__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN PHP Security Update [Red Hat RHSA-2006:0669-12] September 21, 2006 20:00 GMT Number Q-321 [REVISED 14 Nov 2006] [REVISED 11 Jul 2007] [REVISED 4 Mar 2008] ______________________________________________________________________________ PROBLEM: There are several security vulnerabilities in PHP: 1) A response-splitting issue was discovered in the PHP session handling; 2) A buffer overflow was discovered in the PHP sscanf() function; 3) An interger overflow was discovered in the PHP wordwrap() and str_repeat() functions; 4) A buffer overflow was discovered in the PHP gd extension; and 5) A interger overflow was discovered in the PHP memory allocation handling. PLATFORM: Red Hat Desktop (v. 3 & v. 4) RHEL Desktop Workstation (v. 5 client) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 3 & v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Debian GNU/Linux 3.1 (sarge) and 4.0 (etch) DAMAGE: 1) A remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response- splitting attack could be possible; 2) A remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user; 3) A remote attacker sending a carefully crafted request might be able to cause a heap overflow; and 4) On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attacker by a remote user. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. 1) A remote attacker can force a carefully ASSESSMENT: crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible; 2) A remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user; 3) A remote attacker sending a carefully crafted request might be able to cause a heap overflow; and 4) On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attacker by a remote user. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-321.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0669-12 https://rhn.redhat.com/errata/RHSA-2006-0669.html ADDITIONAL LINKS: Debian Security Advisory 1206-1 http://www.debian.org/security/2006/dsa-1206 Debian Security Advisory 1331-1 http://www.debian.org/security/2006/dsa-1331 Red Hat RHSA-2008:0146-2 https://rhn.redhat.com/errata/RHSA-2008-0146.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-3016 CVE-2006-4020 CVE-2006-4482 CVE-2006-4484 CVE-2006-4486 ______________________________________________________________________________ REVISION HISTORY: 11/14/2006 - added a link to Debian Security Advisory 1206-1 07/11/2007 - added a link to Debian Security Advisory 1331-1 for Debian GNU/Linux 3.1 (sarge) and 4.0 (etch). 