Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryfedorasoftware updateFedora 38: 2023-0fd9865145 Moderate: Roundcubemail XSS Issue Fix
**Release 1.6.5** - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) - Fix PHP warnings (#9174) - Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) - Fix bug where images attached to application/smil messages weren't displayed. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0fd9865145 2023-11-15 02:14:31.347554 -------------------------------------------------------------------------------- Name : roundcubemail Product : Fedora 38 Version : 1.6.5 Release : 1.fc38 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2. -------------------------------------------------------------------------------- Update Information: **Release 1.6.5** - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171) - Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166) - Fix PHP warnings (#9174) - Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175) - Fix bug where images attached to application/smil messages weren't displayed (#8870) - Fix PHP string replacement error in utils/error.php (#9185) - Fix regression where `smtp_user` did not allow pre/post strings before/after `%u` placeholder (#9162) - Fix cross-site scripting (XSS) vulnerability insetting Content-Type/Content-Disposition for attachment preview/download -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 6 2023 Remi Collet - 1.6.5-1 - update to 1.6.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2248088 - CVE-2023-47272 roundcubemail: allows XSS via a Content-Type or Content-Disposition header https://bugzilla.redhat.com/show_bug.cgi?id=2248088 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0fd9865145' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Nov 15, 2023
Fedora
199
security advisorysecurity updatecriticalCentOS 6 CESA-2019-3287 Critical PHP Security Advisory Update
Upstream details at : https://access.redhat.com/errata/RHSA-2019:3287. CentOS Errata and Security Advisory 2019:3287 Critical Upstream details at : https://access.redhat.com/errata/RHSA-2019:3287 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4a874dba90841301408c563e8f63f4b50d15fcb52bc68e23fb582d0e3c044b25 php-5.3.3-50.el6_10.i686.rpm 4cab8b0f66dcb50b38b98de4e3ac84d60b2c109040dc5eee456ee8ee28438a59 php-bcmath-5.3.3-50.el6_10.i686.rpm 9172d17e62721ec3ec011f7651c9ca97424c3d928ff6e672d4e84118607aa592 php-cli-5.3.3-50.el6_10.i686.rpm 4503d5df5227a4200f9341cf78e4b518e7e5d968502cfc615097938d2791d52d php-common-5.3.3-50.el6_10.i686.rpm 5a1c61742a1ab699005977bee2e6a5e204757da9ba8a62b1b84c4fc402464027 php-dba-5.3.3-50.el6_10.i686.rpm b83ea83bd4355e18fd6f325db69e224be74c46677a4f2c3b33ed0c158cfeb4fc php-devel-5.3.3-50.el6_10.i686.rpm aec8198710f38b4a13082c7d65929109a1710b3d83c68be79a798115231ea4c7 php-embedded-5.3.3-50.el6_10.i686.rpm 10026e2a5071b3b216feb83540f2b06fd644a4f793a374023cb8799fd2591ce2 php-enchant-5.3.3-50.el6_10.i686.rpm e7542a528b421ebede6c4b163756fd230488b5e3b609d0dcb59528ac073e59e6 php-fpm-5.3.3-50.el6_10.i686.rpm befee548cfb57892af63d293a428c701ab4e8103a863cb55a71ea747d6fad323 php-gd-5.3.3-50.el6_10.i686.rpm 2e17d4530540e2bbd7e81c1a63e8339d3d089b556e9121065df581a114d63be8 php-imap-5.3.3-50.el6_10.i686.rpm 55f998ef7c7bbb0814a64dc5b11cd080d4fcf1fde45b4618cf6b6c0fb6cd130b php-intl-5.3.3-50.el6_10.i686.rpm 8edbb3368f7676552d4378dc8de0025541ebaa47ffc191d8d766719dd2176b5a php-ldap-5.3.3-50.el6_10.i686.rpm 7e1f94a45781ba3223d1ad229b946a14679c6139656400cf19dfc6ddc9712f16 php-mbstring-5.3.3-50.el6_10.i686.rpm fcbced068cab2243d5315854f9e55b87b6ce63cda6878f9b4b907c61e35a4973 php-mysql-5.3.3-50.el6_10.i686.rpm 70667c57705eafbb71ee774ce4532b1c96a1159094ff15f58f4da0ef384d0ffb php-odbc-5.3.3-50.el6_10.i686.rpm aab71a3e47fcef5e34aec7f785d3468807cce78003f4588583dfba4880a7e9d6 php-pdo-5.3.3-50.el6_10.i686.rpm c68658f0e1ca502a445c32cea15959545b38ca5dde7494727d8803a22efd54b6 php-pgsql-5.3.3-50.el6_10.i686.rpm 14177ef0f5ed58319dc65813fdcbf5f88767b5483149a6b105ff5ad3b07d8e8e php-process-5.3.3-50.el6_10.i686.rpm 6cd86f54b44d4531b17924053726f643809221164a4f4a4c63a6501ca18f285f php-pspell-5.3.3-50.el6_10.i686.rpm d9cea17b69536141e30241879ba56113043ba0d8aa492d8f498db9b1eb0ee45d php-recode-5.3.3-50.el6_10.i686.rpm 5e3d5b55a2dbf961b1c3029b6889e8ab5c9370dbefc7ce728fb7c827fee721db php-snmp-5.3.3-50.el6_10.i686.rpm d642a71ecf628f8986401a8d609653650b1aa84c3dcd5db08f909cf2c1c55e8b php-soap-5.3.3-50.el6_10.i686.rpm d5c1cef29b9525a5eb59cf8aa43061ae25be30e7e4d3268143d897d3b2bfb88b php-tidy-5.3.3-50.el6_10.i686.rpm f39216178f04d8480588d7cccd60faaffea2173df455609346883eb1c6946c57 php-xml-5.3.3-50.el6_10.i686.rpm ce58a63d95736dafd27908b2302adcd084099133fe34021aea8bb0738c359a39 php-xmlrpc-5.3.3-50.el6_10.i686.rpm c2b6107645bc4ecd516eedd0f86cd8c25b90d570c463360c2adacf1c07e918e3 php-zts-5.3.3-50.el6_10.i686.rpm x86_64: 2570f9bc05ada82069f319458a10539f32c460968a1e9a326b83be471e334886 php-5.3.3-50.el6_10.x86_64.rpm 788f4bcaa3540d885b47239def8912ba7423aed62a2cc9e346a9f53fe0f563dd php-bcmath-5.3.3-50.el6_10.x86_64.rpm 42251b1beea2f4f4b612e973c96a9267e53dc82a2c03fc89d993f14e2755b566 php-cli-5.3.3-50.el6_10.x86_64.rpm 084289091aff936e5371f9221040accd9918cff492ddce2a8463bdfa5baea2d4 php-common-5.3.3-50.el6_10.x86_64.rpm c6b218967f8dcb6b123786a3b5779bbbc88a47ed8bb90d1d924ba03acc64495c php-dba-5.3.3-50.el6_10.x86_64.rpm 34e1cd733754538f18857854265f1cb0073432c3ebd36e9910992160e394e51e php-devel-5.3.3-50.el6_10.x86_64.rpm 80291c6a2f821ab397d81aabbefe7286b1ce694cbd00f4189ba325de8d3a8273 php-embedded-5.3.3-50.el6_10.x86_64.rpm 20565529a0f913697fcf1114486fd7f968f827046d69bf479ddc766a1fc418fb php-enchant-5.3.3-50.el6_10.x86_64.rpm 23aea08f51866215e65657a083b3d6c70cb8c78e5ff754bf55d3154fb08d3832 php-fpm-5.3.3-50.el6_10.x86_64.rpm 41fb2cb2dbadb73c3387490c262a0af77af0ce29e8dfa07598c82a4caf82b613 php-gd-5.3.3-50.el6_10.x86_64.rpm 2a979dc602e355bec6af5629396ab5fd8e10a7d5b8b054a303d3a4acd2e45b79 php-imap-5.3.3-50.el6_10.x86_64.rpm 2efe4c34163ef62e9ebf0a356c99296711bc4da2d447fde165dc4b2bce4d3567 php-intl-5.3.3-50.el6_10.x86_64.rpm 2a5b52e19f24f7f3cdffc0a2af37e150d370831257a085b1e961f6e7b6aa3d18 php-ldap-5.3.3-50.el6_10.x86_64.rpm d82c71a3b679a15a7f12a55a880e1989d988c2fd6c22a22eadba2875a7dbe620 php-mbstring-5.3.3-50.el6_10.x86_64.rpm 95e3edd3146ab92cc5204f5cc13de8d19601edc2b9f7a9c5962723e01c0911ff php-mysql-5.3.3-50.el6_10.x86_64.rpm 18f604c573c24ac61d62567450c6613787c883f7852b2001cc24622ea253a959 php-odbc-5.3.3-50.el6_10.x86_64.rpm 62bf86d47dc5fe8aad57549df86e1403d060ca30b82c36a07cbd4a495b3a78f8 php-pdo-5.3.3-50.el6_10.x86_64.rpm 3b1d8c2cee8256856a18d0a75b73e5a147e754db832e71deb05b28117b5abd0f php-pgsql-5.3.3-50.el6_10.x86_64.rpm cabc8f6e2d0112c9e43beef1e959d23c39526c1c4faa3fe016f0e73014c39e6a php-process-5.3.3-50.el6_10.x86_64.rpm 731b3e0cf46a674cfdd556e89f345c52f49e6bb3184fa930a1ab05d182e1f025 php-pspell-5.3.3-50.el6_10.x86_64.rpm fb762919caeb856ff84751388121f8aada01a1e98c47e3f0d6f255c85745a5ec php-recode-5.3.3-50.el6_10.x86_64.rpm c45ef0f39b3e11421a32197942c4e82adbd8d321a906f095da98cd9cbfceeffb php-snmp-5.3.3-50.el6_10.x86_64.rpm 86a9a637c78dc4606ac8dbfa4affdf3285e542509fd95e7446cf69e0fe519c7a php-soap-5.3.3-50.el6_10.x86_64.rpm 9858f931978f6e59f89115b41de33341e9bbb33149f008d3b1c6ee9489cee6b5 php-tidy-5.3.3-50.el6_10.x86_64.rpm db6ca7f702fc2e9c022301e3ddd1b1fd7fcba548ccd372124e61d03f9543a683 php-xml-5.3.3-50.el6_10.x86_64.rpm 042884d6be74325bb8fca47d36dd6fc3ca5a345906b4b2608cb14843e6b078de php-xmlrpc-5.3.3-50.el6_10.x86_64.rpm 0e886488705bc5fe4f4abc7533620e26e96a98244fa169e18fc06ae6b77c93cb php-zts-5.3.3-50.el6_10.x86_64.rpm Source: ddd0f179582dda7b9f0ef2936948e62455509a7ee651ecc24e33468a20b9b10a php-5.3.3-50.el6_10.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Nov 01, 2019
