- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: php security update
Advisory ID:       RHSA-2007:0889-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0889.html
Issue date:        2007-09-26
Updated on:        2007-09-26
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-2509 CVE-2007-2756 CVE-2007-2872 
                   CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 
                   CVE-2007-4658 CVE-2007-4670 
- ---------------------------------------------------------------------1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

These updated packages address the following vulnerabilities:

Various integer overflow flaws were found in the PHP gd extension script
that could be forced to resize images from an untrusted source, possibly
allowing a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that it
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)

An infinite-loop flaw was discovered in the PHP gd extension. A script
that could be forced to process PNG images from an untrusted source could
allow a remote attacker to cause a denial of service. (CVE-2007-2756)

A flaw was found in the PHP "ftp" extension. If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

239014 - CVE-2007-2509 php CRLF injection
242032 - CVE-2007-2872 php chunk_split integer overflow
242033 - CVE-2007-2756 php imagecreatefrompng infinite loop
250726 - CVE-2007-3799 php cross-site cookie insertion
276081 - CVE-2007-3998 php floating point exception inside wordwrap
278011 - CVE-2007-4658 php money_format format string issue
278031 - CVE-2007-3996 php multiple integer overflows in gd
278041 - CVE-2007-4670 php malformed cookie handling

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
b47c9296c6ce86888a67b05522be212a  php-4.3.2-43.ent.src.rpm

i386:
48287cd240b7882ae3f7fdf542ff7aae  php-4.3.2-43.ent.i386.rpm
fce0efb98654d7c4f6ad6285635534bd  php-debuginfo-4.3.2-43.ent.i386.rpm
061c8104dd4966c41e942d5de657db86  php-devel-4.3.2-43.ent.i386.rpm
ee433ce0e9171f74854b6a1e061d4966  php-imap-4.3.2-43.ent.i386.rpm
55f82c10116501cd4aa105ba63c03cd9  php-ldap-4.3.2-43.ent.i386.rpm
8559b3584af7b03707e2f90914d6b22d  php-mysql-4.3.2-43.ent.i386.rpm
3df972c57317f7a8024e07d306149637  php-odbc-4.3.2-43.ent.i386.rpm
45994e8c72add0fcf962fb274ace1128  php-pgsql-4.3.2-43.ent.i386.rpm

ia64:
87273361a46742ca372f530ba0f96196  php-4.3.2-43.ent.ia64.rpm
ffacc50170e0f4442ae72df9b887785c  php-debuginfo-4.3.2-43.ent.ia64.rpm
abfa62220badaf7d7b93a5cde630ae64  php-devel-4.3.2-43.ent.ia64.rpm
11adcbbd47ffac285763d50fd908d1d1  php-imap-4.3.2-43.ent.ia64.rpm
fd5fbb0204913a6d9434ae3eb0db8ecd  php-ldap-4.3.2-43.ent.ia64.rpm
83237f7ccca6083e399849e6f0a8199d  php-mysql-4.3.2-43.ent.ia64.rpm
329701a34f032fd083997e57a847a42c  php-odbc-4.3.2-43.ent.ia64.rpm
d29db18bce3fc662c6fa32b2904eedd5  php-pgsql-4.3.2-43.ent.ia64.rpm

ppc:
8d66ea62970615aff3344c8f45cf0df2  php-4.3.2-43.ent.ppc.rpm
a2b04668cc67e7a32b21568a7db09b42  php-debuginfo-4.3.2-43.ent.ppc.rpm
38ee71769f7e4a7419fcb1f6e49d9a93  php-devel-4.3.2-43.ent.ppc.rpm
3994889a0b028a017935de817597509b  php-imap-4.3.2-43.ent.ppc.rpm
fb58fa0aed1212018ed97816536ebe5a  php-ldap-4.3.2-43.ent.ppc.rpm
e5df93d22a4867f141ae3a639cd24da5  php-mysql-4.3.2-43.ent.ppc.rpm
c3c970d003c7e79ca37549ccdc787115  php-odbc-4.3.2-43.ent.ppc.rpm
8c8d73178d66854843781c66a203570a  php-pgsql-4.3.2-43.ent.ppc.rpm