03/04/2008 - revised Q-321 to add a link to Red Hat RHSA-2008:0146-2 for RHEL Desktop Workstation (v. 5 client), Red Hat Desktop (v. 4), Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux AS, ES, WS, (v. 4), and Red Hat Enterprise Linux Desktop (v. 5 client). [***** Start Red Hat RHSA-2006:0669-12 *****] Moderate: php security update Advisory: RHSA-2006:0669-12 Type: Security Advisory Issued on: 2006-09-21 Last updated on: 2006-09-21 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2006-3016 CVE-2006-4020 CVE-2006-4482 CVE-2006-4484 CVE-2006-4486 Details Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020) An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482) A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-36.ent.src.rpm edff44ef2d5fc36ab6900bba1120e068 IA-32: php-4.3.2-36.ent.i386.rpm 584ed6c5ab8b79ecab9dd19d60912977 php-devel-4.3.2-36.ent.i386.rpm dedd72857ff105df8080240a42dfacbb php-imap-4.3.2-36.ent.i386.rpm 63923c12457a2602f285b5a80b721b2a php-ldap-4.3.2-36.ent.i386.rpm 00990be4b10108922514cb1cd1352ed7 php-mysql-4.3.2-36.ent.i386.rpm 9515272828c140cf6c8f16e03892a754 php-odbc-4.3.2-36.ent.i386.rpm ea38b76f0832ae1513462da3859a0f10 php-pgsql-4.3.2-36.ent.i386.rpm 2336166a7a28071d1c5b54732baafd6f x86_64: php-4.3.2-36.ent.x86_64.rpm 01e1ea894379472928e8ad77b6312dda php-devel-4.3.2-36.ent.x86_64.rpm 36457735cbcb22ffaa2997618ef01982 php-imap-4.3.2-36.ent.x86_64.rpm 3254378cfd946649559dd22bf1b8886a php-ldap-4.3.2-36.ent.x86_64.rpm 726deefb3f99de5ecaa17f7919305267 php-mysql-4.3.2-36.ent.x86_64.rpm 7f49b8046b8d9c7ab07e1a379da6f4aa php-odbc-4.3.2-36.ent.x86_64.rpm 73f464716cc6ac85942a0fc746ff3d9d php-pgsql-4.3.2-36.ent.x86_64.rpm 9642d324af0024e37c3bf587930699b2 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.18.src.rpm b0e97438a543ea87ed285962380fcd93 IA-32: php-4.3.9-3.18.i386.rpm c601af250ee6f6738dfa13d0faf112c0 php-devel-4.3.9-3.18.i386.rpm 7ff530e4092d7e5b3e895ac65d29a043 php-domxml-4.3.9-3.18.i386.rpm 94a28fa94ca9a47ca385147f472d0216 php-gd-4.3.9-3.18.i386.rpm b52c12634bdacabf030f7921d63ebe62 php-imap-4.3.9-3.18.i386.rpm cf05f81490b34c5b57d41c3e09bbec7f php-ldap-4.3.9-3.18.i386.rpm c893fcba04c16ed2765e74d07aba4c55 php-mbstring-4.3.9-3.18.i386.rpm c1c9fb687d314f657dbd0fbbfedee34e php-mysql-4.3.9-3.18.i386.rpm 386fd6501b8b520174d3c430a4e3987b php-ncurses-4.3.9-3.18.i386.rpm cbda257ea5187d279bc3dc26fa190c5e php-odbc-4.3.9-3.18.i386.rpm aff73f88a3832958486189594c3bffb5 php-pear-4.3.9-3.18.i386.rpm 3faa1ecd7108b2e16ee70ef8d8a5f91e php-pgsql-4.3.9-3.18.i386.rpm de56134ca623e18cf42bf170a6cc2409 php-snmp-4.3.9-3.18.i386.rpm 16f8501f638d3b8d6a58aadc6a246c71 php-xmlrpc-4.3.9-3.18.i386.rpm a7e316ff5c7d7671e3377d4374d2455d x86_64: php-4.3.9-3.18.x86_64.rpm e097d0cebff30cf30f38bfdb6ec584ef php-devel-4.3.9-3.18.x86_64.rpm b8ddc0217f0acf89d4277c98b10a9df6 php-domxml-4.3.9-3.18.x86_64.rpm 1d13b3c8637289653513988fa2bd9443 php-gd-4.3.9-3.18.x86_64.rpm 33bcb360867cc0f9cb1c679664e50059 php-imap-4.3.9-3.18.x86_64.rpm aca2a7d80b9c033ea5a764bc19f46d38 php-ldap-4.3.9-3.18.x86_64.rpm 5d686cec2458684fbbeead0dcb911424 php-mbstring-4.3.9-3.18.x86_64.rpm 8cb28de259e9c9113c6f5d34077e06a7 php-mysql-4.3.9-3.18.x86_64.rpm dfe9cd735d83d6571e7a399b907b89cb php-ncurses-4.3.9-3.18.x86_64.rpm adb0b906aa5af0b69757c7ed742bbab0 php-odbc-4.3.9-3.18.x86_64.rpm 1dc8dd840616bad191d89e420ac493cf php-pear-4.3.9-3.18.x86_64.rpm c0a2948cab88cdb3c6c74bb57753c085 