•Critical
CentOS
202
security advisorysoftware updateimportantopenSUSE 13.2: 2015:1197-1 Important: php5 Type Confusion Fixes
An update that fixes 12 vulnerabilities is now available.. openSUSE Security Update: Security update for php5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1197-1 Rating: important References: #935224 #935225 #935226 #935227 #935232 #935234 #935274 #935275 Cross-References: CVE-2015-3411 CVE-2015-3412 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4643 CVE-2015-4644 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: The PHP script interpreter was updated to receive various security fixes: * CVE-2015-4602 [bnc#935224]: Fixed an incomplete Class unserialization type confusion. * CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 [bnc#935226]: Fixed type confusion issues in unserialize() with various SOAP methods. * CVE-2015-4603 [bnc#935234]: Fixed exception::getTraceAsString type confusion issue after unserialize. * CVE-2015-4644 [bnc#935274]: Fixed a crash in php_pgsql_meta_data. * CVE-2015-4643 [bnc#935275]: Fixed an integer overflow in ftp_genlist() that could result in a heap overflow. * CVE-2015-3411, CVE-2015-3412, CVE-2015-4598 [bnc#935227], [bnc#935232]: Added missing null byte checks for paths in various PHP extensions. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-471=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-471=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586x86_64): apache2-mod_php5-5.6.1-30.6 apache2-mod_php5-debuginfo-5.6.1-30.6 php5-5.6.1-30.6 php5-bcmath-5.6.1-30.6 php5-bcmath-debuginfo-5.6.1-30.6 php5-bz2-5.6.1-30.6 php5-bz2-debuginfo-5.6.1-30.6 php5-calendar-5.6.1-30.6 php5-calendar-debuginfo-5.6.1-30.6 php5-ctype-5.6.1-30.6 php5-ctype-debuginfo-5.6.1-30.6 php5-curl-5.6.1-30.6 php5-curl-debuginfo-5.6.1-30.6 php5-dba-5.6.1-30.6 php5-dba-debuginfo-5.6.1-30.6 php5-debuginfo-5.6.1-30.6 php5-debugsource-5.6.1-30.6 php5-devel-5.6.1-30.6 php5-dom-5.6.1-30.6 php5-dom-debuginfo-5.6.1-30.6 php5-enchant-5.6.1-30.6 php5-enchant-debuginfo-5.6.1-30.6 php5-exif-5.6.1-30.6 php5-exif-debuginfo-5.6.1-30.6 php5-fastcgi-5.6.1-30.6 php5-fastcgi-debuginfo-5.6.1-30.6 php5-fileinfo-5.6.1-30.6 php5-fileinfo-debuginfo-5.6.1-30.6 php5-firebird-5.6.1-30.6 php5-firebird-debuginfo-5.6.1-30.6 php5-fpm-5.6.1-30.6 php5-fpm-debuginfo-5.6.1-30.6 php5-ftp-5.6.1-30.6 php5-ftp-debuginfo-5.6.1-30.6 php5-gd-5.6.1-30.6 php5-gd-debuginfo-5.6.1-30.6 php5-gettext-5.6.1-30.6 php5-gettext-debuginfo-5.6.1-30.6 php5-gmp-5.6.1-30.6 php5-gmp-debuginfo-5.6.1-30.6 php5-iconv-5.6.1-30.6 php5-iconv-debuginfo-5.6.1-30.6 php5-imap-5.6.1-30.6 php5-imap-debuginfo-5.6.1-30.6 php5-intl-5.6.1-30.6 php5-intl-debuginfo-5.6.1-30.6 php5-json-5.6.1-30.6 php5-json-debuginfo-5.6.1-30.6 php5-ldap-5.6.1-30.6 php5-ldap-debuginfo-5.6.1-30.6 php5-mbstring-5.6.1-30.6 php5-mbstring-debuginfo-5.6.1-30.6 php5-mcrypt-5.6.1-30.6 php5-mcrypt-debuginfo-5.6.1-30.6 php5-mssql-5.6.1-30.6 php5-mssql-debuginfo-5.6.1-30.6 php5-mysql-5.6.1-30.6 php5-mysql-debuginfo-5.6.1-30.6 php5-odbc-5.6.1-30.6 php5-odbc-debuginfo-5.6.1-30.6 php5-opcache-5.6.1-30.6 php5-opcache-debuginfo-5.6.1-30.6 php5-openssl-5.6.1-30.6 php5-openssl-debuginfo-5.6.1-30.6 php5-pcntl-5.6.1-30.6 php5-pcntl-debuginfo-5.6.1-30.6 php5-pdo-5.6.1-30.6 php5-pdo-debuginfo-5.6.1-30.6 php5-pgsql-5.6.1-30.6 php5-pgsql-debuginfo-5.6.1-30.6 php5-phar-5.6.1-30.6 php5-phar-debuginfo-5.6.1-30.6 php5-posix-5.6.1-30.6 php5-posix-debuginfo-5.6.1-30.6 php5-pspell-5.6.1-30.6 php5-pspell-debuginfo-5.6.1-30.6 php5-readline-5.6.1-30.6 php5-readline-debuginfo-5.6.1-30.6 php5-shmop-5.6.1-30.6 php5-shmop-debuginfo-5.6.1-30.6 php5-snmp-5.6.1-30.6 php5-snmp-debuginfo-5.6.1-30.6 php5-soap-5.6.1-30.6 php5-soap-debuginfo-5.6.1-30.6 php5-sockets-5.6.1-30.6 php5-sockets-debuginfo-5.6.1-30.6 php5-sqlite-5.6.1-30.6 php5-sqlite-debuginfo-5.6.1-30.6 php5-suhosin-5.6.1-30.6 php5-suhosin-debuginfo-5.6.1-30.6 php5-sysvmsg-5.6.1-30.6 php5-sysvmsg-debuginfo-5.6.1-30.6 php5-sysvsem-5.6.1-30.6 php5-sysvsem-debuginfo-5.6.1-30.6 php5-sysvshm-5.6.1-30.6 php5-sysvshm-debuginfo-5.6.1-30.6 php5-tidy-5.6.1-30.6 php5-tidy-debuginfo-5.6.1-30.6 php5-tokenizer-5.6.1-30.6 php5-tokenizer-debuginfo-5.6.1-30.6 php5-wddx-5.6.1-30.6 php5-wddx-debuginfo-5.6.1-30.6 php5-xmlreader-5.6.1-30.6 php5-xmlreader-debuginfo-5.6.1-30.6 php5-xmlrpc-5.6.1-30.6 php5-xmlrpc-debuginfo-5.6.1-30.6 php5-xmlwriter-5.6.1-30.6 php5-xmlwriter-debuginfo-5.6.1-30.6 php5-xsl-5.6.1-30.6 php5-xsl-debuginfo-5.6.1-30.6 php5-zip-5.6.1-30.6 php5-zip-debuginfo-5.6.1-30.6 php5-zlib-5.6.1-30.6 php5-zlib-debuginfo-5.6.1-30.6 - openSUSE 13.2 (noarch): php5-pear-5.6.1-30.6 - openSUSE 13.1 (i586 x86_64): apache2-mod_php5-5.4.20-61.5 apache2-mod_php5-debuginfo-5.4.20-61.5 php5-5.4.20-61.5 php5-bcmath-5.4.20-61.5 php5-bcmath-debuginfo-5.4.20-61.5 php5-bz2-5.4.20-61.5 php5-bz2-debuginfo-5.4.20-61.5 php5-calendar-5.4.20-61.5 php5-calendar-debuginfo-5.4.20-61.5 php5-ctype-5.4.20-61.5 php5-ctype-debuginfo-5.4.20-61.5 php5-curl-5.4.20-61.5 php5-curl-debuginfo-5.4.20-61.5 php5-dba-5.4.20-61.5 php5-dba-debuginfo-5.4.20-61.5 php5-debuginfo-5.4.20-61.5 php5-debugsource-5.4.20-61.5 php5-devel-5.4.20-61.5 php5-dom-5.4.20-61.5 php5-dom-debuginfo-5.4.20-61.5 php5-enchant-5.4.20-61.5 php5-enchant-debuginfo-5.4.20-61.5 php5-exif-5.4.20-61.5 php5-exif-debuginfo-5.4.20-61.5 php5-fastcgi-5.4.20-61.5 php5-fastcgi-debuginfo-5.4.20-61.5 php5-fileinfo-5.4.20-61.5 php5-fileinfo-debuginfo-5.4.20-61.5 php5-firebird-5.4.20-61.5 php5-firebird-debuginfo-5.4.20-61.5 php5-fpm-5.4.20-61.5 php5-fpm-debuginfo-5.4.20-61.5 php5-ftp-5.4.20-61.5 php5-ftp-debuginfo-5.4.20-61.5 php5-gd-5.4.20-61.5 php5-gd-debuginfo-5.4.20-61.5 php5-gettext-5.4.20-61.5 php5-gettext-debuginfo-5.4.20-61.5 php5-gmp-5.4.20-61.5 php5-gmp-debuginfo-5.4.20-61.5 php5-iconv-5.4.20-61.5 php5-iconv-debuginfo-5.4.20-61.5 php5-imap-5.4.20-61.5 php5-imap-debuginfo-5.4.20-61.5 php5-intl-5.4.20-61.5 php5-intl-debuginfo-5.4.20-61.5 php5-json-5.4.20-61.5 php5-json-debuginfo-5.4.20-61.5 php5-ldap-5.4.20-61.5 php5-ldap-debuginfo-5.4.20-61.5 php5-mbstring-5.4.20-61.5 php5-mbstring-debuginfo-5.4.20-61.5 php5-mcrypt-5.4.20-61.5 php5-mcrypt-debuginfo-5.4.20-61.5 php5-mssql-5.4.20-61.5 php5-mssql-debuginfo-5.4.20-61.5 php5-mysql-5.4.20-61.5 php5-mysql-debuginfo-5.4.20-61.5 php5-odbc-5.4.20-61.5 php5-odbc-debuginfo-5.4.20-61.5 php5-openssl-5.4.20-61.5 