Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Red Hat Software Suite: RHSA-2010:0754-01 Important: Java Memory Corruption

Calendar Oct 25, 2007 User Avatar LinuxSecurity Advisories
5 - 9 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security update code execution moderate impact integer overflow PHP Red Hat Application Stack
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 
- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Moderate: php security update
Advisory ID:       RHSA-2007:0891-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0891.html
Issue date:        2007-10-25
Updated on:        2007-10-25
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 
                   CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 
                   CVE-2007-4670 
- ---------------------------------------------------------------------1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

These updated packages address the following vulnerabilities:

Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_script function
with a user-supplied third argument. (CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)

An infinite-loop flaw was discovered in the PHP gd extension. A script
that could be forced to process PNG images from an untrusted source could
allow a remote attacker to cause a denial of service. (CVE-2007-2756)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

242032 - CVE-2007-2872 php chunk_split integer overflow
242033 - CVE-2007-2756 php imagecreatefrompng infinite loop
250726 - CVE-2007-3799 php cross-site cookie insertion
276081 - CVE-2007-3998 php floating point exception inside wordwrap
278011 - CVE-2007-4658 php money_format format string issue
278031 - CVE-2007-3996 php multiple integer overflows in gd
278041 - CVE-2007-4670 php malformed cookie handling

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
5a5a93ea5e81fd4432071154467d55b2  php-5.1.6-3.el4s1.8.src.rpm

i386:
f1c52f8badcbf8a02590cf030c73e8b2  php-5.1.6-3.el4s1.8.i386.rpm
6167cad0145903ca5ce649042bc118e2  php-bcmath-5.1.6-3.el4s1.8.i386.rpm
72d49a3c7a73ee813b4eaf14abec105d  php-cli-5.1.6-3.el4s1.8.i386.rpm
6d7b667d87a970e99567dcc2c5dd01c0  php-common-5.1.6-3.el4s1.8.i386.rpm
195c2d08b5b332aaf6dd5b286c7fdc4d  php-dba-5.1.6-3.el4s1.8.i386.rpm
3e6ae9b89e1f4c420c23740027719836  php-debuginfo-5.1.6-3.el4s1.8.i386.rpm
c5da559c8d4bb7e3e5fa0ca7a0846272  php-devel-5.1.6-3.el4s1.8.i386.rpm
4448f622d41047f70e5efb05092b28e6  php-gd-5.1.6-3.el4s1.8.i386.rpm
13549ef2f56cf39213411c974dc25511  php-imap-5.1.6-3.el4s1.8.i386.rpm
557b76135e9ca5b5be3a068afb176d2c  php-ldap-5.1.6-3.el4s1.8.i386.rpm
fd5d5c58dfc2ab580d51a33443243120  php-mbstring-5.1.6-3.el4s1.8.i386.rpm
2b48409dce9bdcc6e9af76e512fce9e6  php-mysql-5.1.6-3.el4s1.8.i386.rpm
4c4ca089595dbad0d002b60f92ff687d  php-ncurses-5.1.6-3.el4s1.8.i386.rpm
2aa0c5973aa47a0c7389f1a98902eac7  php-odbc-5.1.6-3.el4s1.8.i386.rpm
bee9d1881d4e48e013c6b02045212d72  php-pdo-5.1.6-3.el4s1.8.i386.rpm
16cc1a7ea42c1dfa162b04a29b8744f7  php-pgsql-5.1.6-3.el4s1.8.i386.rpm
727852222040bb489a2c422adcd07095  php-snmp-5.1.6-3.el4s1.8.i386.rpm
895121dd4d3467132f8c7d0deb89d03e  php-soap-5.1.6-3.el4s1.8.i386.rpm
a79fdb3ccceec34644499cd36763cbcb  php-xml-5.1.6-3.el4s1.8.i386.rpm
6fbac183b81ce2d0335ff495f6975826  php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm

x86_64:
a03004e6fc62309fc53c8aed9037ec3c  php-5.1.6-3.el4s1.8.x86_64.rpm
a7004bcf974fee87a93e29d8f09e2864  php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm
42d8fe8df8fc88fce408e9a74082b1ec  php-cli-5.1.6-3.el4s1.8.x86_64.rpm
3fff0d6177109b60b0c71d1674d2b426  php-common-5.1.6-3.el4s1.8.x86_64.rpm
424626a6d5c2cdeadb1bd83dd3625b36  php-dba-5.1.6-3.el4s1.8.x86_64.rpm
40259731512102f696b3ef6f381d5af5  php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm
27e5b064afba826d0bc730213d4e0a62  php-devel-5.1.6-3.el4s1.8.x86_64.rpm
a46bc2a96e2fd3be080c8deeb02417db  php-gd-5.1.6-3.el4s1.8.x86_64.rpm
dd6b22f140922f0a6eed431215db2f90  php-imap-5.1.6-3.el4s1.8.x86_64.rpm
0a400488fe0e9eca51a37f49b92b8dff  php-ldap-5.1.6-3.el4s1.8.x86_64.rpm
ad082a623b672b555a1246d71d46fd5b  php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm
9d2df5c954e70f58a4cb157f672e1684  php-mysql-5.1.6-3.el4s1.8.x86_64.rpm
0531af6e0d8272df2b9886f8d3dc92fe  php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm
ac4c00d2126af30777d44cdc8e2a02b4  php-odbc-5.1.6-3.el4s1.8.x86_64.rpm
8224c48bf245ff54f7483cb9c2bf3a2c  php-pdo-5.1.6-3.el4s1.8.x86_64.rpm
e74d967c5f590b6e5191d65821fd0ce7  php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm
d2a65e385b3ea99d833d4af8e8991257  php-snmp-5.1.6-3.el4s1.8.x86_64.rpm
51c6db19ebd3b1a473aaa20670025c26  php-soap-5.1.6-3.el4s1.8.x86_64.rpm
7afc87f20da8aeee286a68be9202ce8b  php-xml-5.1.6-3.el4s1.8.x86_64.rpm
1ab5380da805b9cb87ab7879316bddac  php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
5a5a93ea5e81fd4432071154467d55b2  php-5.1.6-3.el4s1.8.src.rpm

i386:
f1c52f8badcbf8a02590cf030c73e8b2  php-5.1.6-3.el4s1.8.i386.rpm
6167cad0145903ca5ce649042bc118e2  php-bcmath-5.1.6-3.el4s1.8.i386.rpm
72d49a3c7a73ee813b4eaf14abec105d  php-cli-5.1.6-3.el4s1.8.i386.rpm
6d7b667d87a970e99567dcc2c5dd01c0  php-common-5.1.6-3.el4s1.8.i386.rpm
195c2d08b5b332aaf6dd5b286c7fdc4d  php-dba-5.1.6-3.el4s1.8.i386.rpm
3e6ae9b89e1f4c420c23740027719836  php-debuginfo-5.1.6-3.el4s1.8.i386.rpm
c5da559c8d4bb7e3e5fa0ca7a0846272  php-devel-5.1.6-3.el4s1.8.i386.rpm
4448f622d41047f70e5efb05092b28e6  php-gd-5.1.6-3.el4s1.8.i386.rpm
13549ef2f56cf39213411c974dc25511  php-imap-5.1.6-3.el4s1.8.i386.rpm
557b76135e9ca5b5be3a068afb176d2c  php-ldap-5.1.6-3.el4s1.8.i386.rpm
fd5d5c58dfc2ab580d51a33443243120  php-mbstring-5.1.6-3.el4s1.8.i386.rpm
2b48409dce9bdcc6e9af76e512fce9e6  php-mysql-5.1.6-3.el4s1.8.i386.rpm
4c4ca089595dbad0d002b60f92ff687d  php-ncurses-5.1.6-3.el4s1.8.i386.rpm
2aa0c5973aa47a0c7389f1a98902eac7  php-odbc-5.1.6-3.el4s1.8.i386.rpm
bee9d1881d4e48e013c6b02045212d72  php-pdo-5.1.6-3.el4s1.8.i386.rpm
16cc1a7ea42c1dfa162b04a29b8744f7  php-pgsql-5.1.6-3.el4s1.8.i386.rpm
727852222040bb489a2c422adcd07095  php-snmp-5.1.6-3.el4s1.8.i386.rpm
895121dd4d3467132f8c7d0deb89d03e  php-soap-5.1.6-3.el4s1.8.i386.rpm
a79fdb3ccceec34644499cd36763cbcb  php-xml-5.1.6-3.el4s1.8.i386.rpm
6fbac183b81ce2d0335ff495f6975826  php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm

x86_64:
a03004e6fc62309fc53c8aed9037ec3c  php-5.1.6-3.el4s1.8.x86_64.rpm
a7004bcf974fee87a93e29d8f09e2864  php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm
42d8fe8df8fc88fce408e9a74082b1ec  php-cli-5.1.6-3.el4s1.8.x86_64.rpm
3fff0d6177109b60b0c71d1674d2b426  php-common-5.1.6-3.el4s1.8.x86_64.rpm
424626a6d5c2cdeadb1bd83dd3625b36  php-dba-5.1.6-3.el4s1.8.x86_64.rpm
40259731512102f696b3ef6f381d5af5  php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm
27e5b064afba826d0bc730213d4e0a62  php-devel-5.1.6-3.el4s1.8.x86_64.rpm
a46bc2a96e2fd3be080c8deeb02417db  php-gd-5.1.6-3.el4s1.8.x86_64.rpm
dd6b22f140922f0a6eed431215db2f90  php-imap-5.1.6-3.el4s1.8.x86_64.rpm
0a400488fe0e9eca51a37f49b92b8dff  php-ldap-5.1.6-3.el4s1.8.x86_64.rpm
ad082a623b672b555a1246d71d46fd5b  php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm
9d2df5c954e70f58a4cb157f672e1684  php-mysql-5.1.6-3.el4s1.8.x86_64.rpm
0531af6e0d8272df2b9886f8d3dc92fe  php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm
ac4c00d2126af30777d44cdc8e2a02b4  php-odbc-5.1.6-3.el4s1.8.x86_64.rpm
8224c48bf245ff54f7483cb9c2bf3a2c  php-pdo-5.1.6-3.el4s1.8.x86_64.rpm
e74d967c5f590b6e5191d65821fd0ce7  php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm
d2a65e385b3ea99d833d4af8e8991257  php-snmp-5.1.6-3.el4s1.8.x86_64.rpm
51c6db19ebd3b1a473aaa20670025c26  php-soap-5.1.6-3.el4s1.8.x86_64.rpm
7afc87f20da8aeee286a68be9202ce8b  php-xml-5.1.6-3.el4s1.8.x86_64.rpm
1ab5380da805b9cb87ab7879316bddac  php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key#package

7. References:

https://www.cve.org/CVERecord?id=CVE-2007-2756
https://www.cve.org/CVERecord?id=CVE-2007-2872
https://www.cve.org/CVERecord?id=CVE-2007-3799
https://www.cve.org/CVERecord?id=CVE-2007-3996
https://www.cve.org/CVERecord?id=CVE-2007-3998
https://www.cve.org/CVERecord?id=CVE-2007-4658
https://www.cve.org/CVERecord?id=CVE-2007-4670
https://access.redhat.com/security/updates/classification#moderate

8. Contact:

The Red Hat security contact is .  More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.

Red Hat Software Suite: RHSA-2010:0754-01 Important: Java Memory Corruption

red hat
Calendar Grey October 25, 2007
Dist Redhat Esm H88
Understand the Red Hat PHP security notice regarding integer overflow vulnerabilities and the recommended best practices for effectively implementing necessary updates
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

5. Bug IDs fixed (http://bugzilla.redhat.com/):

242032 - CVE-2007-2872 php chunk_split integer overflow 242033 - CVE-2007-2756 php imagecreatefrompng infinite loop 250726 - CVE-2007-3799 php cross-site cookie insertion 276081 - CVE-2007-3998 php floating point exception inside wordwrap 278011 - CVE-2007-4658 php money_format format string issue 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS: 5a5a93ea5e81fd4432071154467d55b2 php-5.1.6-3.el4s1.8.src.rpm

i386: f1c52f8badcbf8a02590cf030c73e8b2 php-5.1.6-3.el4s1.8.i386.rpm 6167cad0145903ca5ce649042bc118e2 php-bcmath-5.1.6-3.el4s1.8.i386.rpm 72d49a3c7a73ee813b4eaf14abec105d php-cli-5.1.6-3.el4s1.8.i386.rpm 6d7b667d87a970e99567dcc2c5dd01c0 php-common-5.1.6-3.el4s1.8.i386.rpm 195c2d08b5b332aaf6dd5b286c7fdc4d php-dba-5.1.6-3.el4s1.8.i386.rpm 3e6ae9b89e1f4c420c23740027719836 php-debuginfo-5.1.6-3.el4s1.8.i386.rpm c5da559c8d4bb7e3e5fa0ca7a0846272 php-devel-5.1.6-3.el4s1.8.i386.rpm 4448f622d41047f70e5efb05092b28e6 php-gd-5.1.6-3.el4s1.8.i386.rpm 13549ef2f56cf39213411c974dc25511 php-imap-5.1.6-3.el4s1.8.i386.rpm 557b76135e9ca5b5be3a068afb176d2c php-ldap-5.1.6-3.el4s1.8.i386.rpm fd5d5c58dfc2ab580d51a33443243120 php-mbstring-5.1.6-3.el4s1.8.i386.rpm 2b48409dce9bdcc6e9af76e512fce9e6 php-mysql-5.1.6-3.el4s1.8.i386.rpm 4c4ca089595dbad0d002b60f92ff687d php-ncurses-5.1.6-3.el4s1.8.i386.rpm 2aa0c5973aa47a0c7389f1a98902eac7 php-odbc-5.1.6-3.el4s1.8.i386.rpm bee9d1881d4e48e013c6b02045212d72 php-pdo-5.1.6-3.el4s1.8.i386.rpm 16cc1a7ea42c1dfa162b04a29b8744f7 php-pgsql-5.1.6-3.el4s1.8.i386.rpm 727852222040bb489a2c422adcd07095 php-snmp-5.1.6-3.el4s1.8.i386.rpm 895121dd4d3467132f8c7d0deb89d03e php-soap-5.1.6-3.el4s1.8.i386.rpm a79fdb3ccceec34644499cd36763cbcb php-xml-5.1.6-3.el4s1.8.i386.rpm 6fbac183b81ce2d0335ff495f6975826 php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm

x86_64: a03004e6fc62309fc53c8aed9037ec3c php-5.1.6-3.el4s1.8.x86_64.rpm a7004bcf974fee87a93e29d8f09e2864 php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm 42d8fe8df8fc88fce408e9a74082b1ec php-cli-5.1.6-3.el4s1.8.x86_64.rpm 3fff0d6177109b60b0c71d1674d2b426 php-common-5.1.6-3.el4s1.8.x86_64.rpm 424626a6d5c2cdeadb1bd83dd3625b36 php-dba-5.1.6-3.el4s1.8.x86_64.rpm 40259731512102f696b3ef6f381d5af5 php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm 27e5b064afba826d0bc730213d4e0a62 php-devel-5.1.6-3.el4s1.8.x86_64.rpm a46bc2a96e2fd3be080c8deeb02417db php-gd-5.1.6-3.el4s1.8.x86_64.rpm dd6b22f140922f0a6eed431215db2f90 php-imap-5.1.6-3.el4s1.8.x86_64.rpm 0a400488fe0e9eca51a37f49b92b8dff php-ldap-5.1.6-3.el4s1.8.x86_64.rpm ad082a623b672b555a1246d71d46fd5b php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm 9d2df5c954e70f58a4cb157f672e1684 php-mysql-5.1.6-3.el4s1.8.x86_64.rpm 0531af6e0d8272df2b9886f8d3dc92fe php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm ac4c00d2126af30777d44cdc8e2a02b4 php-odbc-5.1.6-3.el4s1.8.x86_64.rpm 8224c48bf245ff54f7483cb9c2bf3a2c php-pdo-5.1.6-3.el4s1.8.x86_64.rpm e74d967c5f590b6e5191d65821fd0ce7 php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm d2a65e385b3ea99d833d4af8e8991257 php-snmp-5.1.6-3.el4s1.8.x86_64.rpm 51c6db19ebd3b1a473aaa20670025c26 php-soap-5.1.6-3.el4s1.8.x86_64.rpm 7afc87f20da8aeee286a68be9202ce8b php-xml-5.1.6-3.el4s1.8.x86_64.rpm 1ab5380da805b9cb87ab7879316bddac php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS: 5a5a93ea5e81fd4432071154467d55b2 php-5.1.6-3.el4s1.8.src.rpm

i386: f1c52f8badcbf8a02590cf030c73e8b2 php-5.1.6-3.el4s1.8.i386.rpm 6167cad0145903ca5ce649042bc118e2 php-bcmath-5.1.6-3.el4s1.8.i386.rpm 72d49a3c7a73ee813b4eaf14abec105d php-cli-5.1.6-3.el4s1.8.i386.rpm 6d7b667d87a970e99567dcc2c5dd01c0 php-common-5.1.6-3.el4s1.8.i386.rpm 195c2d08b5b332aaf6dd5b286c7fdc4d php-dba-5.1.6-3.el4s1.8.i386.rpm 3e6ae9b89e1f4c420c23740027719836 php-debuginfo-5.1.6-3.el4s1.8.i386.rpm c5da559c8d4bb7e3e5fa0ca7a0846272 php-devel-5.1.6-3.el4s1.8.i386.rpm 4448f622d41047f70e5efb05092b28e6 php-gd-5.1.6-3.el4s1.8.i386.rpm 13549ef2f56cf39213411c974dc25511 php-imap-5.1.6-3.el4s1.8.i386.rpm 557b76135e9ca5b5be3a068afb176d2c php-ldap-5.1.6-3.el4s1.8.i386.rpm fd5d5c58dfc2ab580d51a33443243120 php-mbstring-5.1.6-3.el4s1.8.i386.rpm 2b48409dce9bdcc6e9af76e512fce9e6 php-mysql-5.1.6-3.el4s1.8.i386.rpm 4c4ca089595dbad0d002b60f92ff687d php-ncurses-5.1.6-3.el4s1.8.i386.rpm 2aa0c5973aa47a0c7389f1a98902eac7 php-odbc-5.1.6-3.el4s1.8.i386.rpm bee9d1881d4e48e013c6b02045212d72 php-pdo-5.1.6-3.el4s1.8.i386.rpm 16cc1a7ea42c1dfa162b04a29b8744f7 php-pgsql-5.1.6-3.el4s1.8.i386.rpm 727852222040bb489a2c422adcd07095 php-snmp-5.1.6-3.el4s1.8.i386.rpm 895121dd4d3467132f8c7d0deb89d03e php-soap-5.1.6-3.el4s1.8.i386.rpm a79fdb3ccceec34644499cd36763cbcb php-xml-5.1.6-3.el4s1.8.i386.rpm 6fbac183b81ce2d0335ff495f6975826 php-xmlrpc-5.1.6-3.el4s1.8.i386.rpm