php-pgsql-4.3.9-3.18.x86_64.rpm 6fd6b151c3b3686e49982d26b46c35cf php-snmp-4.3.9-3.18.x86_64.rpm eda01d5df9ed097784cd32d08b490cd2 php-xmlrpc-4.3.9-3.18.x86_64.rpm 0439e6f3fe324be0705e9aa660268df6 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-36.ent.src.rpm edff44ef2d5fc36ab6900bba1120e068 IA-32: php-4.3.2-36.ent.i386.rpm 584ed6c5ab8b79ecab9dd19d60912977 php-devel-4.3.2-36.ent.i386.rpm dedd72857ff105df8080240a42dfacbb php-imap-4.3.2-36.ent.i386.rpm 63923c12457a2602f285b5a80b721b2a php-ldap-4.3.2-36.ent.i386.rpm 00990be4b10108922514cb1cd1352ed7 php-mysql-4.3.2-36.ent.i386.rpm 9515272828c140cf6c8f16e03892a754 php-odbc-4.3.2-36.ent.i386.rpm ea38b76f0832ae1513462da3859a0f10 php-pgsql-4.3.2-36.ent.i386.rpm 2336166a7a28071d1c5b54732baafd6f IA-64: php-4.3.2-36.ent.ia64.rpm 6f144c3cec4dc0c9b86110564fcc5c9d php-devel-4.3.2-36.ent.ia64.rpm 7dbcce0b93ec90a0f9bf26266ea03005 php-imap-4.3.2-36.ent.ia64.rpm b7f3d137a2c6f684ec40c5db2e545649 php-ldap-4.3.2-36.ent.ia64.rpm ab1a38e08f2b98f6228e6a5a7dd4dd5d php-mysql-4.3.2-36.ent.ia64.rpm 7112738d86235698f81c87a3b6c8560d php-odbc-4.3.2-36.ent.ia64.rpm dea0a87e0271ffffc17ab399f4dafdcb php-pgsql-4.3.2-36.ent.ia64.rpm f1a5c80ff7abd140f46dea132b035eb7 PPC: php-4.3.2-36.ent.ppc.rpm cbb9258b0fb1342e9aaf924b2438a33d php-devel-4.3.2-36.ent.ppc.rpm 58703fc6b96540a32d6477f23d2b3f7e php-imap-4.3.2-36.ent.ppc.rpm 2b477ce3471b043d111e7b9a0e22064d php-ldap-4.3.2-36.ent.ppc.rpm f8361d2a9b03632eaa7065ed6941f331 php-mysql-4.3.2-36.ent.ppc.rpm fdee67c3130764f62ea42f99610c3003 php-odbc-4.3.2-36.ent.ppc.rpm da6e768f139e9e2b348ace754bb7f034 php-pgsql-4.3.2-36.ent.ppc.rpm eb7fda112c9fad1b4241f6a97154b525 s390: php-4.3.2-36.ent.s390.rpm 848f7188171002b39aa48be3f4d022e9 php-devel-4.3.2-36.ent.s390.rpm 744acd8d458f6ff29b1089a6378cef74 php-imap-4.3.2-36.ent.s390.rpm 2136e1f3ed3d630c5fff0d4fe6f770e3 php-ldap-4.3.2-36.ent.s390.rpm c165e7f225beb30e85b4b26d33b2e4f3 php-mysql-4.3.2-36.ent.s390.rpm 2ec51a35ce18bd174eeda3e7bef4c4ac php-odbc-4.3.2-36.ent.s390.rpm d4c41ddbef89597a147126d2a76f1bf8 php-pgsql-4.3.2-36.ent.s390.rpm 969e01ee5bc227252166d3a57492157c s390x: php-4.3.2-36.ent.s390x.rpm e701450dc668a270f87b8cc007ed96e4 php-devel-4.3.2-36.ent.s390x.rpm c87c637224dc99eda797ab098ae63a7f php-imap-4.3.2-36.ent.s390x.rpm a45224aff57eea4694393293aab65fce php-ldap-4.3.2-36.ent.s390x.rpm a682e7e64b8b4f3501f1b08f7f55d048 php-mysql-4.3.2-36.ent.s390x.rpm 2835bdb0892dc7da5a54963bddafbd44 php-odbc-4.3.2-36.ent.s390x.rpm 20952a6384917ea3dea0fc9455ec3c19 php-pgsql-4.3.2-36.ent.s390x.rpm d6bcfb1addc21005a597042e1f39d6b7 x86_64: php-4.3.2-36.ent.x86_64.rpm 01e1ea894379472928e8ad77b6312dda php-devel-4.3.2-36.ent.x86_64.rpm 36457735cbcb22ffaa2997618ef01982 php-imap-4.3.2-36.ent.x86_64.rpm 3254378cfd946649559dd22bf1b8886a php-ldap-4.3.2-36.ent.x86_64.rpm 726deefb3f99de5ecaa17f7919305267 php-mysql-4.3.2-36.ent.x86_64.rpm 7f49b8046b8d9c7ab07e1a379da6f4aa php-odbc-4.3.2-36.ent.x86_64.rpm 73f464716cc6ac85942a0fc746ff3d9d