__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN PHP Security Update [Red Hat RHSA-2006:0730-6] November 7, 2006 17:00 GMT Number R-030 [REVISED 14 Nov 2006] [REVISED 01 Dec 2006] [REVISED 2 May 2007] ______________________________________________________________________________ PROBLEM: An overflow in the PHP htmlentities() and htmlspecialchars() routines. PLATFORM: Red Hat Desktop (v. 3 & v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, and v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router and Branch Routers CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution Engine Express (WLSX) Cisco Unified Application Environment Hosting Solution Engine/Hosting Solution Software DAMAGE: A remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is LOW. A remote attacker sending a carefully crafted ASSESSMENT: request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-030.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0730-6 https://rhn.redhat.com/errata/RHSA-2006-0730.html ADDITIONAL LINKS: Debian Security Advisory 1206-1 http://www.debian.org/security/2006/dsa-1206 Symantec Security Advisory SYM06-023 http://securityresponse.symantec.com/avcenter/security/ Content/2006.11.28.html Cisco Document ID: 82377 http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 ______________________________________________________________________________ REVISION HISTORY: 11/14/2006 - added a link to Debian Security Advisory 1206-1 12/01/2006 - added a link to Symantec Security Advisory SYM06-023 05/02/2007 - revised R-030 to add a link to Cisco Document ID: 82377 for Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router and Branch Routers; CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution Engine Express (WLSX); Cisco Unified Application Environment; and Hosting Solution Engine/Hosting Solution Software. [***** Start Red Hat RHSA-2006:0730-6 *****] Important: php security update Advisory: RHSA-2006:0730-6 Type: Security Advisory Issued on: 2006-11-06 Last updated on: 2006-11-06 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-5465 Details Updated PHP packages that fix a security issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465) Users of PHP should upgrade to these updated packages which contain a backported patch to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd IA-32: php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1 php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137 php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31 php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2 php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9 php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843 php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e x86_64: php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8 php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656 php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4 php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4 php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943 php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b IA-32: php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485 php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37 php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7 php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8 php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7 php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146 php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1 php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181 php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea x86_64: php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062 php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83 php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334 php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583 php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01 php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429 php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31 php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195 php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5 php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59 php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649 IA-32: php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3 php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54 php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9 php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2 php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46 php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916 php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1 php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157 IA-64: php-4.1.2-2.13.ia64.rpm 5aecc913b9c48d8d44416b0ce068579f php-devel-4.1.2-2.13.ia64.rpm 934d8d93821fbcfba027b749848f6fc8 php-imap-4.1.2-2.13.ia64.rpm be0500ad21a8d4fc2e529b1dd261666a php-ldap-4.1.2-2.13.ia64.rpm 6f50842d9fcc32881c8786e81be19d5d php-manual-4.1.2-2.13.ia64.rpm 364fc84f6e69022284be68ce0ee16d10 php-mysql-4.1.2-2.13.ia64.rpm e6876036d08dd986fca2ab1b68782291 php-odbc-4.1.2-2.13.ia64.rpm 3b8f6512859a333fe87adaa4386418b1 php-pgsql-4.1.2-2.13.ia64.rpm 2920f1d9bdf41cd81d4c2ad23aad83ed Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd IA-32: php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1 php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137 php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31 php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2 php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9 php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843 php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e IA-64: php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5 php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952 php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162 php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a PPC: php-4.3.2-37.ent.ppc.rpm 32341e761513c4e7c561588696a33390 php-devel-4.3.2-37.ent.ppc.rpm 41439d3dfffe25a3ecb543d121b7b5fb php-imap-4.3.2-37.ent.ppc.rpm e666c1b9d1b19623e7830d79914ea360 php-ldap-4.3.2-37.ent.ppc.rpm 5aa29c738987082875d6b3d5921ef139 php-mysql-4.3.2-37.ent.ppc.rpm a6a6f04669ea946c8903ae32da99eefb php-odbc-4.3.2-37.ent.ppc.rpm 08ba70215f98bbbf325796533509cb17 php-pgsql-4.3.2-37.ent.ppc.rpm 4eb54a995bbbde37e00f4a458dd08d59 s390: php-4.3.2-37.ent.s390.rpm b7dce85ce8d6de774f2d726fbd39c0b3 php-devel-4.3.2-37.ent.s390.rpm 424e8521d42ea03de8522e5992564c17 php-imap-4.3.2-37.ent.s390.rpm 