s390:
f7b2ffb923d4c9e1bb78cef33673a6f4  php-4.3.2-43.ent.s390.rpm
d43690eff58cc390d12ae50c2ed3ee7f  php-debuginfo-4.3.2-43.ent.s390.rpm
86b7da671518f07560167aad68ea8e3e  php-devel-4.3.2-43.ent.s390.rpm
b8e4c194d39e2ac2963d3d837c598e1a  php-imap-4.3.2-43.ent.s390.rpm
ff69349cf24affebd32299a42465ff11  php-ldap-4.3.2-43.ent.s390.rpm
c3af8cc86094b95ffb8d7be041459565  php-mysql-4.3.2-43.ent.s390.rpm
170233603a57dc4e1f37933324d8cd75  php-odbc-4.3.2-43.ent.s390.rpm
4122e4b956d2a834532767995546b574  php-pgsql-4.3.2-43.ent.s390.rpm

s390x:
928bdd25d4ec1c95f62d2d1407bd789d  php-4.3.2-43.ent.s390x.rpm
b8be92d51a237e88d844234464e2d029  php-debuginfo-4.3.2-43.ent.s390x.rpm
7dfc45467cd627944eebeb4e7f00a7e3  php-devel-4.3.2-43.ent.s390x.rpm
798a688177de21abc337f56d02624d50  php-imap-4.3.2-43.ent.s390x.rpm
316e794fcf403ba535696fcf9adfe2f9  php-ldap-4.3.2-43.ent.s390x.rpm
8d42bbad73d4c083c118c6211c8a6e41  php-mysql-4.3.2-43.ent.s390x.rpm
9dd63fc5b55477245a4d7703831d03bd  php-odbc-4.3.2-43.ent.s390x.rpm
bc0d3310f0da84fa40ac8caa3a51b537  php-pgsql-4.3.2-43.ent.s390x.rpm

x86_64:
565b0086bd839e3f159df0a4b319f03c  php-4.3.2-43.ent.x86_64.rpm
8f319859a3ec2e3bee2bccdf01339acf  php-debuginfo-4.3.2-43.ent.x86_64.rpm
f14791f55049778f3bcd2c487fbb4f96  php-devel-4.3.2-43.ent.x86_64.rpm
7a294fe8956477a010a704afda6018e1  php-imap-4.3.2-43.ent.x86_64.rpm
7b821c42fffff83a0730ea9868eee776  php-ldap-4.3.2-43.ent.x86_64.rpm
30f84eab03194aa0f3c31e421f4d500a  php-mysql-4.3.2-43.ent.x86_64.rpm
f04cd3eb3b534f59e43f9adf78a2fd74  php-odbc-4.3.2-43.ent.x86_64.rpm
790783e4278bc7fa11c92bef527b98f8  php-pgsql-4.3.2-43.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
b47c9296c6ce86888a67b05522be212a  php-4.3.2-43.ent.src.rpm

i386:
48287cd240b7882ae3f7fdf542ff7aae  php-4.3.2-43.ent.i386.rpm
fce0efb98654d7c4f6ad6285635534bd  php-debuginfo-4.3.2-43.ent.i386.rpm
061c8104dd4966c41e942d5de657db86  php-devel-4.3.2-43.ent.i386.rpm
ee433ce0e9171f74854b6a1e061d4966  php-imap-4.3.2-43.ent.i386.rpm
55f82c10116501cd4aa105ba63c03cd9  php-ldap-4.3.2-43.ent.i386.rpm
8559b3584af7b03707e2f90914d6b22d  php-mysql-4.3.2-43.ent.i386.rpm
3df972c57317f7a8024e07d306149637  php-odbc-4.3.2-43.ent.i386.rpm
45994e8c72add0fcf962fb274ace1128  php-pgsql-4.3.2-43.ent.i386.rpm