php-pgsql-4.3.2-36.ent.x86_64.rpm 9642d324af0024e37c3bf587930699b2 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.18.src.rpm b0e97438a543ea87ed285962380fcd93 IA-32: php-4.3.9-3.18.i386.rpm c601af250ee6f6738dfa13d0faf112c0 php-devel-4.3.9-3.18.i386.rpm 7ff530e4092d7e5b3e895ac65d29a043 php-domxml-4.3.9-3.18.i386.rpm 94a28fa94ca9a47ca385147f472d0216 php-gd-4.3.9-3.18.i386.rpm b52c12634bdacabf030f7921d63ebe62 php-imap-4.3.9-3.18.i386.rpm cf05f81490b34c5b57d41c3e09bbec7f php-ldap-4.3.9-3.18.i386.rpm c893fcba04c16ed2765e74d07aba4c55 php-mbstring-4.3.9-3.18.i386.rpm c1c9fb687d314f657dbd0fbbfedee34e php-mysql-4.3.9-3.18.i386.rpm 386fd6501b8b520174d3c430a4e3987b php-ncurses-4.3.9-3.18.i386.rpm cbda257ea5187d279bc3dc26fa190c5e php-odbc-4.3.9-3.18.i386.rpm aff73f88a3832958486189594c3bffb5 php-pear-4.3.9-3.18.i386.rpm 3faa1ecd7108b2e16ee70ef8d8a5f91e php-pgsql-4.3.9-3.18.i386.rpm de56134ca623e18cf42bf170a6cc2409 php-snmp-4.3.9-3.18.i386.rpm 16f8501f638d3b8d6a58aadc6a246c71 php-xmlrpc-4.3.9-3.18.i386.rpm a7e316ff5c7d7671e3377d4374d2455d IA-64: php-4.3.9-3.18.ia64.rpm 2cadc8918165b1ba84a72ea301b49bc4 php-devel-4.3.9-3.18.ia64.rpm 696472f36b03dd70a417ec242b800923 php-domxml-4.3.9-3.18.ia64.rpm 6c5867f9be1ab4d943638fefc4a3d6cf php-gd-4.3.9-3.18.ia64.rpm e6ecacc8e608e01f61c8c260fc449bb1 php-imap-4.3.9-3.18.ia64.rpm fbe8c9e2f8ca997736b35ef6e5bb609c php-ldap-4.3.9-3.18.ia64.rpm 5a0d48e7a2c5502586d9289a4917ee95 php-mbstring-4.3.9-3.18.ia64.rpm 17ef08f65cb35cc93dac9da69b2c94ea php-mysql-4.3.9-3.18.ia64.rpm 838785128f1db1d646182a98ba92b0f0 php-ncurses-4.3.9-3.18.ia64.rpm 4a293b6b93f23bb928e79b3d248aab79 php-odbc-4.3.9-3.18.ia64.rpm 186131f2fac06b90f17263f0dc56a024 php-pear-4.3.9-3.18.ia64.rpm 0d1ad15c59a2da36839044e5e552b9d5 php-pgsql-4.3.9-3.18.ia64.rpm c46c20b9647e05a3e6d840e9438dcd9c php-snmp-4.3.9-3.18.ia64.rpm dc3ec6e7f5cd5299d435a4eae0b4ab8f php-xmlrpc-4.3.9-3.18.ia64.rpm 28155b4411d66e5fbe03ef6a22293fe6 PPC: php-4.3.9-3.18.ppc.rpm 69d9c645491b5eecca01bb173f5436a5 php-devel-4.3.9-3.18.ppc.rpm 821fd6559a2986fcbe53f184359336ed php-domxml-4.3.9-3.18.ppc.rpm 4ff188fd5e3ae3dd5873e07220ab8848 php-gd-4.3.9-3.18.ppc.rpm ca54ca7c8ce65e3bd8a3cbc098cb73e8 php-imap-4.3.9-3.18.ppc.rpm f217202ca4bca9c05a419c9a412fa659 php-ldap-4.3.9-3.18.ppc.rpm a8ca675f316fb526c9c1e9e2499af7a3 php-mbstring-4.3.9-3.18.ppc.rpm 3f81b1b771e99993079f361bca10080c php-mysql-4.3.9-3.18.ppc.rpm 36ad7391078b0a29bb0b6f43e3c8876a php-ncurses-4.3.9-3.18.ppc.rpm 47e7100be96862f7c140ac06e2e84d6f php-odbc-4.3.9-3.18.ppc.rpm e68bfc1ec28549e22453aec05f5c7fea php-pear-4.3.9-3.18.ppc.rpm 15e37e1466e8e077663394281d0518dc php-pgsql-4.3.9-3.18.ppc.rpm c86700b1233743db8c6d329335be4185 php-snmp-4.3.9-3.18.ppc.rpm 4fb408bfc91782e2a1497e7e83513767 php-xmlrpc-4.3.9-3.18.ppc.rpm b528703a97c444450f837e59b554f110 s390: php-4.3.9-3.18.s390.rpm d153a47487dc4ae3156bb99606d0cffe php-devel-4.3.9-3.18.s390.rpm c50f2c6e87f24be47aff12cc7214bd31 php-domxml-4.3.9-3.18.s390.rpm 