4d70c94d77b50975d613b90070dd2dfd php-ldap-4.3.2-37.ent.s390.rpm d95ff2d5f0c05a2241dd9a16a6585d02 php-mysql-4.3.2-37.ent.s390.rpm 4c840608d683363255f681c20abce684 php-odbc-4.3.2-37.ent.s390.rpm 6a30b0102456cd2c312bb390daac6beb php-pgsql-4.3.2-37.ent.s390.rpm 2b8f300a8a813eb5166b7be65d9489eb s390x: php-4.3.2-37.ent.s390x.rpm 1c3a580780f3fc679ac5cde6419d75e5 php-devel-4.3.2-37.ent.s390x.rpm 3de7ac5bb00d2576cdb00493fd98dca5 php-imap-4.3.2-37.ent.s390x.rpm 19c461115dfd50a702a4b4b7d3065c7f php-ldap-4.3.2-37.ent.s390x.rpm e6ca295757e0f9bf6257be3d1a60dd5e php-mysql-4.3.2-37.ent.s390x.rpm b8298c9bf26182b719ad93b3bbc13133 php-odbc-4.3.2-37.ent.s390x.rpm 2cb1a097de23ff200dc776cc17dc5db8 php-pgsql-4.3.2-37.ent.s390x.rpm 2b8b1c294a84d5181b9a9b0396ade01f x86_64: php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8 php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656 php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4 php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4 php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943 php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b IA-32: php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485 php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37 php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7 php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8 php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7 php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146 php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1 php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181 php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea IA-64: php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88 php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464 php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071 php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207 php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84 php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48 php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3 php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205 php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab PPC: php-4.3.9-3.22.ppc.rpm 4a6f50b1976da77625ff49148dfe36c9 php-devel-4.3.9-3.22.ppc.rpm 6a014883141733553e29db04763a003f php-domxml-4.3.9-3.22.ppc.rpm ab4305b7e93406579da1cd4b088b07b1 php-gd-4.3.9-3.22.ppc.rpm 4dcfec3009bf8d49f576caa3d1df7774 php-imap-4.3.9-3.22.ppc.rpm bbc85fffcaa160bc4baf59629083a635 php-ldap-4.3.9-3.22.ppc.rpm 5a4bfad6607cb7575cd707bf33632c11 php-mbstring-4.3.9-3.22.ppc.rpm 22db575cd6fa588e404444e1c6b634a1 php-mysql-4.3.9-3.22.ppc.rpm a5f6fa585f9effbbb3462c162b6384f1 php-ncurses-4.3.9-3.22.ppc.rpm 0515cc0ce832ba525f9db6c6655f5249 php-odbc-4.3.9-3.22.ppc.rpm c910f7d713d59048b8f09ffd0a2d00b5 php-pear-4.3.9-3.22.ppc.rpm 15a5ab877d293f455bc24f8fe38295e0 php-pgsql-4.3.9-3.22.ppc.rpm 6c6b6ce80a13a26576ac28bc6089e3cc php-snmp-4.3.9-3.22.ppc.rpm 1d8381e7ad0fd3fc08a6f9854b78fb24 php-xmlrpc-4.3.9-3.22.ppc.rpm fbb219e9070995cd0227e22dd5a3b201 s390: php-4.3.9-3.22.s390.rpm 3e890a00f021dd446a901da6ffbd0477 php-devel-4.3.9-3.22.s390.rpm 5776efcef1ba11f6a233cc5535e1e7e7 php-domxml-4.3.9-3.22.s390.rpm d6e2d1623b3ed8bb12c9c944f2057492 php-gd-4.3.9-3.22.s390.rpm 442d02226344d23b33eba2b2945857ef php-imap-4.3.9-3.22.s390.rpm 3140343b3520cbc63cb02794a24da729 php-ldap-4.3.9-3.22.s390.rpm 0d356ed6063e17dc4db3aad86d27e4f3 php-mbstring-4.3.9-3.22.s390.rpm c8f9699f1ce731fbd9450afbd007277b php-mysql-4.3.9-3.22.s390.rpm 5924e726c40e193b49a9aa0df0f9a911 php-ncurses-4.3.9-3.22.s390.rpm a24057258cbd22f170bd95d78636a3c4 php-odbc-4.3.9-3.22.s390.rpm c43ae48eaff59d62ffac6f24af7c6e89 php-pear-4.3.9-3.22.s390.rpm 98b3f14a59ef5f93a82316a8e061f0b3 php-pgsql-4.3.9-3.22.s390.rpm 56988e2b64fe1214926699a1b1f4e584 php-snmp-4.3.9-3.22.s390.rpm 8f6417cf96ae37b94c7fad0bd0ed3e2e php-xmlrpc-4.3.9-3.22.s390.rpm 0d4824edceac2aa36b721d7aaf9ca48b s390x: php-4.3.9-3.22.s390x.rpm 1e54f5447beeebf543427fd1b55cd198 php-devel-4.3.9-3.22.s390x.rpm 0d8fed7a3758cdb0564ed92b290c7cae php-domxml-4.3.9-3.22.s390x.rpm 3e5b6d634bef2ad8c686b9655242644f php-gd-4.3.9-3.22.s390x.rpm e0bd9c3c71c79f43ed05e26391bee5ef php-imap-4.3.9-3.22.s390x.rpm 213f8189d2027661ab668f35dc49cd0d php-ldap-4.3.9-3.22.s390x.rpm 48c47b65a3e79cfc6a03609055ce4812 php-mbstring-4.3.9-3.22.s390x.rpm df0cf0dcd6b0c8740798edfb808d9aa6 php-mysql-4.3.9-3.22.s390x.rpm 02710ab88443b4872d71f38008772425 php-ncurses-4.3.9-3.22.s390x.rpm 666e3a3a7769ab8a6de4e3d94a237af7 php-odbc-4.3.9-3.22.s390x.rpm f4b7f3dda711296ddb6e1edd18abb677 php-pear-4.3.9-3.22.s390x.rpm 40066e8b29596dac8d3ad84935bdb79b php-pgsql-4.3.9-3.22.s390x.rpm 6ccde97ec8544fea4945caa02e61ba5e php-snmp-4.3.9-3.22.s390x.rpm ad927ecd2784867b133afb1ae49ee0b2 php-xmlrpc-4.3.9-3.22.s390x.rpm d56db24cc50a1bb6b86d66ef6c040932 x86_64: php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062 php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83 php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334 php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583 php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01 php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429 php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31 php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195 php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5 php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59 php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649 IA-32: php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3 php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54 php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9 php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2 php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46 php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916 php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1 php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd IA-32: php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1 php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137 php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31 php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2 php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9 php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843 php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e IA-64: php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5 php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952 php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162 php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a x86_64: php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8 php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656 php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4 php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4 php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943 php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b IA-32: php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485 php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37 php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7 php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8 php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7 php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146 php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1 php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181 php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea IA-64: php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88 php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464 php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071 php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207 php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84 php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48 php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3 php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205 php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab x86_64: php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062 php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83 php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334 php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583 php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01 php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429 php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31 php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195 php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5 php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59 php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649 IA-32: php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3 php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54 php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9 php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2 php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46 php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916 php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1 php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd IA-32: php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1 php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137 php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31 php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2 php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9 php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843 php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e IA-64: php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5 php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952 php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162 php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a x86_64: php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8 php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656 php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4 php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4 php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943 php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b IA-32: php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485 php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37 php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7 php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8 php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7 php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146 php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1 php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181 php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea IA-64: php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88 php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464 php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071 php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207 php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84 php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48 php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3 php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205 php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab x86_64: php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062 php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83 php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334 php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583 php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01 php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429 php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31 php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195 php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5 php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59 php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649 IA-64: php-4.1.2-2.13.ia64.rpm 5aecc913b9c48d8d44416b0ce068579f php-devel-4.1.2-2.13.ia64.rpm 934d8d93821fbcfba027b749848f6fc8 php-imap-4.1.2-2.13.ia64.rpm be0500ad21a8d4fc2e529b1dd261666a php-ldap-4.1.2-2.13.ia64.rpm 6f50842d9fcc32881c8786e81be19d5d php-manual-4.1.2-2.13.ia64.rpm 364fc84f6e69022284be68ce0ee16d10 php-mysql-4.1.2-2.13.ia64.rpm e6876036d08dd986fca2ab1b68782291 php-odbc-4.1.2-2.13.ia64.rpm 3b8f6512859a333fe87adaa4386418b1 php-pgsql-4.1.2-2.13.ia64.rpm 2920f1d9bdf41cd81d4c2ad23aad83ed (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 213543 - CVE-2006-5465 PHP buffer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 http://www.hardened-php.net/advisory_132006.138.html http://www.redhat.com/security/updates/classification/#important -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0730-6 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-020: HTTP Header Injection Vulnerabilities in the Flash Player Plugin R-021: HP Tru64 UNIX Running dtmail R-022: ClamAV R-023: Python2.4 Buffer Overflow R-024: Symantec Device Driver Elevation of Privilege R-025: Security Vulnerability in Webmail R-026: Webmin Multiple Vulnerabilities R-027: HP NonStop Server Running G06.29 R-028: HP-UX Local Increased Privilege R-029: Vulnerability With Graphics Driver for Solaris 10 and Linux