbda81636ac02176440ccd3172  x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
6124e792f031f33d967c703d3d00e5e1  x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
3c614e351ee3bf2edd4bcccdaac730ae  i386/php-4.3.8-2.1.i386.rpm
5b2dd8c438bdbee268f1ee895c60fda1  i386/php-devel-4.3.8-2.1.i386.rpm
6f08f5d2b259835ad514ea55c4c6f87c  i386/php-pear-4.3.8-2.1.i386.rpm
e0fbef311d2b603e6a95e4bcf10ed57d  i386/php-imap-4.3.8-2.1.i386.rpm
71211809dc9bfe8671d6c41f4ff33d46  i386/php-ldap-4.3.8-2.1.i386.rpm
22425aa3497a0b208475dc0a0c8b8cfe  i386/php-mysql-4.3.8-2.1.i386.rpm
1e086cc08143bb9380bfa5a2d659cdcb  i386/php-pgsql-4.3.8-2.1.i386.rpm
fbd12ada7afe1ff85e308d157151528c  i386/php-odbc-4.3.8-2.1.i386.rpm
503d75c815dd91a743e837ed5ab25f47  i386/php-snmp-4.3.8-2.1.i386.rpm
aeb98c24a1d782c9341526cdc9a58c92  i386/php-domxml-4.3.8-2.1.i386.rpm
0ba0a4d9676be8ca3589b3498ef83323  i386/php-xmlrpc-4.3.8-2.1.i386.rpm
c1f7cf35bfe5091d720d65d4515ea9ae  i386/php-mbstring-4.3.8-2.1.i386.rpm
fb4e286644c2b5b4bc6f3c833fb60312  i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CORE 1:

Fedora Update Notification
FEDORA-2004-222
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : php
Version     : 4.3.8                      
Release     : 1.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------

* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.1

- revert default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------
This update can be downloaded from:
    

13270796ce376c10185c0b9288650641  SRPMS/php-4.3.8-1.1.src.rpm
1cd156c31e2b369bf720c68ff4813577  x86_64/php-4.3.8-1.1.x86_64.rpm
4a94cdd98c57ccb6d422c6258a88c01c  x86_64/php-devel-4.3.8-1.1.x86_64.rpm
b945776c8e0fab2d752b2f6ac0449884  x86_64/php-imap-4.3.8-1.1.x86_64.rpm
ddc13f90bb07d79cf331492fa0405924  x86_64/php-ldap-4.3.8-1.1.x86_64.rpm
76d3ec1db4632b8326ec53ce0d0b2351  x86_64/php-mysql-4.3.8-1.1.x86_64.rpm
474fb0bea6a77c73a137c9a174f88b09  x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm
5282e7fc9eac5ba97daad437036f5a88  x86_64/php-odbc-4.3.8-1.1.x86_64.rpm
6bb844093e443af67dbf7d922c70743e  x86_64/php-snmp-4.3.8-1.1.x86_64.rpm
47d22c9f1b48dfd4a7b8edc45c352c8d  x86_64/php-domxml-4.3.8-1.1.x86_64.rpm
d69b3c22927b2e7d3f43d584530fcdc0  x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm
3121513c6c0b02c04dfd8f1a1551ebc8  x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm
746ec0a2c9f4e6624b9e187c99a36c17  x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm
416d885c0a0c38f62c6160729dfaddca  i386/php-4.3.8-1.1.i386.rpm
5e16fd3ed5e269c5dcc08f78f978ff29  i386/php-devel-4.3.8-1.1.i386.rpm
ba5c16182ef769ba51ac1eeb8c661e0a  i386/php-imap-4.3.8-1.1.i386.rpm
91c7ec599d536e8cffd998eaf1a9ccb2  i386/php-ldap-4.3.8-1.1.i386.rpm
760b1d2e855030f5c2fbb9302a3e444a  i386/php-mysql-4.3.8-1.1.i386.rpm
4a6639e2bd64da1d1ecac5db68ec26cb  i386/php-pgsql-4.3.8-1.1.i386.rpm
ee450e16caaaf71e86ec322ff6e87034  i386/php-odbc-4.3.8-1.1.i386.rpm
717964e60fd8f9a0035dfb42a649000e  i386/php-snmp-4.3.8-1.1.i386.rpm
703cc32c7b7a78e05b411d473e2efc7f  i386/php-domxml-4.3.8-1.1.i386.rpm
8c278827e58988eb9db98bfb03f4d77a  i386/php-xmlrpc-4.3.8-1.1.i386.rpm
6d4238cea2f80e11b084bb47342a5a9c  i386/php-mbstring-4.3.8-1.1.i386.rpm
2b9af26a3f62c7657586e25f47e2b381  i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: php Multiple vulnerabilities