9b3d7963d637b1d2d509789b72e66b5b php-gd-4.3.9-3.18.s390.rpm 520cfd44dac93f550f81866073d3092c php-imap-4.3.9-3.18.s390.rpm 00b503a1db6d593cdcc33eff92481bda php-ldap-4.3.9-3.18.s390.rpm edf5fad5a3855e631e3b9753d76149c1 php-mbstring-4.3.9-3.18.s390.rpm cac736ed72f8554dbcbedb31b754270e php-mysql-4.3.9-3.18.s390.rpm ab6f21122baebb430e5deab889c810b6 php-ncurses-4.3.9-3.18.s390.rpm 84846eac28c6b85d5764faedefd3894a php-odbc-4.3.9-3.18.s390.rpm 1556548e1c190b7f68f567579462522f php-pear-4.3.9-3.18.s390.rpm 540a21ddcd441f1c9781c7dbf6299476 php-pgsql-4.3.9-3.18.s390.rpm bb9685ae6c57191075fb811dbc6463f0 php-snmp-4.3.9-3.18.s390.rpm 427fb1bca153b8e485f23dd5b16b5884 php-xmlrpc-4.3.9-3.18.s390.rpm 944edf4de5805da7320a51fba4bf98d9 s390x: php-4.3.9-3.18.s390x.rpm a1363357af316b2d1e8e6731b31a98ff php-devel-4.3.9-3.18.s390x.rpm b7104cee4fd8f1b3a2913adff31b647b php-domxml-4.3.9-3.18.s390x.rpm 9a4818fce58eacb0acdaecd760f956bb php-gd-4.3.9-3.18.s390x.rpm bf2ee6b73d8d7e3884ace5671dd1c960 php-imap-4.3.9-3.18.s390x.rpm f27e1264c985a6f200e3a28b504ac78b php-ldap-4.3.9-3.18.s390x.rpm 6e6adbcaa97da201434dcd6e440c1d59 php-mbstring-4.3.9-3.18.s390x.rpm 27d36dc7dcad7aa3b9f168965a3b94b7 php-mysql-4.3.9-3.18.s390x.rpm 10fd90a62e9ab4d14e134c48a05ee323 php-ncurses-4.3.9-3.18.s390x.rpm 9f295d143c76054bf70baa8ee52a7658 php-odbc-4.3.9-3.18.s390x.rpm 11a95106ffb0ab93fe5787c9860fccd2 php-pear-4.3.9-3.18.s390x.rpm 8c81abde11a8972bf271e90508bc84a9 php-pgsql-4.3.9-3.18.s390x.rpm 87fbcd5426bcab269407fe23388bc14d php-snmp-4.3.9-3.18.s390x.rpm 6e45bfde11843773a4cb355f6ecd0816 php-xmlrpc-4.3.9-3.18.s390x.rpm 6da1a154af4edd3e1562ff1464b203b8 x86_64: php-4.3.9-3.18.x86_64.rpm e097d0cebff30cf30f38bfdb6ec584ef php-devel-4.3.9-3.18.x86_64.rpm b8ddc0217f0acf89d4277c98b10a9df6 php-domxml-4.3.9-3.18.x86_64.rpm 1d13b3c8637289653513988fa2bd9443 php-gd-4.3.9-3.18.x86_64.rpm 33bcb360867cc0f9cb1c679664e50059 php-imap-4.3.9-3.18.x86_64.rpm aca2a7d80b9c033ea5a764bc19f46d38 php-ldap-4.3.9-3.18.x86_64.rpm 5d686cec2458684fbbeead0dcb911424 php-mbstring-4.3.9-3.18.x86_64.rpm 8cb28de259e9c9113c6f5d34077e06a7 php-mysql-4.3.9-3.18.x86_64.rpm dfe9cd735d83d6571e7a399b907b89cb php-ncurses-4.3.9-3.18.x86_64.rpm adb0b906aa5af0b69757c7ed742bbab0 php-odbc-4.3.9-3.18.x86_64.rpm 1dc8dd840616bad191d89e420ac493cf php-pear-4.3.9-3.18.x86_64.rpm c0a2948cab88cdb3c6c74bb57753c085 php-pgsql-4.3.9-3.18.x86_64.rpm 6fd6b151c3b3686e49982d26b46c35cf php-snmp-4.3.9-3.18.x86_64.rpm eda01d5df9ed097784cd32d08b490cd2 php-xmlrpc-4.3.9-3.18.x86_64.rpm 0439e6f3fe324be0705e9aa660268df6 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-36.ent.src.rpm edff44ef2d5fc36ab6900bba1120e068 IA-32: php-4.3.2-36.ent.i386.rpm 584ed6c5ab8b79ecab9dd19d60912977 php-devel-4.3.2-36.ent.i386.rpm dedd72857ff105df8080240a42dfacbb php-imap-4.3.2-36.ent.i386.rpm 63923c12457a2602f285b5a80b721b2a php-ldap-4.3.2-36.ent.i386.rpm 00990be4b10108922514cb1cd1352ed7 php-mysql-4.3.2-36.ent.i386.rpm 9515272828c140cf6c8f16e03892a754 