x86_64: a03004e6fc62309fc53c8aed9037ec3c php-5.1.6-3.el4s1.8.x86_64.rpm a7004bcf974fee87a93e29d8f09e2864 php-bcmath-5.1.6-3.el4s1.8.x86_64.rpm 42d8fe8df8fc88fce408e9a74082b1ec php-cli-5.1.6-3.el4s1.8.x86_64.rpm 3fff0d6177109b60b0c71d1674d2b426 php-common-5.1.6-3.el4s1.8.x86_64.rpm 424626a6d5c2cdeadb1bd83dd3625b36 php-dba-5.1.6-3.el4s1.8.x86_64.rpm 40259731512102f696b3ef6f381d5af5 php-debuginfo-5.1.6-3.el4s1.8.x86_64.rpm 27e5b064afba826d0bc730213d4e0a62 php-devel-5.1.6-3.el4s1.8.x86_64.rpm a46bc2a96e2fd3be080c8deeb02417db php-gd-5.1.6-3.el4s1.8.x86_64.rpm dd6b22f140922f0a6eed431215db2f90 php-imap-5.1.6-3.el4s1.8.x86_64.rpm 0a400488fe0e9eca51a37f49b92b8dff php-ldap-5.1.6-3.el4s1.8.x86_64.rpm ad082a623b672b555a1246d71d46fd5b php-mbstring-5.1.6-3.el4s1.8.x86_64.rpm 9d2df5c954e70f58a4cb157f672e1684 php-mysql-5.1.6-3.el4s1.8.x86_64.rpm 0531af6e0d8272df2b9886f8d3dc92fe php-ncurses-5.1.6-3.el4s1.8.x86_64.rpm ac4c00d2126af30777d44cdc8e2a02b4 php-odbc-5.1.6-3.el4s1.8.x86_64.rpm 8224c48bf245ff54f7483cb9c2bf3a2c php-pdo-5.1.6-3.el4s1.8.x86_64.rpm e74d967c5f590b6e5191d65821fd0ce7 php-pgsql-5.1.6-3.el4s1.8.x86_64.rpm d2a65e385b3ea99d833d4af8e8991257 php-snmp-5.1.6-3.el4s1.8.x86_64.rpm 51c6db19ebd3b1a473aaa20670025c26 php-soap-5.1.6-3.el4s1.8.x86_64.rpm 7afc87f20da8aeee286a68be9202ce8b php-xml-5.1.6-3.el4s1.8.x86_64.rpm 1ab5380da805b9cb87ab7879316bddac php-xmlrpc-5.1.6-3.el4s1.8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

Topics%20covered

Topics Covered

security advisory security update code execution moderate impact integer overflow PHP Red Hat Application Stack

References

https://www.cve.org/CVERecord?id=CVE-2007-2756 https://www.cve.org/CVERecord?id=CVE-2007-2872 https://www.cve.org/CVERecord?id=CVE-2007-3799 https://www.cve.org/CVERecord?id=CVE-2007-3996 https://www.cve.org/CVERecord?id=CVE-2007-3998 https://www.cve.org/CVERecord?id=CVE-2007-4658 https://www.cve.org/CVERecord?id=CVE-2007-4670 https://access.redhat.com/security/updates/classification#moderate

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2007:0891-01
Advisory URL: https://access.redhat.com/errata/RHSA-2007:0891.html
Issue date: 2007-10-25
Updated on: 2007-10-25
Product: Red Hat Application Stack

Topic

Topics%20covered

Topics Covered

security advisory security update code execution moderate impact integer overflow PHP Red Hat Application Stack

Relevant Releases Architectures

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64

Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here