php5-openssl-debuginfo-5.4.20-61.5 php5-pcntl-5.4.20-61.5 php5-pcntl-debuginfo-5.4.20-61.5 php5-pdo-5.4.20-61.5 php5-pdo-debuginfo-5.4.20-61.5 php5-pgsql-5.4.20-61.5 php5-pgsql-debuginfo-5.4.20-61.5 php5-phar-5.4.20-61.5 php5-phar-debuginfo-5.4.20-61.5 php5-posix-5.4.20-61.5 php5-posix-debuginfo-5.4.20-61.5 php5-pspell-5.4.20-61.5 php5-pspell-debuginfo-5.4.20-61.5 php5-readline-5.4.20-61.5 php5-readline-debuginfo-5.4.20-61.5 php5-shmop-5.4.20-61.5 php5-shmop-debuginfo-5.4.20-61.5 php5-snmp-5.4.20-61.5 php5-snmp-debuginfo-5.4.20-61.5 php5-soap-5.4.20-61.5 php5-soap-debuginfo-5.4.20-61.5 php5-sockets-5.4.20-61.5 php5-sockets-debuginfo-5.4.20-61.5 php5-sqlite-5.4.20-61.5 php5-sqlite-debuginfo-5.4.20-61.5 php5-suhosin-5.4.20-61.5 php5-suhosin-debuginfo-5.4.20-61.5 php5-sysvmsg-5.4.20-61.5 php5-sysvmsg-debuginfo-5.4.20-61.5 php5-sysvsem-5.4.20-61.5 php5-sysvsem-debuginfo-5.4.20-61.5 php5-sysvshm-5.4.20-61.5 php5-sysvshm-debuginfo-5.4.20-61.5 php5-tidy-5.4.20-61.5 php5-tidy-debuginfo-5.4.20-61.5 php5-tokenizer-5.4.20-61.5 php5-tokenizer-debuginfo-5.4.20-61.5 php5-wddx-5.4.20-61.5 php5-wddx-debuginfo-5.4.20-61.5 php5-xmlreader-5.4.20-61.5 php5-xmlreader-debuginfo-5.4.20-61.5 php5-xmlrpc-5.4.20-61.5 php5-xmlrpc-debuginfo-5.4.20-61.5 php5-xmlwriter-5.4.20-61.5 php5-xmlwriter-debuginfo-5.4.20-61.5 php5-xsl-5.4.20-61.5 php5-xsl-debuginfo-5.4.20-61.5 php5-zip-5.4.20-61.5 php5-zip-debuginfo-5.4.20-61.5 php5-zlib-5.4.20-61.5 php5-zlib-debuginfo-5.4.20-61.5 - openSUSE 13.1 (noarch): php5-pear-5.4.20-61.5 References: https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2015-3412.html https://www.suse.com/security/cve/CVE-2015-4598.html https://www.suse.com/security/cve/CVE-2015-4599.html https://www.suse.com/security/cve/CVE-2015-4600.html https://www.suse.com/security/cve/CVE-2015-4601.html https://www.suse.com/security/cve/CVE-2015-4602.html https://www.suse.com/security/cve/CVE-2015-4603.html https://www.suse.com/security/cve/CVE-2015-4604.html https://www.suse.com/security/cve/CVE-2015-4605.html https://www.suse.com/security/cve/CVE-2015-4643.html https://www.suse.com/security/cve/CVE-2015-4644.html https://bugzilla.suse.com/935224 https://bugzilla.suse.com/935225 https://bugzilla.suse.com/935226 https://bugzilla.suse.com/935227 https://bugzilla.suse.com/935232 https://bugzilla.suse.com/935234 https://bugzilla.suse.com/935274 https://bugzilla.suse.com/935275 -- . A recent patch for php5 tackles various vulnerabilities, enhancing both the safety and reliability of openSUSE environments.. openSUSE Security Update, PHP Type Fixes, Heap Overflow Resolution. . Severity: Important. LinuxSecurity.com Team
Jul 06, 2015
•Important
OpenSUSE
98
security advisorycritical issueRed HatRed Hat: RHSA-2015-1135-01 Critical PHP Buffer Overflow and Execution Flaws
Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Important: php security and bug fix update Advisory ID: RHSA-2015:1135-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:1135.html Issue date: 2015-06-23 CVE Names: CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 ==================================================================== 1. Summary: Updated php packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red HatEnterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232) An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412,CVE-2015-4598) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021) Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605) A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705) A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709) This update also fixes the following bugs: * The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305) * When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299) * Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously releasederrata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize() 1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142) 1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c 1188599 - CVE-2014-9652 file: out of bounds read in mconvert() 1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c 1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone 1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict() 1194747 - CVE-2015-2301 php: use after free in phar_object.c 1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize() 1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re 1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name 1213394 - CVE-2015-3330 php: pipelined request executed in deinitialized interpreter under httpd 2.4 1213407 - CVE-2015-3411 php: missing null byte checks for paths in various PHP extensions 1213442 - CVE-2015-4604 CVE-2015-4605 php: denial of service when processing a crafted file with Fileinfo 1213446 - CVE-2015-2783 php: buffer over-read in Phar metadata parsing 1213449 - CVE-2015-3329 php: buffer overflow in phar_set_inode() 1222485 - CVE-2015-4024 php: multipart/form-data request paring CPU usage DoS 1222538 - CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 php: type confusion issue in unserialize() with various SOAP methods 1223408 - CVE-2015-4025 php: CVE-2006-7243 regressions in 5.4+ 1223412 - CVE-2015-4022 php: integer overflow leading to heap overflow when reading FTP file listing 1223422 - CVE-2015-4026 php: pcntl_exec() accepts paths with NUL character 1223425 - CVE-2015-4021 php: memory corruption inphar_parse_tarfile caused by empty entry file name 1223441 - CVE-2015-3307 php: invalid pointer free() in phar_tar_process_metadata() 1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize() 1232823 - CVE-2015-3412 php: missing null byte checks for paths in various PHP extensions 1232897 - CVE-2015-4598 php: missing null byte checks for paths in DOM and GD extensions 1232918 - CVE-2015-4603 php: exception::getTraceAsString type confusion issue after unserialize 1232923 - CVE-2015-4602 php: Incomplete Class unserialization type confusion 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: php-5.4.16-36.el7_1.src.rpm x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v.7): Source: php-5.4.16-36.el7_1.src.rpm x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: php-5.4.16-36.el7_1.src.rpm ppc64: php-5.4.16-36.el7_1.ppc64.rpm php-cli-5.4.16-36.el7_1.ppc64.rpm php-common-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-gd-5.4.16-36.el7_1.ppc64.rpm php-ldap-5.4.16-36.el7_1.ppc64.rpm php-mysql-5.4.16-36.el7_1.ppc64.rpm php-odbc-5.4.16-36.el7_1.ppc64.rpm php-pdo-5.4.16-36.el7_1.ppc64.rpm php-pgsql-5.4.16-36.el7_1.ppc64.rpm php-process-5.4.16-36.el7_1.ppc64.rpm php-recode-5.4.16-36.el7_1.ppc64.rpm php-soap-5.4.16-36.el7_1.ppc64.rpm php-xml-5.4.16-36.el7_1.ppc64.rpm php-xmlrpc-5.4.16-36.el7_1.ppc64.rpm s390x: php-5.4.16-36.el7_1.s390x.rpm php-cli-5.4.16-36.el7_1.s390x.rpm php-common-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-gd-5.4.16-36.el7_1.s390x.rpm php-ldap-5.4.16-36.el7_1.s390x.rpm php-mysql-5.4.16-36.el7_1.s390x.rpm php-odbc-5.4.16-36.el7_1.s390x.rpm php-pdo-5.4.16-36.el7_1.s390x.rpm php-pgsql-5.4.16-36.el7_1.s390x.rpm php-process-5.4.16-36.el7_1.s390x.rpm php-recode-5.4.16-36.el7_1.s390x.rpm php-soap-5.4.16-36.el7_1.s390x.rpm php-xml-5.4.16-36.el7_1.s390x.rpm php-xmlrpc-5.4.16-36.el7_1.s390x.rpm x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm Red Hat Enterprise Linux Server (v.7): Source: php-5.4.16-36.ael7b_1.src.rpm ppc64le: php-5.4.16-36.ael7b_1.ppc64le.rpm php-cli-5.4.16-36.ael7b_1.ppc64le.rpm php-common-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-gd-5.4.16-36.ael7b_1.ppc64le.rpm php-ldap-5.4.16-36.ael7b_1.ppc64le.rpm php-mysql-5.4.16-36.ael7b_1.ppc64le.rpm php-odbc-5.4.16-36.ael7b_1.ppc64le.rpm php-pdo-5.4.16-36.ael7b_1.ppc64le.rpm php-pgsql-5.4.16-36.ael7b_1.ppc64le.rpm php-process-5.4.16-36.ael7b_1.ppc64le.rpm php-recode-5.4.16-36.ael7b_1.ppc64le.rpm php-soap-5.4.16-36.ael7b_1.ppc64le.rpm php-xml-5.4.16-36.ael7b_1.ppc64le.rpm php-xmlrpc-5.4.16-36.