php-odbc-4.3.2-36.ent.i386.rpm ea38b76f0832ae1513462da3859a0f10 php-pgsql-4.3.2-36.ent.i386.rpm 2336166a7a28071d1c5b54732baafd6f IA-64: php-4.3.2-36.ent.ia64.rpm 6f144c3cec4dc0c9b86110564fcc5c9d php-devel-4.3.2-36.ent.ia64.rpm 7dbcce0b93ec90a0f9bf26266ea03005 php-imap-4.3.2-36.ent.ia64.rpm b7f3d137a2c6f684ec40c5db2e545649 php-ldap-4.3.2-36.ent.ia64.rpm ab1a38e08f2b98f6228e6a5a7dd4dd5d php-mysql-4.3.2-36.ent.ia64.rpm 7112738d86235698f81c87a3b6c8560d php-odbc-4.3.2-36.ent.ia64.rpm dea0a87e0271ffffc17ab399f4dafdcb php-pgsql-4.3.2-36.ent.ia64.rpm f1a5c80ff7abd140f46dea132b035eb7 x86_64: php-4.3.2-36.ent.x86_64.rpm 01e1ea894379472928e8ad77b6312dda php-devel-4.3.2-36.ent.x86_64.rpm 36457735cbcb22ffaa2997618ef01982 php-imap-4.3.2-36.ent.x86_64.rpm 3254378cfd946649559dd22bf1b8886a php-ldap-4.3.2-36.ent.x86_64.rpm 726deefb3f99de5ecaa17f7919305267 php-mysql-4.3.2-36.ent.x86_64.rpm 7f49b8046b8d9c7ab07e1a379da6f4aa php-odbc-4.3.2-36.ent.x86_64.rpm 73f464716cc6ac85942a0fc746ff3d9d php-pgsql-4.3.2-36.ent.x86_64.rpm 9642d324af0024e37c3bf587930699b2 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.18.src.rpm b0e97438a543ea87ed285962380fcd93 IA-32: php-4.3.9-3.18.i386.rpm c601af250ee6f6738dfa13d0faf112c0 php-devel-4.3.9-3.18.i386.rpm 7ff530e4092d7e5b3e895ac65d29a043 php-domxml-4.3.9-3.18.i386.rpm 94a28fa94ca9a47ca385147f472d0216 php-gd-4.3.9-3.18.i386.rpm b52c12634bdacabf030f7921d63ebe62 php-imap-4.3.9-3.18.i386.rpm cf05f81490b34c5b57d41c3e09bbec7f php-ldap-4.3.9-3.18.i386.rpm c893fcba04c16ed2765e74d07aba4c55 php-mbstring-4.3.9-3.18.i386.rpm c1c9fb687d314f657dbd0fbbfedee34e php-mysql-4.3.9-3.18.i386.rpm 386fd6501b8b520174d3c430a4e3987b php-ncurses-4.3.9-3.18.i386.rpm cbda257ea5187d279bc3dc26fa190c5e php-odbc-4.3.9-3.18.i386.rpm aff73f88a3832958486189594c3bffb5 php-pear-4.3.9-3.18.i386.rpm 3faa1ecd7108b2e16ee70ef8d8a5f91e php-pgsql-4.3.9-3.18.i386.rpm de56134ca623e18cf42bf170a6cc2409 php-snmp-4.3.9-3.18.i386.rpm 16f8501f638d3b8d6a58aadc6a246c71 php-xmlrpc-4.3.9-3.18.i386.rpm a7e316ff5c7d7671e3377d4374d2455d IA-64: php-4.3.9-3.18.ia64.rpm 2cadc8918165b1ba84a72ea301b49bc4 php-devel-4.3.9-3.18.ia64.rpm 696472f36b03dd70a417ec242b800923 php-domxml-4.3.9-3.18.ia64.rpm 6c5867f9be1ab4d943638fefc4a3d6cf php-gd-4.3.9-3.18.ia64.rpm e6ecacc8e608e01f61c8c260fc449bb1 php-imap-4.3.9-3.18.ia64.rpm fbe8c9e2f8ca997736b35ef6e5bb609c php-ldap-4.3.9-3.18.ia64.rpm 5a0d48e7a2c5502586d9289a4917ee95 php-mbstring-4.3.9-3.18.ia64.rpm 17ef08f65cb35cc93dac9da69b2c94ea php-mysql-4.3.9-3.18.ia64.rpm 838785128f1db1d646182a98ba92b0f0 php-ncurses-4.3.9-3.18.ia64.rpm 4a293b6b93f23bb928e79b3d248aab79 php-odbc-4.3.9-3.18.ia64.rpm 186131f2fac06b90f17263f0dc56a024 php-pear-4.3.9-3.18.ia64.rpm 0d1ad15c59a2da36839044e5e552b9d5 php-pgsql-4.3.9-3.18.ia64.rpm c46c20b9647e05a3e6d840e9438dcd9c php-snmp-4.3.9-3.18.ia64.rpm dc3ec6e7f5cd5299d435a4eae0b4ab8f php-xmlrpc-4.3.9-3.18.ia64.rpm 28155b4411d66e5fbe03ef6a22293fe6 x86_64: php-4.3.9-3.18.x86_64.rpm e097d0cebff30cf30f38bfdb6ec584ef