July 23, 2004

This patch resolves two different php vulnerabilities, one of which allows arbitrary code execution on the local machine, the other XSS (Cross Site Scripting).

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

Update Information:

This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE CAN-2004-0594), and the strip_tags function (CVE CAN-2004-0595). CAN-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the "register_globals" setting has been enabled. CAN-2004-0595 can allow a possible cross-site-scripting attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage in this update to reduce the overall package size.

* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6 - add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.0

- update to 4.3.8 - add gmp_powm fix (Oskari Saarenmaa, #124318) - split out mbstring extension into php-mbstring subpackage - fix rebuild without bison/flex - have -devel require php of same release - add fixes for memory handling in 2.0 handler SAPI

This update can be downloaded from:

13c752c5f7f5a6564f2f6bd5bc8e7b0e SRPMS/php-4.3.8-2.1.src.rpm 65095fc26ad128d360997f903561b7d5 x86_64/php-4.3.8-2.1.x86_64.rpm 3b15e51fc58965ce96756a71f1c5b5de x86_64/php-devel-4.3.8-2.1.x86_64.rpm 231d87f5d179c2b3b05f5c32414d14cd x86_64/php-pear-4.3.8-2.1.x86_64.rpm f9c27929bf99768ce5b59b26f73bccb2 x86_64/php-imap-4.3.8-2.1.x86_64.rpm 7ff188fe29a3d35239e22b5e0ceaa8f7 x86_64/php-ldap-4.3.8-2.1.x86_64.rpm 31df367d75e1983a35cb72fd3b139868 x86_64/php-mysql-4.3.8-2.1.x86_64.rpm 203e65f95c421e7349a1ab756cf82bde x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm dd98e42d71494638ac839a16636e1550 x86_64/php-odbc-4.3.8-2.1.x86_64.rpm 8d901500f5d1f5ff28b33d7970e22c99 x86_64/php-snmp-4.3.8-2.1.x86_64.rpm 1f497d638c34ae5712261fdf3553148c x86_64/php-domxml-4.3.8-2.1.x86_64.rpm 76ecadb87e33d92c75c3f87d0cea0453 x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm 8901decbda81636ac02176440ccd3172 x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm 6124e792f031f33d967c703d3d00e5e1 x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm 3c614e351ee3bf2edd4bcccdaac730ae i386/php-4.3.8-2.1.i386.rpm 5b2dd8c438bdbee268f1ee895c60fda1 i386/php-devel-4.3.8-2.1.i386.rpm 6f08f5d2b259835ad514ea55c4c6f87c i386/php-pear-4.3.8-2.1.i386.rpm e0fbef311d2b603e6a95e4bcf10ed57d i386/php-imap-4.3.8-2.1.i386.rpm 71211809dc9bfe8671d6c41f4ff33d46 i386/php-ldap-4.3.8-2.1.i386.rpm 22425aa3497a0b208475dc0a0c8b8cfe i386/php-mysql-4.3.8-2.1.i386.rpm 1e086cc08143bb9380bfa5a2d659cdcb i386/php-pgsql-4.3.8-2.1.i386.rpm fbd12ada7afe1ff85e308d157151528c i386/php-odbc-4.3.8-2.1.i386.rpm 503d75c815dd91a743e837ed5ab25f47 i386/php-snmp-4.3.8-2.1.i386.rpm aeb98c24a1d782c9341526cdc9a58c92 i386/php-domxml-4.3.8-2.1.i386.rpm 0ba0a4d9676be8ca3589b3498ef83323 i386/php-xmlrpc-4.3.8-2.1.i386.rpm c1f7cf35bfe5091d720d65d4515ea9ae i386/php-mbstring-4.3.8-2.1.i386.rpm fb4e286644c2b5b4bc6f3c833fb60312 i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CORE 1:

Fedora Update Notification FEDORA-2004-222 2004-07-23

Product : Fedora Core 1 Name : php Version : 4.3.8 Release : 1.1 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.

The mbstring extension has been moved into the php-mbstring subpackage in this update to reduce the overall package size.

* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.1

- revert default php.ini change since 4.3.6 - add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.0

This update can be downloaded from:

13270796ce376c10185c0b9288650641 SRPMS/php-4.3.8-1.1.src.rpm 1cd156c31e2b369bf720c68ff4813577 x86_64/php-4.3.8-1.1.x86_64.rpm 4a94cdd98c57ccb6d422c6258a88c01c x86_64/php-devel-4.3.8-1.1.x86_64.rpm b945776c8e0fab2d752b2f6ac0449884 x86_64/php-imap-4.3.8-1.1.x86_64.rpm ddc13f90bb07d79cf331492fa0405924 x86_64/php-ldap-4.3.8-1.1.x86_64.rpm 76d3ec1db4632b8326ec53ce0d0b2351 x86_64/php-mysql-4.3.8-1.1.x86_64.rpm 474fb0bea6a77c73a137c9a174f88b09 x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm 5282e7fc9eac5ba97daad437036f5a88 x86_64/php-odbc-4.3.8-1.1.x86_64.rpm 6bb844093e443af67dbf7d922c70743e x86_64/php-snmp-4.3.8-1.1.x86_64.rpm 47d22c9f1b48dfd4a7b8edc45c352c8d x86_64/php-domxml-4.3.8-1.1.x86_64.rpm d69b3c22927b2e7d3f43d584530fcdc0 x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm 3121513c6c0b02c04dfd8f1a1551ebc8 x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm 746ec0a2c9f4e6624b9e187c99a36c17 x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm 416d885c0a0c38f62c6160729dfaddca i386/php-4.3.8-1.1.i386.rpm 5e16fd3ed5e269c5dcc08f78f978ff29 i386/php-devel-4.3.8-1.1.i386.rpm ba5c16182ef769ba51ac1eeb8c661e0a i386/php-imap-4.3.8-1.1.i386.rpm 91c7ec599d536e8cffd998eaf1a9ccb2 i386/php-ldap-4.3.8-1.1.i386.rpm 760b1d2e855030f5c2fbb9302a3e444a i386/php-mysql-4.3.8-1.1.i386.rpm 4a6639e2bd64da1d1ecac5db68ec26cb i386/php-pgsql-4.3.8-1.1.i386.rpm ee450e16caaaf71e86ec322ff6e87034 i386/php-odbc-4.3.8-1.1.i386.rpm 717964e60fd8f9a0035dfb42a649000e i386/php-snmp-4.3.8-1.1.i386.rpm 703cc32c7b7a78e05b411d473e2efc7f i386/php-domxml-4.3.8-1.1.i386.rpm 8c278827e58988eb9db98bfb03f4d77a i386/php-xmlrpc-4.3.8-1.1.i386.rpm 6d4238cea2f80e11b084bb47342a5a9c i386/php-mbstring-4.3.8-1.1.i386.rpm 2b9af26a3f62c7657586e25f47e2b381 i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command.

Change Log

References

CORE 2: Fedora Update Notification FEDORA-2004-223 2004-07-23 Product : Fedora Core 2 Name : php Version : 4.3.8 Release : 2.1 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.