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: php-bcmath-5.4.16-36.el7_1.ppc64.rpm php-dba-5.4.16-36.el7_1.ppc64.rpm php-debuginfo-5.4.16-36.el7_1.ppc64.rpm php-devel-5.4.16-36.el7_1.ppc64.rpm php-embedded-5.4.16-36.el7_1.ppc64.rpm php-enchant-5.4.16-36.el7_1.ppc64.rpm php-fpm-5.4.16-36.el7_1.ppc64.rpm php-intl-5.4.16-36.el7_1.ppc64.rpm php-mbstring-5.4.16-36.el7_1.ppc64.rpm php-mysqlnd-5.4.16-36.el7_1.ppc64.rpm php-pspell-5.4.16-36.el7_1.ppc64.rpm php-snmp-5.4.16-36.el7_1.ppc64.rpm s390x: php-bcmath-5.4.16-36.el7_1.s390x.rpm php-dba-5.4.16-36.el7_1.s390x.rpm php-debuginfo-5.4.16-36.el7_1.s390x.rpm php-devel-5.4.16-36.el7_1.s390x.rpm php-embedded-5.4.16-36.el7_1.s390x.rpm php-enchant-5.4.16-36.el7_1.s390x.rpm php-fpm-5.4.16-36.el7_1.s390x.rpm php-intl-5.4.16-36.el7_1.s390x.rpm php-mbstring-5.4.16-36.el7_1.s390x.rpm php-mysqlnd-5.4.16-36.el7_1.s390x.rpm php-pspell-5.4.16-36.el7_1.s390x.rpm php-snmp-5.4.16-36.el7_1.s390x.rpm x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64le: php-bcmath-5.4.16-36.ael7b_1.ppc64le.rpm php-dba-5.4.16-36.ael7b_1.ppc64le.rpm php-debuginfo-5.4.16-36.ael7b_1.ppc64le.rpm php-devel-5.4.16-36.ael7b_1.ppc64le.rpm php-embedded-5.4.16-36.ael7b_1.ppc64le.rpm php-enchant-5.4.16-36.ael7b_1.ppc64le.rpm php-fpm-5.4.16-36.ael7b_1.ppc64le.rpm php-intl-5.4.16-36.ael7b_1.ppc64le.rpm php-mbstring-5.4.16-36.ael7b_1.ppc64le.rpm php-mysqlnd-5.4.16-36.ael7b_1.ppc64le.rpm php-pspell-5.4.16-36.ael7b_1.ppc64le.rpm php-snmp-5.4.16-36.ael7b_1.ppc64le.rpm Red Hat Enterprise Linux Workstation (v.7): Source: php-5.4.16-36.el7_1.src.rpm x86_64: php-5.4.16-36.el7_1.x86_64.rpm php-cli-5.4.16-36.el7_1.x86_64.rpm php-common-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-gd-5.4.16-36.el7_1.x86_64.rpm php-ldap-5.4.16-36.el7_1.x86_64.rpm php-mysql-5.4.16-36.el7_1.x86_64.rpm php-odbc-5.4.16-36.el7_1.x86_64.rpm php-pdo-5.4.16-36.el7_1.x86_64.rpm php-pgsql-5.4.16-36.el7_1.x86_64.rpm php-process-5.4.16-36.el7_1.x86_64.rpm php-recode-5.4.16-36.el7_1.x86_64.rpm php-soap-5.4.16-36.el7_1.x86_64.rpm php-xml-5.4.16-36.el7_1.x86_64.rpm php-xmlrpc-5.4.16-36.el7_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: php-bcmath-5.4.16-36.el7_1.x86_64.rpm php-dba-5.4.16-36.el7_1.x86_64.rpm php-debuginfo-5.4.16-36.el7_1.x86_64.rpm php-devel-5.4.16-36.el7_1.x86_64.rpm php-embedded-5.4.16-36.el7_1.x86_64.rpm php-enchant-5.4.16-36.el7_1.x86_64.rpm php-fpm-5.4.16-36.el7_1.x86_64.rpm php-intl-5.4.16-36.el7_1.x86_64.rpm php-mbstring-5.4.16-36.el7_1.x86_64.rpm php-mysqlnd-5.4.16-36.el7_1.x86_64.rpm php-pspell-5.4.16-36.el7_1.x86_64.rpm php-snmp-5.4.16-36.el7_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2014-8142 https://access.redhat.com/security/cve/CVE-2014-9652 https://access.redhat.com/security/cve/CVE-2014-9705 https://access.redhat.com/security/cve/CVE-2014-9709 https://access.redhat.com/security/cve/CVE-2015-0231 https://access.redhat.com/security/cve/CVE-2015-0232 https://access.redhat.com/security/cve/CVE-2015-0273 https://access.redhat.com/security/cve/CVE-2015-2301 https://access.redhat.com/security/cve/CVE-2015-2348 https://access.redhat.com/security/cve/CVE-2015-2783 https://access.redhat.com/security/cve/CVE-2015-2787 https://access.redhat.com/security/cve/CVE-2015-3307 https://access.redhat.com/security/cve/CVE-2015-3329 https://access.redhat.com/security/cve/CVE-2015-3330 https://access.redhat.com/security/cve/CVE-2015-3411 https://access.redhat.com/security/cve/CVE-2015-3412 https://access.redhat.com/security/cve/CVE-2015-4021 https://access.redhat.com/security/cve/CVE-2015-4022 https://access.redhat.com/security/cve/CVE-2015-4024 https://access.redhat.com/security/cve/CVE-2015-4025 https://access.redhat.com/security/cve/CVE-2015-4026 https://access.redhat.com/security/cve/CVE-2015-4147 https://access.redhat.com/security/cve/CVE-2015-4148 https://access.redhat.com/security/cve/CVE-2015-4598 https://access.redhat.com/security/cve/CVE-2015-4599 https://access.redhat.com/security/cve/CVE-2015-4600 https://access.redhat.com/security/cve/CVE-2015-4601 https://access.redhat.com/security/cve/CVE-2015-4602 https://access.redhat.com/security/cve/CVE-2015-4603 https://access.redhat.com/security/cve/CVE-2015-4604 https://access.redhat.com/security/cve/CVE-2015-4605 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFViR1aXlSAg2UNWIIRAuxPAJ42GLQVzvzc9kje0VjDv8NZWcPv6QCbBL+O dtqycPWs+07GhjmZ6NNx5Bg=FREZ -----END PGPSIGNATURE----- -- Enterprise-watch-list mailing list
Jun 23, 2015
•Important
Red Hat
99
security advisorycriticalbug fixSlackware 11.0: 2007-314-02 Critical: PHP Zero-Length Issue Fix
The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. Sorry for any inconvenience. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php for Slackware 11.0 reissued (SSA:2007-314-02) The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. Sorry for any inconvenience. Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ extra/php5/php-5.2.5-i486-2_slack11.0.tgz: The security/bug fix update for Slackware 11.0 has been reissued to fix a zero-length /usr/bin/php-cgi. Thanks to TJ Munro for pointing this out. We appreciate the fast weekend Q/A. :-) This package should be installed rather than the previously released php-5.2.5-i486-1_slack11.0 (unless you do not use /usr/php/php-cgi in which case either package will do.) (* Security fix *) +--------------------------+ Where to find the new package: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 11.0: MD5 signature: +-------------+ Slackware 11.0 package: c0a7182780dea900928de26a8109379f php-5.2.5-i486-2_slack11.0.tgz Installation instructions: +------------------------+ First, stop Apache: # apachectl stop Next, upgrade to the new PHP package: # upgradepkg php-5.2.5-i486-2_slack11.0.tgz Finally, restart Apache: # apachectl start Or, for Apache using SSL: # apachectl startssl +-----+ . Important security patchreleased for Slackware 11.0 addressing zero-byte /usr/bin/php-cgi vulnerability. Upgrade immediately!. Slackware Security, PHP Update, Critical Fix. . Severity: Critical. LinuxSecurity.com Team
Nov 11, 2007
•Critical
Slackware
99
security advisorycriticalsoftware updateSlackware 11.0: SSA:2007-127-01 Critical: PHP Security Fix