x86_64:
565b0086bd839e3f159df0a4b319f03c  php-4.3.2-43.ent.x86_64.rpm
8f319859a3ec2e3bee2bccdf01339acf  php-debuginfo-4.3.2-43.ent.x86_64.rpm
f14791f55049778f3bcd2c487fbb4f96  php-devel-4.3.2-43.ent.x86_64.rpm
7a294fe8956477a010a704afda6018e1  php-imap-4.3.2-43.ent.x86_64.rpm
7b821c42fffff83a0730ea9868eee776  php-ldap-4.3.2-43.ent.x86_64.rpm
30f84eab03194aa0f3c31e421f4d500a  php-mysql-4.3.2-43.ent.x86_64.rpm
f04cd3eb3b534f59e43f9adf78a2fd74  php-odbc-4.3.2-43.ent.x86_64.rpm
790783e4278bc7fa11c92bef527b98f8  php-pgsql-4.3.2-43.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
b47c9296c6ce86888a67b05522be212a  php-4.3.2-43.ent.src.rpm

i386:
48287cd240b7882ae3f7fdf542ff7aae  php-4.3.2-43.ent.i386.rpm
fce0efb98654d7c4f6ad6285635534bd  php-debuginfo-4.3.2-43.ent.i386.rpm
061c8104dd4966c41e942d5de657db86  php-devel-4.3.2-43.ent.i386.rpm
ee433ce0e9171f74854b6a1e061d4966  php-imap-4.3.2-43.ent.i386.rpm
55f82c10116501cd4aa105ba63c03cd9  php-ldap-4.3.2-43.ent.i386.rpm
8559b3584af7b03707e2f90914d6b22d  php-mysql-4.3.2-43.ent.i386.rpm
3df972c57317f7a8024e07d306149637  php-odbc-4.3.2-43.ent.i386.rpm
45994e8c72add0fcf962fb274ace1128  php-pgsql-4.3.2-43.ent.i386.rpm

ia64:
87273361a46742ca372f530ba0f96196  php-4.3.2-43.ent.ia64.rpm
ffacc50170e0f4442ae72df9b887785c  php-debuginfo-4.3.2-43.ent.ia64.rpm
abfa62220badaf7d7b93a5cde630ae64  php-devel-4.3.2-43.ent.ia64.rpm
11adcbbd47ffac285763d50fd908d1d1  php-imap-4.3.2-43.ent.ia64.rpm
fd5fbb0204913a6d9434ae3eb0db8ecd  php-ldap-4.3.2-43.ent.ia64.rpm
83237f7ccca6083e399849e6f0a8199d  php-mysql-4.3.2-43.ent.ia64.rpm
329701a34f032fd083997e57a847a42c  php-odbc-4.3.2-43.ent.ia64.rpm
d29db18bce3fc662c6fa32b2904eedd5  php-pgsql-4.3.2-43.ent.ia64.rpm

x86_64:
565b0086bd839e3f159df0a4b319f03c  php-4.3.2-43.ent.x86_64.rpm
8f319859a3ec2e3bee2bccdf01339acf  php-debuginfo-4.3.2-43.ent.x86_64.rpm
f14791f55049778f3bcd2c487fbb4f96  php-devel-4.3.2-43.ent.x86_64.rpm
7a294fe8956477a010a704afda6018e1  php-imap-4.3.2-43.ent.x86_64.rpm
7b821c42fffff83a0730ea9868eee776  php-ldap-4.3.2-43.ent.x86_64.rpm
30f84eab03194aa0f3c31e421f4d500a  php-mysql-4.3.2-43.ent.x86_64.rpm
f04cd3eb3b534f59e43f9adf78a2fd74  php-odbc-4.3.2-43.ent.x86_64.rpm
790783e4278bc7fa11c92bef527b98f8  php-pgsql-4.3.2-43.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
b47c9296c6ce86888a67b05522be212a  php-4.3.2-43.ent.src.rpm

i386:
48287cd240b7882ae3f7fdf542ff7aae  php-4.3.2-43.ent.i386.rpm
fce0efb98654d7c4f6ad6285635534bd  php-debuginfo-4.3.2-43.ent.i386.rpm
061c8104dd4966c41e942d5de657db86  php-devel-4.3.2-43.ent.i386.rpm
ee433ce0e9171f74854b6a1e061d4966  php-imap-4.3.2-43.ent.i386.rpm
55f82c10116501cd4aa105ba63c03cd9  php-ldap-4.3.2-43.ent.i386.rpm
8559b3584af7b03707e2f90914d6b22d  php-mysql-4.3.2-43.ent.i386.rpm
3df972c57317f7a8024e07d306149637  php-odbc-4.3.2-43.ent.i386.rpm
45994e8c72add0fcf962fb274ace1128  php-pgsql-4.3.2-43.ent.i386.rpm

