Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Red Hat: RHSA-2007:0888-01 Moderate: PHP Integer Overflow Exploit

red hat
Calendar Grey October 23, 2007
Dist Redhat Esm H88
Recent updates to PHP packages for Red Hat resolve multiple vulnerabilities, significantly improving the security posture of the Apache web server environment.
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

239014 - CVE-2007-2509 php CRLF injection 242032 - CVE-2007-2872 php chunk_split integer overflow 250726 - CVE-2007-3799 php cross-site cookie insertion 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 :

SRPMS: d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm

i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm

ia64: 6f9788224b1a661895378c206402d190 php-4.1.2-2.19.ia64.rpm dcfe6c96266cc9c0f7cf6bac756dc548 php-devel-4.1.2-2.19.ia64.rpm 539a654c81629bfbda65b5e9827d9da0 php-imap-4.1.2-2.19.ia64.rpm 7152cbca5380150e77098c616af0e7dd php-ldap-4.1.2-2.19.ia64.rpm 06098dc1102450a0f11ae94823f6c4b0 php-manual-4.1.2-2.19.ia64.rpm 546cb984504a375bbdad6999e2b0748f php-mysql-4.1.2-2.19.ia64.rpm fdb45b74ed4414297f0fe366507b3d44 php-odbc-4.1.2-2.19.ia64.rpm a8a8b6b9e5da2af891fddb1199c429f4 php-pgsql-4.1.2-2.19.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS: d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm

ia64: 6f9788224b1a661895378c206402d190 php-4.1.2-2.19.ia64.rpm dcfe6c96266cc9c0f7cf6bac756dc548 php-devel-4.1.2-2.19.ia64.rpm 539a654c81629bfbda65b5e9827d9da0 php-imap-4.1.2-2.19.ia64.rpm 7152cbca5380150e77098c616af0e7dd php-ldap-4.1.2-2.19.ia64.rpm 06098dc1102450a0f11ae94823f6c4b0 php-manual-4.1.2-2.19.ia64.rpm 546cb984504a375bbdad6999e2b0748f php-mysql-4.1.2-2.19.ia64.rpm fdb45b74ed4414297f0fe366507b3d44 php-odbc-4.1.2-2.19.ia64.rpm a8a8b6b9e5da2af891fddb1199c429f4 php-pgsql-4.1.2-2.19.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS: d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm

i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS: d59c419407bc7f55ae909d8f36226ed3 php-4.1.2-2.19.src.rpm

i386: 2c6c7d5c75706e695608992a48312dc9 php-4.1.2-2.19.i386.rpm ac1a914700f541022790f14f7f4be67e php-devel-4.1.2-2.19.i386.rpm dbb6a6a436edfd6af00ceb50c69871f0 php-imap-4.1.2-2.19.i386.rpm e18872974d96d7d6645ff9eb5e8df70e php-ldap-4.1.2-2.19.i386.rpm 0b5816829e4fe08c75da34bc49f235b0 php-manual-4.1.2-2.19.i386.rpm 4e1ffad2e6f96b7099fb60f8ee7b41de php-mysql-4.1.2-2.19.i386.rpm 27a0b33680d1380c3e27292881e5ddb3 php-odbc-4.1.2-2.19.i386.rpm cdd8dab08dc25799a4bc56d23157aa64 php-pgsql-4.1.2-2.19.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.cve.org/CVERecord?id=CVE-2007-2509 https://www.cve.org/CVERecord?id=CVE-2007-2872 https://www.cve.org/CVERecord?id=CVE-2007-3799 https://www.cve.org/CVERecord?id=CVE-2007-3996 https://www.cve.org/CVERecord?id=CVE-2007-4670 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2007:0888-01
Issue date: 2007-10-23
Updated on: 2007-10-23
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64

Red Hat Linux Advanced Workstation 2.1 - ia64

Red Hat Enterprise Linux ES version 2.1 - i386

Red Hat Enterprise Linux WS version 2.1 - i386

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here