New php packages are available for Slackware 10.2, 11.0, and -current to improve the stability and security of PHP. Quite a few bugs were All sites that use PHP are encouraged to upgrade. Please note that we haven't tested all PHP applications for backwards compatibility . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] php (SSA:2007-127-01) New php packages are available for Slackware 10.2, 11.0, and -current to improve the stability and security of PHP. Quite a few bugs were fixed -- please see https://www.php.net/ for a detailed list. All sites that use PHP are encouraged to upgrade. Please note that we haven't tested all PHP applications for backwards compatibility with this new upgrade, so you should have the old package on hand just in case. Both PHP 4.4.7 and PHP 5.2.2 updates have been provided. Here are the details from the Slackware 11.0 ChangeLog: +--------------------------+ extra/php5/php-5.2.2-i486-1_slack11.0.tgz: Upgraded to php-5.2.2. This fixes bugs and improves security. For more details, see: https://www.php.net//releases/5_2_2.php https://www.cve.org/CVERecord?id=CVE-2007-1001 (* Security fix *) patches/packages/php-4.4.7-i486-1_slack11.0.tgz: Upgraded to php-4.4.7. This fixes bugs and improves security. For more details, see: https://www.php.net//releases/4_4_7.php https://www.cve.org/CVERecord?id=CVE-2007-1001 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading from ftp.slackware.com. Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated packages for Slackware10.2: Updated packages for Slackware 11.0: Updated packages for Slackware -current: MD5 signatures: +-------------+ Slackware 10.2 packages: 56aa46827b63ffbc362727cbaaf586e8 php-4.4.7-i486-1_slack10.2.tgz c05e8b71616725493bee7d150b8dc62a php-5.2.2-i486-1_slack10.2.tgz Slackware 11.0 packages: b949d684bd04d1f843c28ee01076d246 php-4.4.7-i486-1_slack11.0.tgz b7be5a1e3ef61d1c758513caeda9c7c7 php-5.2.2-i486-1_slack11.0.tgz Slackware -current packages: 38a8fe4b7bd5637e09a5a28f50a19a0e php-4.4.7-i486-1.tgz b49eb13cc4110617f5515426f747b8d7 php-5.2.2-i486-1.tgz Installation instructions: +------------------------+ First, stop apache: # apachectl stop Next, upgrade to the new PHP package: # upgradepkg php-4.4.7-i486-1_slack11.0.tgz Finally, restart apache: # apachectl start (or: apachectl startssl) +-----+ . Recent PHP modules released for Slackware improve safety and reliability of every PHP program. Upgrade is advisable at this time!. Slackware PHP Update, Security Fix, PHP Packages, System Upgrade, Software Stability. . Severity: Critical. LinuxSecurity.com Team
May 08, 2007
•Critical
Slackware
100
security advisoryupdateremote code executionSUSE Linux 10.2: 2007-020 Moderate: PHP Remote Code Execution
Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ______________________________________________________________________________ SUSE Security Announcement Package: php4,php5 Announcement ID: SUSE-SA:2007:020 Date: Thu, 15 Mar 2007 12:00:00 +0000 Affected Products: SUSE LINUX 9.3 SUSE LINUX 10.0 SUSE LINUX 10.1 openSUSE 10.2 UnitedLinux 1.0 SuSE Linux Enterprise Server 8 SuSE Linux Openexchange Server 4 SuSE Linux Standard Server 8 SuSE Linux School Server SUSE LINUX Retail Solution 8 SUSE SLES 9 Open Enterprise Server Novell Linux POS 9 SLE SDK 10 SUSE SLES 10 Vulnerability Type: remote code execution Severity (1-10): 5 SUSE Default Package: no Cross-References: CVE-2006-6383, CVE-2007-0906, CVE-2007-0907 CVE-2007-0908, CVE-2007-0909, CVE-2007-0910 CVE-2007-0911, CVE-2007-1380, CVE-2007-1399 Content of This Advisory: 1) Security Vulnerability Resolved: php5 and php4 security update Problem Description 2)Solution or Work-Around 3) Special Instructions and Notes 4) Package Location and Checksums 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. 6) Authenticity Verification and Additional Information ______________________________________________________________________________ 1) Problem Description and Brief Discussion Multiple bugs have been fixed in the PHP4 and PHP5 script interpreters. These include the following security related problems: CVE-2007-0906: Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. CVE-2007-0907: Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function. CVE-2007-0908: The wddx extension in PHP before 5.2.1 allows remote attackers to obtain sensitive information via unspecified vectors. CVE-2007-0909: Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function. CVE-2007-0910: Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors. CVE-2007-0911: Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash). CVE-2006-6383: PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path,which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. This security update also fixes some bugs reported by the Month of PHP bugs project: MOPB-10-2007 / CVE-2007-1380: The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read. MOPB-16-2007 / CVE-2007-1399: Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback. Note that this problem is caught by the FORTIFY SOURCE extension in SUSE Linux 10.0 and newer products and just leads to a controlled abort of the PHP interpreter. 2) Solution or Work-Around There is no known workaround, please install the update packages. 3) Special Instructions and Notes Please close and restart all running instances of Apache after the update. 4) Package Location and Checksums The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command rpm -Fhv to apply the update, replacing with the filename of the downloaded RPM package. x86 Platform: openSUSE 10.2: f2f48e532fef257c6e7a9594b395bbbd 503528c34dd46c11b626a1115e4e7acc f0d2552bdec0eeb3ab8bf2545ba3cddb bf3d450e2eb99b34a06daf7513983471 f818ce63be457d9c1a1239cb4df43140 21e05debffe309a6d726152c54f76051 b0c379af470fca3c2f3f4c12182a4f7a cb7afff7393ef5e7fe9a40787decb6f9 0951fe02fb2f0c604dbcc8ac5eeaf16c 3dd7c25a21d2a484ca879904f3bee4a9 4a813bc9d22f5a9e7764f4ac6685609d 098c31663c9da3e220773c7f02d0c0fd f439e2e8c687ce0dbd07b9575a4365f3 02d86d4c8630df2a1c011a0b8b36bce3 0ef98613fdd02136e71e41c8140172db fe27a4c38d1a60a263ee224759e3ac44 72593a052c560bf67e13b0023f3853cf a28748136ac0c812336dbb526a640388 a6fddefdd69e1cd16a2dbc05a00d307c e4fc9ceaf7f994f7d071984b27986cb5 c1e3ca85fcf3eab7528c08d96d87b2ba 93b3138e1440d984979131c4b6811c83 5130d3ba12debbce19e36104880dc379 f3328696c8419532be94f0c9a9e17b2d ce718ed9e21a8ff508da8c27a270e703 7cdc2d0d8fa4848dac1f8fca234082c5 SUSE LINUX 10.1: 3927e0480ecf4c74be6b5a8cc1060eb0 c4cedba0d109f6ceffaa13a6bf682e7e a8fd499fa084131487ec38812b64e8b1 e22cac0de384f810e51c2e677c0beded ed084d4f73e420ac65bbb6478ea90d94 805c64b2bcd4acc30457292c4727c3cf 632ab11aa56d0e845a32ecc08d8d0c2b 6253f962a8ea1edd629d9fafebca88d3 00e6376b3ea3ed8eef975ded52a2652d 369c20a57b8040440ff7d7e25b00206f b0932eb0d69a3416e507bd3f9f0c1c8d 039b6caa677523d29bcbfb4c7c28171b f94f405677516b60a1c5dffcd5d81aa7 82927d40442d020d64798565dd0301a2 3e420f4f25f7dfd4b8cd9c325c687569 ffde7c9bb5717808234d366e1a0df80a 70b78fcb59a61b121b72a4672b32426b 