php-devel-4.3.9-3.18.x86_64.rpm b8ddc0217f0acf89d4277c98b10a9df6 php-domxml-4.3.9-3.18.x86_64.rpm 1d13b3c8637289653513988fa2bd9443 php-gd-4.3.9-3.18.x86_64.rpm 33bcb360867cc0f9cb1c679664e50059 php-imap-4.3.9-3.18.x86_64.rpm aca2a7d80b9c033ea5a764bc19f46d38 php-ldap-4.3.9-3.18.x86_64.rpm 5d686cec2458684fbbeead0dcb911424 php-mbstring-4.3.9-3.18.x86_64.rpm 8cb28de259e9c9113c6f5d34077e06a7 php-mysql-4.3.9-3.18.x86_64.rpm dfe9cd735d83d6571e7a399b907b89cb php-ncurses-4.3.9-3.18.x86_64.rpm adb0b906aa5af0b69757c7ed742bbab0 php-odbc-4.3.9-3.18.x86_64.rpm 1dc8dd840616bad191d89e420ac493cf php-pear-4.3.9-3.18.x86_64.rpm c0a2948cab88cdb3c6c74bb57753c085 php-pgsql-4.3.9-3.18.x86_64.rpm 6fd6b151c3b3686e49982d26b46c35cf php-snmp-4.3.9-3.18.x86_64.rpm eda01d5df9ed097784cd32d08b490cd2 php-xmlrpc-4.3.9-3.18.x86_64.rpm 0439e6f3fe324be0705e9aa660268df6 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-36.ent.src.rpm edff44ef2d5fc36ab6900bba1120e068 IA-32: php-4.3.2-36.ent.i386.rpm 584ed6c5ab8b79ecab9dd19d60912977 php-devel-4.3.2-36.ent.i386.rpm dedd72857ff105df8080240a42dfacbb php-imap-4.3.2-36.ent.i386.rpm 63923c12457a2602f285b5a80b721b2a php-ldap-4.3.2-36.ent.i386.rpm 00990be4b10108922514cb1cd1352ed7 php-mysql-4.3.2-36.ent.i386.rpm 9515272828c140cf6c8f16e03892a754 php-odbc-4.3.2-36.ent.i386.rpm ea38b76f0832ae1513462da3859a0f10 php-pgsql-4.3.2-36.ent.i386.rpm 2336166a7a28071d1c5b54732baafd6f IA-64: php-4.3.2-36.ent.ia64.rpm 6f144c3cec4dc0c9b86110564fcc5c9d php-devel-4.3.2-36.ent.ia64.rpm 7dbcce0b93ec90a0f9bf26266ea03005 php-imap-4.3.2-36.ent.ia64.rpm b7f3d137a2c6f684ec40c5db2e545649 php-ldap-4.3.2-36.ent.ia64.rpm ab1a38e08f2b98f6228e6a5a7dd4dd5d php-mysql-4.3.2-36.ent.ia64.rpm 7112738d86235698f81c87a3b6c8560d php-odbc-4.3.2-36.ent.ia64.rpm dea0a87e0271ffffc17ab399f4dafdcb php-pgsql-4.3.2-36.ent.ia64.rpm f1a5c80ff7abd140f46dea132b035eb7 x86_64: php-4.3.2-36.ent.x86_64.rpm 01e1ea894379472928e8ad77b6312dda php-devel-4.3.2-36.ent.x86_64.rpm 36457735cbcb22ffaa2997618ef01982 php-imap-4.3.2-36.ent.x86_64.rpm 3254378cfd946649559dd22bf1b8886a php-ldap-4.3.2-36.ent.x86_64.rpm 726deefb3f99de5ecaa17f7919305267 php-mysql-4.3.2-36.ent.x86_64.rpm 7f49b8046b8d9c7ab07e1a379da6f4aa php-odbc-4.3.2-36.ent.x86_64.rpm 73f464716cc6ac85942a0fc746ff3d9d php-pgsql-4.3.2-36.ent.x86_64.rpm 9642d324af0024e37c3bf587930699b2 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.18.src.rpm b0e97438a543ea87ed285962380fcd93 IA-32: php-4.3.9-3.18.i386.rpm c601af250ee6f6738dfa13d0faf112c0 php-devel-4.3.9-3.18.i386.rpm 7ff530e4092d7e5b3e895ac65d29a043 php-domxml-4.3.9-3.18.i386.rpm 94a28fa94ca9a47ca385147f472d0216 php-gd-4.3.9-3.18.i386.rpm b52c12634bdacabf030f7921d63ebe62 php-imap-4.3.9-3.18.i386.rpm cf05f81490b34c5b57d41c3e09bbec7f php-ldap-4.3.9-3.18.i386.rpm c893fcba04c16ed2765e74d07aba4c55 php-mbstring-4.3.9-3.18.i386.rpm c1c9fb687d314f657dbd0fbbfedee34e php-mysql-4.3.9-3.18.i386.rpm 386fd6501b8b520174d3c430a4e3987b php-ncurses-4.3.9-3.18.i386.rpm