Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Red Hat Enterprise Linux 2.1 RHSA-2006:0501-02 Moderate PHP Vulnerabilities

red hat
Calendar Grey May 23, 2006
Dist Redhat Esm H88
Numerous vulnerabilities addressed following the recent patch for Red Hat Enterprise Linux 2.1. Ensure essential updates are applied!
Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

104249 - php SRPM has silent IMAP dependency 190519 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw 190524 - CVE-2005-2933 imap buffer overflow 190526 - CVE-2006-0996 phpinfo() XSS issue 191474 - CVE-2006-1990 php wordwrap integer overflow

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS: 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

ia64: e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm 33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm 743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm 3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm 165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm 9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

ia64: e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm 33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm 743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm 3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm 165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm 9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm

i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2005-2933 https://www.cve.org/CVERecord?id=CVE-2006-0208 https://www.cve.org/CVERecord?id=CVE-2006-0996 https://www.cve.org/CVERecord?id=CVE-2006-1990 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2006:0501-02
Issue date: 2006-05-23
Updated on: 2006-05-23
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here