77d1917ebfb039869b07dbd3f73463db 257ef91fab5b5ff97f7f2a3c641b852b 67fd6fbfe544bf149dad76a187949588 45f165b82620c8a7ec97da3ed835c825 2841c3c4d8085801dbd078358e2d3120 2a0db72494fa3c9a3600897660b879f2 b9a3634905d99004644396707d9dd12e 88d1174b3880fc99aaf6f9ad0f639d2c 1932e85a7a064be2220e09a29b404227 SUSE LINUX 10.0: ce1d9363eb0efdeeedea70eae077659a d928f472fa80d6c73723688297aaa32c 707f34cea2252ae1d40f80bfbd7a2b65 3aa9a918847df1f3a95e7501c28fdd0f b5e399b9ed76f9687b0691aeaf303989 fcc4a39cc6f5c94ba268a02f13350c56 0dcfff6ecd68539c58781c00e9874b53 8c3801ddfa4777f3b58f2385112bd1e3 df7885a9a69c5bbb3866a30b31744a1f b2e7e4f2625f414546cfe099173d37f2 09f8fe0946bd6dcc6b41bbd1aaf00436 33addc9de8ab5247f336211ef9c015d0 afe58d2b22065a51a81a9ee03bb177e4 98ef5c8ee8c37debb35b4be7bd4795e0 2159657aefb7e679864d794266a230ee 2ac681c5b3c5f6dfbec713aa00a75df0 e3de03a595f64256ad9506e5bb05bae0 96751ce807d72d437018d97d63a82d54 707833a0c9377312de2eb3517fdb06c5 f366c3f53d8d39a0ed258b6904b570f9 2690790d45e14b5309731b86f5ee88ad b991a6bb83d0e60552ac441c7f2b2ba7 1d3804bb3efe9e97cc9405c3c277ec02 1ced5441f663014c78796844a672ac99 abf2b770c25ce0f593b8cf5aa603d3f8 84e4e07f2983d5f4f03731c3baaac83f d8cb2cc83f823e502ae6ca24ff65a9d8 8536c90069d133cfef77f70647911d05 e4363b38b9f803e5f7127240de2bcd55 2a4482240e2e4205973fcbd13023400a ef2978fa60e61107842ea4a9fba29a94 9d9369aa0bf820fde4ec8beca7ed9a9c 1f64e8ec3d4dc75fca197ed080c5ea58 f2854c347f1df295c8665ed0c3cee408 219f71b053b5adfdc10bc981a914840a 94f545526d60f3d9791023dec171c4de 175b6bee59231a8f0821de0ef3e62708 c3a909e0c962aea9294434c2ecd8f625 f703e49dbf9f78f77b299cc0b2cef2d0 e7a7868d5f63a672fd7a87480dc6bb77 ec6963d22bb68e0ec3024fb8d4b6cd40 SUSE LINUX 9.3: b64d7ea34f122ff8e4ee5dc84c93b88f 76629e3c134e05c294d5ee117544acc2 9fb5247d927e2b32f79a434358082e33 1a6e808bc51cb4ba8c030c6dd3c5702c 83a2ec6069c1ee73be65ff7639111294 b2f89a8fd833330d7181b370fa3aadf8 c8fb2468da1145b1d3a0185bd5a966b0 0b421bcafe05955dc6c36cfbfb43ee58 913d64b9b6cae70aa6052c995e44a226 768f56aee0e7e87980b5fca599c00017 5aeef12f372eb3c9dfc0e74bf59fbcca afa6ce46410733abef5979f8abfdeb04 58ab5812623571cc7f9414a4e03949c9 a2d6221d6bded4e29c14b96da228e72d d1166b80e8548e8f6e812191a2184505 71990d9cf8819507c6bd69270335d50c 71b45ae6fc694a409d3a75efe7996551 e311d27cc61cd047f2fb8ee5fd37fa5d 0ffdb01631d22f06cfea0c8b0010030b b37021436773bde8fb80fd1ce600cc2c 8e25e4d8a92e0b0000517dd29b3413e6 cba8aef706c8a77bbbe1f635465ffcdb fe6738ae4f9f9e0f01b21ffac3b82f0c 41935fd3c56d91600938ccc257428adc 7e610b3b503d663c46fc3e5649b729ec 542df95c1575f41ff5fa41e205f4cbc3 1e5916878e1b6878b48beb3c01a5acb3 0262910f143b23d984ba50b2e08f2361 ff696b891fea9466a6e79d823870727b 5a6d4ce953115979cc1d871b4db3e070 45da7460e75de58b6908dba002e0544b fbf8501fcabb5524d52c7f38f005d01a 984403d4e005c35544e513c5652f3fff b7ba99118504fab1f9be54dec3bccb67 7e86de685685af5f0876a375a54a03de ab74c1e6f503b99867a481e61f16d43f 7605693d2583717f368a255944a27cb5 d1a33171f22821d2c0805544d5d6983a 93c363acc0194d21d9f5c27585d833fc 3f17403906b03dd1ab8a4ddbff7f6bf8 63b9061a3c379a19b1225a03920f91fa 13fd64117d5407e7f6ca87ba22500049 PowerPC Platform: openSUSE 10.2: 49370a0dac0af9a5d35b9c3b28d766ad 91bdda88f54fc85e17b0e9f00a95518b 4e7a334891c9e5049aee295b8a4c4b63 5958c63254a663131ce88a052983638a 09fb2c7747dd2f37e7cfced288d1e171 3e22fb6fa31665f53a4b94bb12e7b18e 9e3d96b8b3f86b7fa2460b6f7c7d82c5 c49f1ef80d881fd5c8e545ebaa7b00cd e1d39a0fa46bbabe26e04885f35a5f28 90c6e1db4a5b488ccc7699eb22afdc88 c9f97777204d0a881a7c42e01bb16f04 6c8777fe96a505a132b223ac8b21056a b7b9e653f01e0cbc0bbe485e53ad81f1 35065a9c2a2b857b2f00f7b1a3e73c0c 987da01184a438f28dc3c8f7cbc0b56c 76c973da08f1d782a951374d474283f4 fa821e797ecd0276bb88a0528d67405b 1cd3cfabdb8dd36b7c3e7ee15c8e0404 dfc209b1fee0fb75039bac84717a2370 ba18af0da3667f2dcc87aea49cb13073 59d20f1fe24c3d70f5fea4a1233cfdf6 08f9b28ff19364d8eb4fd29642264038 5fdb9372584b410de2501d7cd0908f8e e077f3a24ea9bab13f22065ac51abd9c fb14edcb82d13d48250488160fc96f2b 27f8a733b70b5b3df9bcab5fd2e26605 SUSE LINUX 10.1: 96a8765eb048051895047b98b14cef79 7f152ba79bf24394a3db4e1a4746fd9b 8452c7f97658cc67fc7696b1cf5e2202 6d89109092b50b323f529251c5b8dfa9 11e429790c8c3b273a8fe5d3de2a5730 de04a3a5aaf7794e9b62d1921f6ab19b a8849faaa13421176972ea3304e19aaf 8abedac9d65993b5505abb8bde861df9 1cf5ba89a4301274e0f6522fbf46786b 9073d1860574d46aadfe11d3221e0f2c fad3f6cd03fa37ea5bed275d9d802bcb e5a6b5b333829d8e479edb9c26b70e2a 8a6b54dec45bbe4890c3bc6d221fbd22 5a15f6184aed34830276f59a8d441e35 7ff6fbf4934a09ba47d09f6fb1c992ae 6978dbf06c3a6e8bd1c159ef3b84c46a cd5c52bb5d8864869fa0882687a4a40a 444322bafbe6c41f59320cdf08c3ee8e 726ec744656ac7100a0cd7d4b1d1a4fc 22559ce0e3c5c525f38f989238d1684b 55bb9238a9932d679206f329d0c209ac afac8eb1a744c9dd4613d19cf95f651c db6069e3f3e98706463eb73bdd7729f6 d7f0ec56d89508cdb6b02e1c9cce6cf5 e194b94cc138f9765fb582afa9ef091f a5c84f731f22831ee6ccbe4b13435247 SUSE LINUX 10.0: 2e07d17e6a777b893c9526c9db744996 760d7139a5d09b2d012112d32058a618 1dfa7c78ff075809dff0a5471a1a88b6 32e9ad8b13d43b28335e567e5a48eed6 40ff643bebdfd44a38af18554f29ab9e 59d340c1856945f0165b04c1f2420e24 f3bff51a10bf47b8443b59947c9195c9 e76e10edac3c6484152704068f9c0bb5 7ae3436f4ee555608ac8c9e4aebe2b35 d63bfae1763e0b3ad03f68ee8bb1de18 05e60500a1e87eaa1baac699682efeea 63980ae15254d7394ed32bc954522295 0c888a0c88659d4bf5471a3be5f0831a 273438360f55e1207d096eb2156bdfe8 d99a9ad906511d7d11e19bb11da7284f 2cfbfa4449c283f946c62053e28e47cb 1d7704379ba7118f307da5351a426ed5 0681bfaa2b5e66a6c1f02acb262700f3 94481066b3a4c00263529fe7b5cdc696 3d4c9be7f6bce2ee3b09b8d1ea1a3927 005a5b23fbd021818b4307c8a9509832 75cc453f1128bce8513159bfb86fb1ff 05048c18601503c8ffdeab2b0a1635c1 5af7337aa8964eb2eadb0d22c40ecb79 45746aacd4d4beb608249d0fe7d18da2 118b9ac1abf8b214938272bbde0bf38b dfe7ef4c738ea4506092c07d77889e61 f5490695fbaa5bde29f0b59c58622b0c 7a4e24ba512e78dfecebc2f6ec1e436d 2129bba97312f6c3071fbbdab99d07f7 533ebb1bfe2af508654e4444cf94f591 c2c34c2c8d46416cb181f0dfac480cf9 059f696f5241cfad83f450f0022fd925 657db304cbbe3ee7971495d1eb5191d2 1657b02e4c593b193a26d1d1f34c5004 cd53e8ea3ed08ac9be063cc5f742dcd8 6e6b8cf312472043135f7b7a993c24e4 8670cdcffb49b9b611d117a52342bf84 26223d4dcd3942c504c9da98e12e5907 x86-64 Platform: openSUSE 10.2: 6fc7baec7b5ec5ca6d3d07d74827aecc c66d9af139ad3b400508853dfeda09fd 8035f925c26a0d4fb06e91e54b8c6d05 17dd2121b6710e9ba18210ef531bec1e d95da72c9e77724d3b603ede1bb9c914 80ad1109a779bfab84da41ad3207ef71 5c23b8279a5a7073de28c855983214b1 9cb38772ebb7de686872c6d82d648ab0 99feebfe9a7630874a604af784f181f1 1df97f146a31b34de52bda12a845112a 0860a628bc53fb46d396e594e62cd3fd 8b08709305f9a322df6de8e3f6bccf27 a82697ed69ed138c77213abbebfcf853 56376e6c7983e3232a786ce3b7be4aa7 68e744f409ece9e3ebb54e1635cbea81 8ad060629c9e4ecee5f4e5b1bead92e6 bf08f399b780a8eefd9a1f573c780932 e65570a8f2ea458189ff915928473b5b db54468157f4a51fe8326c873b8d1549 00a8f2f1950d34746791d59261f5fb1a 1530d575261ccd4b23c001d2312933f4 c4dbd19e34ab84061524cadbe7cd2c4e 192f1ff8ae9bb423185a62a28e521ad7 98e74d43115262bf5c2acba07f465fbe b025401b4013248ec586278e3d1ce23b 9cdcaee5b2f2e5c0c980e18168c321af SUSE LINUX 10.1: 