cbda257ea5187d279bc3dc26fa190c5e php-odbc-4.3.9-3.18.i386.rpm aff73f88a3832958486189594c3bffb5 php-pear-4.3.9-3.18.i386.rpm 3faa1ecd7108b2e16ee70ef8d8a5f91e php-pgsql-4.3.9-3.18.i386.rpm de56134ca623e18cf42bf170a6cc2409 php-snmp-4.3.9-3.18.i386.rpm 16f8501f638d3b8d6a58aadc6a246c71 php-xmlrpc-4.3.9-3.18.i386.rpm a7e316ff5c7d7671e3377d4374d2455d IA-64: php-4.3.9-3.18.ia64.rpm 2cadc8918165b1ba84a72ea301b49bc4 php-devel-4.3.9-3.18.ia64.rpm 696472f36b03dd70a417ec242b800923 php-domxml-4.3.9-3.18.ia64.rpm 6c5867f9be1ab4d943638fefc4a3d6cf php-gd-4.3.9-3.18.ia64.rpm e6ecacc8e608e01f61c8c260fc449bb1 php-imap-4.3.9-3.18.ia64.rpm fbe8c9e2f8ca997736b35ef6e5bb609c php-ldap-4.3.9-3.18.ia64.rpm 5a0d48e7a2c5502586d9289a4917ee95 php-mbstring-4.3.9-3.18.ia64.rpm 17ef08f65cb35cc93dac9da69b2c94ea php-mysql-4.3.9-3.18.ia64.rpm 838785128f1db1d646182a98ba92b0f0 php-ncurses-4.3.9-3.18.ia64.rpm 4a293b6b93f23bb928e79b3d248aab79 php-odbc-4.3.9-3.18.ia64.rpm 186131f2fac06b90f17263f0dc56a024 php-pear-4.3.9-3.18.ia64.rpm 0d1ad15c59a2da36839044e5e552b9d5 php-pgsql-4.3.9-3.18.ia64.rpm c46c20b9647e05a3e6d840e9438dcd9c php-snmp-4.3.9-3.18.ia64.rpm dc3ec6e7f5cd5299d435a4eae0b4ab8f php-xmlrpc-4.3.9-3.18.ia64.rpm 28155b4411d66e5fbe03ef6a22293fe6 x86_64: php-4.3.9-3.18.x86_64.rpm e097d0cebff30cf30f38bfdb6ec584ef php-devel-4.3.9-3.18.x86_64.rpm b8ddc0217f0acf89d4277c98b10a9df6 php-domxml-4.3.9-3.18.x86_64.rpm 1d13b3c8637289653513988fa2bd9443 php-gd-4.3.9-3.18.x86_64.rpm 33bcb360867cc0f9cb1c679664e50059 php-imap-4.3.9-3.18.x86_64.rpm aca2a7d80b9c033ea5a764bc19f46d38 php-ldap-4.3.9-3.18.x86_64.rpm 5d686cec2458684fbbeead0dcb911424 php-mbstring-4.3.9-3.18.x86_64.rpm 8cb28de259e9c9113c6f5d34077e06a7 php-mysql-4.3.9-3.18.x86_64.rpm dfe9cd735d83d6571e7a399b907b89cb php-ncurses-4.3.9-3.18.x86_64.rpm adb0b906aa5af0b69757c7ed742bbab0 php-odbc-4.3.9-3.18.x86_64.rpm 1dc8dd840616bad191d89e420ac493cf php-pear-4.3.9-3.18.x86_64.rpm c0a2948cab88cdb3c6c74bb57753c085 php-pgsql-4.3.9-3.18.x86_64.rpm 6fd6b151c3b3686e49982d26b46c35cf php-snmp-4.3.9-3.18.x86_64.rpm eda01d5df9ed097784cd32d08b490cd2 php-xmlrpc-4.3.9-3.18.x86_64.rpm 0439e6f3fe324be0705e9aa660268df6 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 201766 - CVE-2006-4020 PHP buffer overread flaw 204993 - CVE-2006-4482 PHP heap overflow 205714 - metaphone() function causing Apache segfaults 206664 - CVE-2006-4486 PHP integer overflows in Zend 206956 - CVE-2006-4484 PHP heap overflow in LWZReadByte 206959 - CVE-2006-3016 PHP session ID validation References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0669-12 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-311: Vulnerability in Pragmatic General Multicast (PGM) Q-312: Vulnerability in Indexing Service Q-313: Flash-Plugin Security Update Q-314: QuickTime 7.1.3 Q-315: isakmpd - Programming Error Q-316: HP OpenView Operations Q-317: Firefox Security Update Q-318: Usermin Programming Error Q-319: Gzip Security Update Q-320: Vulnerability in Vector Markup Language