ia64:
87273361a46742ca372f530ba0f96196  php-4.3.2-43.ent.ia64.rpm
ffacc50170e0f4442ae72df9b887785c  php-debuginfo-4.3.2-43.ent.ia64.rpm
abfa62220badaf7d7b93a5cde630ae64  php-devel-4.3.2-43.ent.ia64.rpm
11adcbbd47ffac285763d50fd908d1d1  php-imap-4.3.2-43.ent.ia64.rpm
fd5fbb0204913a6d9434ae3eb0db8ecd  php-ldap-4.3.2-43.ent.ia64.rpm
83237f7ccca6083e399849e6f0a8199d  php-mysql-4.3.2-43.ent.ia64.rpm
329701a34f032fd083997e57a847a42c  php-odbc-4.3.2-43.ent.ia64.rpm
d29db18bce3fc662c6fa32b2904eedd5  php-pgsql-4.3.2-43.ent.ia64.rpm

x86_64:
565b0086bd839e3f159df0a4b319f03c  php-4.3.2-43.ent.x86_64.rpm
8f319859a3ec2e3bee2bccdf01339acf  php-debuginfo-4.3.2-43.ent.x86_64.rpm
f14791f55049778f3bcd2c487fbb4f96  php-devel-4.3.2-43.ent.x86_64.rpm
7a294fe8956477a010a704afda6018e1  php-imap-4.3.2-43.ent.x86_64.rpm
7b821c42fffff83a0730ea9868eee776  php-ldap-4.3.2-43.ent.x86_64.rpm
30f84eab03194aa0f3c31e421f4d500a  php-mysql-4.3.2-43.ent.x86_64.rpm
f04cd3eb3b534f59e43f9adf78a2fd74  php-odbc-4.3.2-43.ent.x86_64.rpm
790783e4278bc7fa11c92bef527b98f8  php-pgsql-4.3.2-43.ent.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

RedHat: Moderate: php security update RHSA-2007:0889-01

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red ...