4fd8d3fa9744edd5d7f83f95efde8dbf f0c2f62a61536c536fc7823604f535ae af10d837432c9c73f1dba82d638cd3b2 3d16d559e804d068804c7309357ce14a c2f82c5c554f2ff5fd94c427245f6075 ada96bd2d11eefbae636d523f0a907fa aaf4d830ec47a2414d0549d8d2ec54d2 f765f9ffc0227e75c5bed9da63a83b57 3b2ea32c19c591563c7b190f250b7cea ff5fc5fcc18190628c179273efcb0fc0 36e911e68dd41699ba5204709b77a92e c9ff817e3e3567ae57208f4741fae3a6 39c26262a603f6435621efb4bedcc466 e281185be8f10044c02c8fd072c50f75 e1c9750409ed17ff024d6921d06f5eb2 bb2606332148cc2ccb43421e95364fa0 b75e42616ee017fa1af98ef0fb9abdfc aa3d99e202f326161d32a5492c95fd15 2c4e75b9d7bc4fc950e64caa9d8849f2 09042a4bb4fe75fe1d13910dc3b271be 3ec76fa30dce97bf39a38b30349487a0 0cb6f0ca7ca0d4ed78b60e99fc510b38 742992ef40458fa2b94c9d1405d92701 d1251f1b468f444e858b8be6c60e6a77 90c1320bbc5e7354ba9d189a152c4559 1e79521e5a2febd20ccfa3b0573c3432 SUSE LINUX 10.0: 925516a11b920e10489c1cf5bdf871eb f6f15dc828084191ec5d2e2641638371 d8285a7d9a4631a3b136e3df02905ac4 d1dea83ebba87c93da8c0c10cc50518f 7f8be06667f3be70c50fff464396bc00 f326c18b79cb38ae322d6fa4d017fc33 0eae16871bdded2a254141349320cdc3 e77f72fa9dcd5c221b95a72a7d28392f a0a6b70c368de79f4dc67e08ba669d38 81f36a9101e13af4851cfd3352c970b8 6446a1e4eaa2d7491d7e6cf77bafc605 4b1dd084f492c2146461978c4b32e3f4 2a376b42917264e6ca0272071394eca6 a277896ba45191dfc4e8c1f227101aa3 3a174a8827455f05f31cbcb64365c7ff de9be6eb9df1d511643e2556d8db3e15 8de27ff48379f08e3432ca68796fe4fb 302e716290d6d25fe5e2856d686e1e6d 67c3765f4c290ec2374601cb37fb14dc 84e87d9548fdc8e58d25c21b32785d61 412ee31631d23f0ea69a49b6f3476855 5d665cecdb179352d9daee78ae341d3c 8e73ad5f45a549b415e2f0377de76a90 03a0a80e990d92e864d48bcd60c95677 bc51d867ec17930815a177831072f623 797ac418702fa602aae8954c9015d613 00e4f452b244b388f992ce71e0877b2d a30de85bf0749d4d2926b65d24234c4c 063d3d4eb77d8c6d3fff329384f02c0a 70464454a2fceab33e4cea0b254d7e51 df8ff7a4420eb8ba7033f333a87bae43 d22609c830fe2374d836acd72396740f 3c3c04769a76c72ecc861a2885e17ec7 30d795b17a5466d9b084804558ad9752 df3ef7d2905ae6d7cf142b32f572aad6 4c7cc9ec050f864d7a59a7279cddeaa7 25c9dce3ae41bb304979a849e4053442 d342f0ede7e2c551981c0c21da51e730 c7112ad40246f8266184ec7ef8b7d3fa dbf8bf0d818a3546bc6afb376c89b401 87332ebcf13f46c8b5c688cab2866058 f2c73bc637cd12522ae8c86f70a62ad1 SUSE LINUX 9.3: 24c98fc36a7faedeb779ee3b4e7f73d5 f149fb043389b18f07636d5420d04859 e4b857236ec89f4df684f395fe2a61f7 19beaafa8455cb98942d0f3d5b02040b 020249f005fc4c83ddc82d93a9af555d b5f0f23719fee99f7be239f4626bfaf8 c107e9024a50fa776cc86f1b92772b38 32e519b534c9cb80317846887c72ed48 05364fe8e32876398df9969cdc3449d3 ec18bfb5c0951198107b689ebb10ad43 1e16bdfb510fb7fa16d83f8b4cd0785f 2b55db2d8f7e96ede5620e0d8f7eae1f 1ba53024f74739ce15112572c2a4bda0 61a8c92d790f1c57de862ca0a9f4ecb4 5f29a4a5e1070e69392839babfc9d807 df12f1e25c87c6759e9345e43b581aad 0dd8c6e5334e71c05d9ca288d47d02cc 90c2e65ea424eec06c2bfa8f66e3723a 37037d199b1b98deaac852867a598c40 49e60a5c8a34eb49259d7715ec41997f ec2da88d11ffc3f4bd44e208b5a067fa 7d92a633ec5c977ec9a6a397c95f6b93 3e8bd1deb04c3c43f6cb93c48f71aba8 e7e43bd96742374b7ab5863b685a28b3 d5b0ab6c51eed967c8349436bcfdff45 cdef9f778140ce0b1e1341c7825a44af 591036b10c3fd895ec839670e2ed054d d93d1069b2fa4d18c362ce32196b3e28 165d04fe427b8aa5156a5e25e382855b dec99b3448519cc4de53ecc46de2d857 d59f0276ea7d364677954f97b4d75a34 758be866ae6ac8579d2f35f061832b72 aaff90fa07e919e693d28775d8bb9836 d37113b54225deaf5429e0a500ab1bce 3b18b0e056a97101eaacdfb6ba0afb66 5a2d02e6e6ee2d9f1d835084356598bb 1df56255aeaacdbb2f3cda07f4415bc0 2d1022c22576ab61220752954d3d2c6b 61ccceb26be012b279c3ad6c7caefd64 3a21ebb1f5044c1230b4951bb49b3108 368d4b69de42fd1710c7e0d2578fe124 8e19f2b753c8db27b07fb9fa19390e78 0ab3c2307a3acf9da9fda3f7b7fc58d1 Sources: openSUSE 10.2: a1df0dc4add87807ff937b0b03d3e2f1 SUSE LINUX 10.1: 1d5a89b185eb0dd5a5b62f4b711dc2ac SUSE LINUX 10.0: bc4579898653534197b3203e5b2c8c17 6993a1bafdb3a19e1a66e5eda2d862ef SUSE LINUX 9.3: f87c049c55af281c456769dc620b0ee7 ce9e2f1c8500dbb0b8b1edead40d2550 Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SUSE SLES 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.html SLE SDK 10 http://support.novell.com/techcenter/psdb/f36e1cd46e4c288ce275fae334efd2b8.html Open Enterprise Server http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html Novell Linux POS 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html SUSE SLES 9 http://support.novell.com/techcenter/psdb/9331ab8ca1a0615674f5dd979bd4b413.html UnitedLinux 1.0 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Openexchange Server 4 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Enterprise Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux Standard Server 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SuSE Linux School Server http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html SUSE LINUX Retail Solution 8 http://support.novell.com/techcenter/psdb/301e29c1284be2d64596c7d1fbd6cca0.html ______________________________________________________________________________ 5) Pending Vulnerabilities, Solutions, and Work-Arounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) Authenticity Verification and Additional Information - Announcement authenticity verification: SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature. To verify the signature of the announcement, save it as text into a file and run the command gpg --verify replacing with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team " where is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc - Package authenticity verification: SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or RPM package: 1) Using the internal gpg signatures of therpm package 2) MD5 checksums as provided in this announcement 1) The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command rpm -v --checksig to verify the signature of the package, replacing with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from
Mar 15, 2007
SuSE
98
security advisoryRed Hatbuffer overflowRed Hat: RHSA-2007:0088-01 Important: PHP Buffer Overflow Risk
Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team.. - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Important: php security update Advisory ID: RHSA-2007:0088-01 Advisory URL: https://access.redhat.com/errata/RHSA-2007:0088.html Issue date: 2007-02-22 Updated on: 2007-02-22 Product: Red Hat Application Stack CVE Names: CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 - ---------------------------------------------------------------------1. Summary: Updated PHP packages that fix several security issues are now available for Red Hat Application Stack v1.1. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64 Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) When unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could beforced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988) If the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908) If the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909) A one byte memory read always occurs before the beginning of a buffer. This could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allow attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) Red Hat would like to thank Stefan Esser for his help diagnosing these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 229337 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988) 6. RPMs required: Red Hat Application Stack v1 for Enterprise Linux AS (v.4): SRPMS: 65c254f44be0f72149d1a6d2481f83d1 php-5.1.6-3.el4s1.5.src.rpm i386: 78d8e01b70f58962f336c8bfb5ba4b96 php-5.1.6-3.el4s1.5.i386.rpm 6d2e8fa3d1b7c38b238e1ac3f7476956 php-bcmath-5.1.6-3.el4s1.5.i386.rpm 6b8b46df3e7baa0f8d3f172f17282259 php-cli-5.1.6-3.el4s1.5.i386.rpm 8ced783df3b11e6d0f6dd1f6b6829fdf php-common-5.1.6-3.el4s1.5.i386.rpm 740a6c287dcbac0661a253ed3ff66814 php-dba-5.1.6-3.el4s1.5.i386.rpm f7e791945b706248c53a01c1b45bfdce php-debuginfo-5.1.6-3.el4s1.5.i386.rpm f35f870ec7d08950d8e62ce9525c4c70 php-devel-5.1.6-3.el4s1.5.i386.rpm 23e2fd214a78125b380c59dce8b866cc php-gd-5.1.6-3.el4s1.5.i386.rpm ffca8a8be48b47ac67d3dafe706a17c6 php-imap-5.1.6-3.el4s1.5.i386.rpm 4c1f239d32b5e6ae2e26198116a2df40 php-ldap-5.1.6-3.el4s1.5.i386.rpm 4ab5f2d77d903027e47cde5ce2b00391 php-mbstring-5.1.6-3.el4s1.5.i386.rpm 70f18b061ad856f91d752afc602321fb php-mysql-5.1.6-3.el4s1.5.i386.rpm dc8653b119d187f4502ea7768d0b4df3 php-ncurses-5.1.6-3.el4s1.5.i386.rpm eaeeb0c20afcc2f6092f2ee86026b289 php-odbc-5.1.6-3.el4s1.5.i386.rpm 8626f179feb2edf6a65592e8b7ccf4ac php-pdo-5.1.6-3.el4s1.5.i386.rpm 29394ec7b3a94bf7800984b6261645dc php-pgsql-5.1.6-3.el4s1.5.i386.rpm 1458d727cb6e7ca1f8b157e7e9e6647b php-snmp-5.1.6-3.el4s1.5.i386.rpm 2852e877c69badc913b3d45508f6174d php-soap-5.1.6-3.el4s1.5.i386.rpm 83fc3d913035f739d9f467760141131a php-xml-5.1.6-3.el4s1.5.i386.rpm 72e4d8d62154edd162e302e4ef998237 php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm x86_64: 9febc8aa7713fcc6e6d782e8cfad8b6b php-5.1.6-3.el4s1.5.x86_64.rpm a50b99d084118534a60713dc7072bfe8 php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm ec1c3659254920ee751528b70048dc8f php-cli-5.1.6-3.el4s1.5.x86_64.rpm a5d8daf2c536b025cc7916c93b29dba9 php-common-5.1.6-3.el4s1.5.x86_64.rpm 6759778469af7a9a70258aa3e07e57fc php-dba-5.1.6-3.el4s1.5.x86_64.rpm fdcc247456d423f893f83277525191d0 php-debuginfo-5.1.6-3.el4s1.5.x86_64.rpm f2d186ccf814a716661e05f9b9e8b968 php-devel-5.1.6-3.el4s1.5.x86_64.rpm e9ae0a6fcb0a383c5e0ccce6d5625d10 php-gd-5.1.6-3.el4s1.5.x86_64.rpm 007ccf652a68a291f02ea20a64b17c19 php-imap-5.1.6-3.el4s1.5.x86_64.rpm e3438ac7fa45ec4d18c5b440e6ab8b51 php-ldap-5.1.6-3.el4s1.5.x86_64.rpm 2ff48b915dd6a96e0218fbd22eb38e18 php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm a7249f1c5007a3cbaa1db03db1947e08 php-mysql-5.1.6-3.el4s1.5.x86_64.rpm 6bca262f258fa401f85ba494b2c31e6f php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm f0300356cfa9a0ec53f06b22bf9831bc php-odbc-5.1.6-3.el4s1.5.x86_64.rpm cc1d0f4eb90a42bf2b97c901dc7e675e php-pdo-5.1.6-3.el4s1.5.x86_64.rpm 281e15be5c482bf80b9b364baa18c464 php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm 5974ebe042e427a9bb63ebc3efd0e503 php-snmp-5.1.6-3.el4s1.5.x86_64.rpm 5504e7372468eb793607c7050109a7c9 php-soap-5.1.6-3.el4s1.5.x86_64.rpm ec5eeca15244e5e676c2dd438bc4add0 php-xml-5.1.6-3.el4s1.5.x86_64.rpm 55e2405c3136cd7ba733391770d8e4ba php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm Red Hat Application Stack v1 for Enterprise Linux ES (v.4): SRPMS: 65c254f44be0f72149d1a6d2481f83d1 php-5.1.6-3.el4s1.5.src.rpm i386: 78d8e01b70f58962f336c8bfb5ba4b96 php-5.1.6-3.el4s1.5.i386.rpm 6d2e8fa3d1b7c38b238e1ac3f7476956 php-bcmath-5.1.6-3.el4s1.5.i386.rpm 6b8b46df3e7baa0f8d3f172f17282259 php-cli-5.1.6-3.el4s1.5.i386.rpm 8ced783df3b11e6d0f6dd1f6b6829fdf php-common-5.1.6-3.el4s1.5.i386.rpm 740a6c287dcbac0661a253ed3ff66814 php-dba-5.1.6-3.el4s1.5.i386.rpm f7e791945b706248c53a01c1b45bfdce php-debuginfo-5.1.6-3.el4s1.5.i386.rpm f35f870ec7d08950d8e62ce9525c4c70 php-devel-5.1.6-3.el4s1.5.i386.rpm 23e2fd214a78125b380c59dce8b866cc php-gd-5.1.6-3.el4s1.5.i386.rpm ffca8a8be48b47ac67d3dafe706a17c6 php-imap-5.1.6-3.el4s1.5.i386.rpm 4c1f239d32b5e6ae2e26198116a2df40 php-ldap-5.1.6-3.el4s1.5.i386.rpm 4ab5f2d77d903027e47cde5ce2b00391 php-mbstring-5.1.6-3.el4s1.5.i386.rpm 70f18b061ad856f91d752afc602321fb php-mysql-5.1.6-3.el4s1.5.i386.rpm dc8653b119d187f4502ea7768d0b4df3 php-ncurses-5.1.6-3.el4s1.5.i386.rpm eaeeb0c20afcc2f6092f2ee86026b289 php-odbc-5.1.6-3.el4s1.5.i386.rpm 8626f179feb2edf6a65592e8b7ccf4ac php-pdo-5.1.6-3.el4s1.5.i386.rpm 29394ec7b3a94bf7800984b6261645dc php-pgsql-5.1.6-3.el4s1.5.i386.rpm 1458d727cb6e7ca1f8b157e7e9e6647b php-snmp-5.1.6-3.el4s1.5.i386.rpm 2852e877c69badc913b3d45508f6174d php-soap-5.1.6-3.el4s1.5.i386.rpm 83fc3d913035f739d9f467760141131a php-xml-5.1.6-3.el4s1.5.i386.rpm 72e4d8d62154edd162e302e4ef998237 php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm x86_64: 9febc8aa7713fcc6e6d782e8cfad8b6b php-5.1.6-3.el4s1.5.x86_64.rpm a50b99d084118534a60713dc7072bfe8 php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm ec1c3659254920ee751528b70048dc8f php-cli-5.1.6-3.el4s1.5.x86_64.rpm a5d8daf2c536b025cc7916c93b29dba9 php-common-5.1.6-3.el4s1.5.x86_64.rpm 6759778469af7a9a70258aa3e07e57fc php-dba-5.1.6-3.el4s1.5.x86_64.rpm fdcc247456d423f893f83277525191d0 php-debuginfo-5.1.6-3.el4s1.5.x86_64.rpm f2d186ccf814a716661e05f9b9e8b968 php-devel-5.1.6-3.el4s1.5.x86_64.rpm e9ae0a6fcb0a383c5e0ccce6d5625d10 php-gd-5.1.6-3.el4s1.5.x86_64.rpm 007ccf652a68a291f02ea20a64b17c19 php-imap-5.1.6-3.el4s1.5.x86_64.rpm e3438ac7fa45ec4d18c5b440e6ab8b51 php-ldap-5.1.6-3.el4s1.5.x86_64.rpm 2ff48b915dd6a96e0218fbd22eb38e18 php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm a7249f1c5007a3cbaa1db03db1947e08 php-mysql-5.1.6-3.el4s1.5.x86_64.rpm 6bca262f258fa401f85ba494b2c31e6f php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm f0300356cfa9a0ec53f06b22bf9831bc php-odbc-5.1.6-3.el4s1.5.x86_64.rpm cc1d0f4eb90a42bf2b97c901dc7e675e php-pdo-5.1.6-3.el4s1.5.x86_64.rpm 281e15be5c482bf80b9b364baa18c464 php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm 5974ebe042e427a9bb63ebc3efd0e503 php-snmp-5.1.6-3.el4s1.5.x86_64.rpm 5504e7372468eb793607c7050109a7c9 php-soap-5.1.6-3.el4s1.5.x86_64.rpm ec5eeca15244e5e676c2dd438bc4add0 php-xml-5.1.6-3.el4s1.5.x86_64.rpm 55e2405c3136cd7ba733391770d8e4ba php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm Thesepackages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.cve.org/CVERecord?id=CVE-2007-0906 https://www.cve.org/CVERecord?id=CVE-2007-0907 https://www.cve.org/CVERecord?id=CVE-2007-0908 https://www.cve.org/CVERecord?id=CVE-2007-0909 https://www.cve.org/CVERecord?id=CVE-2007-0910 https://www.cve.org/CVERecord?id=CVE-2007-0988 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2007 Red Hat, Inc. . The latest PHP security patch from Red Hat tackles several vulnerabilities, significantly improving overall application security for its users.. php security update, red hat advisory, application stack security. . Severity: Important. LinuxSecurity.com Team
Feb 22, 2007
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!