Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Scientific Linux: 2008-07-16 Moderate: PHP Security Issues Detected

Scientific Large Esm H446
Moderate: php security update
Date: Wed, 16 Jul 2008 13:35:07 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA for php on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Moderate: php security update
Issue date:	2008-07-16
CVE Names:	CVE-2008-2051 CVE-2007-5898 CVE-2007-5899
 CVE-2007-4782 CVE-2008-2107 CVE-2008-2108

It was discovered that the PHP escapeshellcmd() function did not properly
escape multi-byte characters which are not valid in the locale used by the
script. This could allow an attacker to bypass quoting restrictions imposed
by escapeshellcmd() and execute arbitrary commands if the PHP script was
using certain locales. Scripts using the default UTF-8 locale are not
affected by this issue. (CVE-2008-2051)

PHP functions htmlentities() and htmlspecialchars() did not properly
recognize partial multi-byte sequences. Certain sequences of bytes could be
passed through these functions without being correctly HTML-escaped.
Depending on the browser being used, an attacker could use this flaw to
conduct cross-site scripting attacks. (CVE-2007-5898)

A PHP script which used the transparent session ID configuration option, or
which used the output_add_rewrite_var() function, could leak session
identifiers to external web sites. If a page included an HTML form with an
ACTION attribute referencing a non-local URL, the user's session ID would
be included in the form data passed to that URL. (CVE-2007-5899)

It was discovered that PHP fnmatch() function did not restrict the length
of the string argument. An attacker could use this flaw to crash the PHP
interpreter where a script used fnmatch() on untrusted input data.
(CVE-2007-4782)

It was discovered that PHP did not properly seed its pseudo-random number
generator used by functions such as rand() and mt_rand(), possibly allowing
an attacker to easily predict the generated pseudo-random values.
(CVE-2008-2107, CVE-2008-2108)

SL 5.x

 SRPMS:
php-5.1.6-20.el5_2.1.src.rpm
 i386:
php-5.1.6-20.el5_2.1.i386.rpm
php-bcmath-5.1.6-20.el5_2.1.i386.rpm
php-cli-5.1.6-20.el5_2.1.i386.rpm
php-common-5.1.6-20.el5_2.1.i386.rpm
php-dba-5.1.6-20.el5_2.1.i386.rpm
php-devel-5.1.6-20.el5_2.1.i386.rpm
php-gd-5.1.6-20.el5_2.1.i386.rpm
php-imap-5.1.6-20.el5_2.1.i386.rpm
php-ldap-5.1.6-20.el5_2.1.i386.rpm
php-mbstring-5.1.6-20.el5_2.1.i386.rpm
php-mysql-5.1.6-20.el5_2.1.i386.rpm
php-ncurses-5.1.6-20.el5_2.1.i386.rpm
php-odbc-5.1.6-20.el5_2.1.i386.rpm
php-pdo-5.1.6-20.el5_2.1.i386.rpm
php-pgsql-5.1.6-20.el5_2.1.i386.rpm
php-snmp-5.1.6-20.el5_2.1.i386.rpm
php-soap-5.1.6-20.el5_2.1.i386.rpm
php-xml-5.1.6-20.el5_2.1.i386.rpm
php-xmlrpc-5.1.6-20.el5_2.1.i386.rpm
 x86_64:
php-5.1.6-20.el5_2.1.x86_64.rpm
php-bcmath-5.1.6-20.el5_2.1.x86_64.rpm
php-cli-5.1.6-20.el5_2.1.x86_64.rpm
php-common-5.1.6-20.el5_2.1.x86_64.rpm
php-dba-5.1.6-20.el5_2.1.x86_64.rpm
php-devel-5.1.6-20.el5_2.1.x86_64.rpm
php-gd-5.1.6-20.el5_2.1.x86_64.rpm
php-imap-5.1.6-20.el5_2.1.x86_64.rpm
php-ldap-5.1.6-20.el5_2.1.x86_64.rpm
php-mbstring-5.1.6-20.el5_2.1.x86_64.rpm
php-mysql-5.1.6-20.el5_2.1.x86_64.rpm
php-ncurses-5.1.6-20.el5_2.1.x86_64.rpm
php-odbc-5.1.6-20.el5_2.1.x86_64.rpm
php-pdo-5.1.6-20.el5_2.1.x86_64.rpm
php-pgsql-5.1.6-20.el5_2.1.x86_64.rpm
php-snmp-5.1.6-20.el5_2.1.x86_64.rpm
php-soap-5.1.6-20.el5_2.1.x86_64.rpm
php-xml-5.1.6-20.el5_2.1.x86_64.rpm
php-xmlrpc-5.1.6-20.el5_2.1.x86_64.rpm

-Connie Sieh
-Troy Dawson