Summary



Summary

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. These updated packages address the following vulnerabilities: Various integer overflow flaws were found in the PHP gd extension script that could be forced to resize images from an untrusted source, possibly allowing a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that it is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) A flaw was found in the PHP "ftp" extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
5. Bug IDs fixed (http://bugzilla.redhat.com/):
239014 - CVE-2007-2509 php CRLF injection 242032 - CVE-2007-2872 php chunk_split integer overflow 242033 - CVE-2007-2756 php imagecreatefrompng infinite loop 250726 - CVE-2007-3799 php cross-site cookie insertion 276081 - CVE-2007-3998 php floating point exception inside wordwrap 278011 - CVE-2007-4658 php money_format format string issue 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS: b47c9296c6ce86888a67b05522be212a php-4.3.2-43.ent.src.rpm
i386: 48287cd240b7882ae3f7fdf542ff7aae php-4.3.2-43.ent.i386.rpm fce0efb98654d7c4f6ad6285635534bd php-debuginfo-4.3.2-43.ent.i386.rpm 061c8104dd4966c41e942d5de657db86 php-devel-4.3.2-43.ent.i386.rpm ee433ce0e9171f74854b6a1e061d4966 php-imap-4.3.2-43.ent.i386.rpm 55f82c10116501cd4aa105ba63c03cd9 php-ldap-4.3.2-43.ent.i386.rpm 8559b3584af7b03707e2f90914d6b22d php-mysql-4.3.2-43.ent.i386.rpm 3df972c57317f7a8024e07d306149637 php-odbc-4.3.2-43.ent.i386.rpm 45994e8c72add0fcf962fb274ace1128 php-pgsql-4.3.2-43.ent.i386.rpm
ia64: 87273361a46742ca372f530ba0f96196 php-4.3.2-43.ent.ia64.rpm ffacc50170e0f4442ae72df9b887785c php-debuginfo-4.3.2-43.ent.ia64.rpm abfa62220badaf7d7b93a5cde630ae64 php-devel-4.3.2-43.ent.ia64.rpm 11adcbbd47ffac285763d50fd908d1d1 php-imap-4.3.2-43.ent.ia64.rpm fd5fbb0204913a6d9434ae3eb0db8ecd php-ldap-4.3.2-43.ent.ia64.rpm 83237f7ccca6083e399849e6f0a8199d php-mysql-4.3.2-43.ent.ia64.rpm 329701a34f032fd083997e57a847a42c php-odbc-4.3.2-43.ent.ia64.rpm d29db18bce3fc662c6fa32b2904eedd5 php-pgsql-4.3.2-43.ent.ia64.rpm
ppc: 8d66ea62970615aff3344c8f45cf0df2 php-4.3.2-43.ent.ppc.rpm a2b04668cc67e7a32b21568a7db09b42 php-debuginfo-4.3.2-43.ent.ppc.rpm 38ee71769f7e4a7419fcb1f6e49d9a93 php-devel-4.3.2-43.ent.ppc.rpm 3994889a0b028a017935de817597509b php-imap-4.3.2-43.ent.ppc.rpm fb58fa0aed1212018ed97816536ebe5a php-ldap-4.3.2-43.ent.ppc.rpm e5df93d22a4867f141ae3a639cd24da5 php-mysql-4.3.2-43.ent.ppc.rpm c3c970d003c7e79ca37549ccdc787115 php-odbc-4.3.2-43.ent.ppc.rpm 8c8d73178d66854843781c66a203570a php-pgsql-4.3.2-43.ent.ppc.rpm
s390: f7b2ffb923d4c9e1bb78cef33673a6f4 php-4.3.2-43.ent.s390.rpm d43690eff58cc390d12ae50c2ed3ee7f php-debuginfo-4.3.2-43.ent.s390.rpm 86b7da671518f07560167aad68ea8e3e php-devel-4.3.2-43.ent.s390.rpm b8e4c194d39e2ac2963d3d837c598e1a php-imap-4.3.2-43.ent.s390.rpm ff69349cf24affebd32299a42465ff11 php-ldap-4.3.2-43.ent.s390.rpm c3af8cc86094b95ffb8d7be041459565 php-mysql-4.3.2-43.ent.s390.rpm 170233603a57dc4e1f37933324d8cd75 php-odbc-4.3.2-43.ent.s390.rpm 4122e4b956d2a834532767995546b574 php-pgsql-4.3.2-43.ent.s390.rpm
s390x: 928bdd25d4ec1c95f62d2d1407bd789d php-4.3.2-43.ent.s390x.rpm b8be92d51a237e88d844234464e2d029 php-debuginfo-4.3.2-43.ent.s390x.rpm 7dfc45467cd627944eebeb4e7f00a7e3 php-devel-4.3.2-43.ent.s390x.rpm 798a688177de21abc337f56d02624d50 php-imap-4.3.2-43.ent.s390x.rpm 316e794fcf403ba535696fcf9adfe2f9 php-ldap-4.3.2-43.ent.s390x.rpm 8d42bbad73d4c083c118c6211c8a6e41 php-mysql-4.3.2-43.ent.s390x.rpm 9dd63fc5b55477245a4d7703831d03bd php-odbc-4.3.2-43.ent.s390x.rpm bc0d3310f0da84fa40ac8caa3a51b537 php-pgsql-4.3.2-43.ent.s390x.rpm
x86_64: 565b0086bd839e3f159df0a4b319f03c php-4.3.2-43.ent.x86_64.rpm 8f319859a3ec2e3bee2bccdf01339acf php-debuginfo-4.3.2-43.ent.x86_64.rpm f14791f55049778f3bcd2c487fbb4f96 php-devel-4.3.2-43.ent.x86_64.rpm 7a294fe8956477a010a704afda6018e1 php-imap-4.3.2-43.ent.x86_64.rpm 7b821c42fffff83a0730ea9868eee776 php-ldap-4.3.2-43.ent.x86_64.rpm 30f84eab03194aa0f3c31e421f4d500a php-mysql-4.3.2-43.ent.x86_64.rpm f04cd3eb3b534f59e43f9adf78a2fd74 php-odbc-4.3.2-43.ent.x86_64.rpm 790783e4278bc7fa11c92bef527b98f8 php-pgsql-4.3.2-43.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS: b47c9296c6ce86888a67b05522be212a php-4.3.2-43.ent.src.rpm
i386: 48287cd240b7882ae3f7fdf542ff7aae php-4.3.2-43.ent.i386.rpm fce0efb98654d7c4f6ad6285635534bd php-debuginfo-4.3.2-43.ent.i386.rpm 061c8104dd4966c41e942d5de657db86 php-devel-4.3.2-43.ent.i386.rpm ee433ce0e9171f74854b6a1e061d4966 php-imap-4.3.2-43.ent.i386.rpm 55f82c10116501cd4aa105ba63c03cd9 php-ldap-4.3.2-43.ent.i386.rpm 8559b3584af7b03707e2f90914d6b22d php-mysql-4.3.2-43.ent.i386.rpm 3df972c57317f7a8024e07d306149637 php-odbc-4.3.2-43.ent.i386.rpm 45994e8c72add0fcf962fb274ace1128 php-pgsql-4.3.2-43.ent.i386.rpm
x86_64: 565b0086bd839e3f159df0a4b319f03c php-4.3.2-43.ent.x86_64.rpm 8f319859a3ec2e3bee2bccdf01339acf php-debuginfo-4.3.2-43.ent.x86_64.rpm f14791f55049778f3bcd2c487fbb4f96 php-devel-4.3.2-43.ent.x86_64.rpm 7a294fe8956477a010a704afda6018e1 php-imap-4.3.2-43.ent.x86_64.rpm 7b821c42fffff83a0730ea9868eee776 php-ldap-4.3.2-43.ent.x86_64.rpm 30f84eab03194aa0f3c31e421f4d500a php-mysql-4.3.2-43.ent.x86_64.rpm f04cd3eb3b534f59e43f9adf78a2fd74 php-odbc-4.3.2-43.ent.x86_64.rpm 790783e4278bc7fa11c92bef527b98f8 php-pgsql-4.3.2-43.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS: b47c9296c6ce86888a67b05522be212a php-4.3.2-43.ent.src.rpm
i386: 48287cd240b7882ae3f7fdf542ff7aae php-4.3.2-43.ent.i386.rpm fce0efb98654d7c4f6ad6285635534bd php-debuginfo-4.3.2-43.ent.i386.rpm 061c8104dd4966c41e942d5de657db86 php-devel-4.3.2-43.ent.i386.rpm ee433ce0e9171f74854b6a1e061d4966 php-imap-4.3.2-43.ent.i386.rpm 55f82c10116501cd4aa105ba63c03cd9 php-ldap-4.3.2-43.ent.i386.rpm 8559b3584af7b03707e2f90914d6b22d php-mysql-4.3.2-43.ent.i386.rpm 3df972c57317f7a8024e07d306149637 php-odbc-4.3.2-43.ent.i386.rpm 45994e8c72add0fcf962fb274ace1128 php-pgsql-4.3.2-43.ent.i386.rpm
ia64: 87273361a46742ca372f530ba0f96196 php-4.3.2-43.ent.ia64.rpm ffacc50170e0f4442ae72df9b887785c php-debuginfo-4.3.2-43.ent.ia64.rpm abfa62220badaf7d7b93a5cde630ae64 php-devel-4.3.2-43.ent.ia64.rpm 11adcbbd47ffac285763d50fd908d1d1 php-imap-4.3.2-43.ent.ia64.rpm fd5fbb0204913a6d9434ae3eb0db8ecd php-ldap-4.3.2-43.ent.ia64.rpm 83237f7ccca6083e399849e6f0a8199d php-mysql-4.3.2-43.ent.ia64.rpm 329701a34f032fd083997e57a847a42c php-odbc-4.3.2-43.ent.ia64.rpm d29db18bce3fc662c6fa32b2904eedd5 php-pgsql-4.3.2-43.ent.ia64.rpm
x86_64: 565b0086bd839e3f159df0a4b319f03c php-4.3.2-43.ent.x86_64.rpm 8f319859a3ec2e3bee2bccdf01339acf php-debuginfo-4.3.2-43.ent.x86_64.rpm f14791f55049778f3bcd2c487fbb4f96 php-devel-4.3.2-43.ent.x86_64.rpm 7a294fe8956477a010a704afda6018e1 php-imap-4.3.2-43.ent.x86_64.rpm 7b821c42fffff83a0730ea9868eee776 php-ldap-4.3.2-43.ent.x86_64.rpm 30f84eab03194aa0f3c31e421f4d500a php-mysql-4.3.2-43.ent.x86_64.rpm f04cd3eb3b534f59e43f9adf78a2fd74 php-odbc-4.3.2-43.ent.x86_64.rpm 790783e4278bc7fa11c92bef527b98f8 php-pgsql-4.3.2-43.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS: b47c9296c6ce86888a67b05522be212a php-4.3.2-43.ent.src.rpm
i386: 48287cd240b7882ae3f7fdf542ff7aae php-4.3.2-43.ent.i386.rpm fce0efb98654d7c4f6ad6285635534bd php-debuginfo-4.3.2-43.ent.i386.rpm 061c8104dd4966c41e942d5de657db86 php-devel-4.3.2-43.ent.i386.rpm ee433ce0e9171f74854b6a1e061d4966 php-imap-4.3.2-43.ent.i386.rpm 55f82c10116501cd4aa105ba63c03cd9 php-ldap-4.3.2-43.ent.i386.rpm 8559b3584af7b03707e2f90914d6b22d php-mysql-4.3.2-43.ent.i386.rpm 3df972c57317f7a8024e07d306149637 php-odbc-4.3.2-43.ent.i386.rpm 45994e8c72add0fcf962fb274ace1128 php-pgsql-4.3.2-43.ent.i386.rpm
ia64: 87273361a46742ca372f530ba0f96196 php-4.3.2-43.ent.ia64.rpm ffacc50170e0f4442ae72df9b887785c php-debuginfo-4.3.2-43.ent.ia64.rpm abfa62220badaf7d7b93a5cde630ae64 php-devel-4.3.2-43.ent.ia64.rpm 11adcbbd47ffac285763d50fd908d1d1 php-imap-4.3.2-43.ent.ia64.rpm fd5fbb0204913a6d9434ae3eb0db8ecd php-ldap-4.3.2-43.ent.ia64.rpm 83237f7ccca6083e399849e6f0a8199d php-mysql-4.3.2-43.ent.ia64.rpm 329701a34f032fd083997e57a847a42c php-odbc-4.3.2-43.ent.ia64.rpm d29db18bce3fc662c6fa32b2904eedd5 php-pgsql-4.3.2-43.ent.ia64.rpm
x86_64: 565b0086bd839e3f159df0a4b319f03c php-4.3.2-43.ent.x86_64.rpm 8f319859a3ec2e3bee2bccdf01339acf php-debuginfo-4.3.2-43.ent.x86_64.rpm f14791f55049778f3bcd2c487fbb4f96 php-devel-4.3.2-43.ent.x86_64.rpm 7a294fe8956477a010a704afda6018e1 php-imap-4.3.2-43.ent.x86_64.rpm 7b821c42fffff83a0730ea9868eee776 php-ldap-4.3.2-43.ent.x86_64.rpm 30f84eab03194aa0f3c31e421f4d500a php-mysql-4.3.2-43.ent.x86_64.rpm f04cd3eb3b534f59e43f9adf78a2fd74 php-odbc-4.3.2-43.ent.x86_64.rpm 790783e4278bc7fa11c92bef527b98f8 php-pgsql-4.3.2-43.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 http://www.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2007:0889-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0889.html
Issued Date: : 2007-09-26
Updated on: 2007-09-26
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-2509 CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64


Bugs Fixed


Related News

19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved