__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN PHP Security Update [Red Hat RHSA-2007:0890-2] September 20, 2007 20:00 GMT Number R-355 [REVISED 8 Oct 2007] [REVISED 24 Oct 2007] [REVISED 08 Jan 2008] [REVISED 4 Feb 2008] [REVISED 7 May 2008] ______________________________________________________________________________ PROBLEM: There are several vulnerabilities in PHP. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor HP-UX B.11.11, B.11.23, B.11.31 running Apache Debian GNU/Linux 4.0 (stable) DAMAGE: Could possibly execute arbitrary code as the apache user. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Could possibly execute arbitrary code as ASSESSMENT: the apache user. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-355.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0890.html ADDITIONAL LINKS: Visit Hewlett-Packard's Subscription Service for: HPSBUX02262 SSRT071447 rev. 1 HPSBUX02308 SSRT080010 rev. 1 HPSBUX02332 SSRT080056 rev. 1 Red Hat RHSA-2007:0888-2 https://rhn.redhat.com/errata/RHSA-2007-0888.html http://www.debian.org/security/2008/dsa-1444 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 ______________________________________________________________________________ REVISION HISTORY: 10/08/2007 - revised R-355 to add a link to Hewlett-Packard's Subscription Service for HPSBUX02262 SSRT071447 rev. 1 for HP-UX B.00.00, B.11.23, B.11.31 running Apache. 10/24/2007 - revised R-355 to add a link to Red Hat RHSA-2007:0888-2 for Red Hat Enterprise Linux AS, ES, WS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. 01/08/2008 - revised R-326 to add a link to Debian Security Advisory DSA-1444-1 for Debian GNU/Linux 4.0 (stable). 02/04/2008 - revised R-355 to add a link to Hewlett-Packard HPSBUX02308 SSRT080010 rev.1 for HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.0.59.00.1 or earlier. 05/07/2008 - revised R-355 to add a link to Hewlett-Packard HPSBUX02332 SSRT080056 rev.1 for HP-UX B.11.11, B.11.23, B.11.31 running Apache v2.18 with PHP v5.25.4 or earlier. [***** Start Red Hat RHSA-2007:0890-2 *****] Moderate: php security update Advisory: RHSA-2007:0890-2 Type: Security Advisory Severity: Moderate Issued on: 2007-09-20 Last updated on: 2007-09-20 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20070890.xml CVEs (cve.mitre.org): CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670 Details Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_script function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- SRPMS: php-5.1.6-15.el5.src.rpm 426c81738757b1b6d1be1fce7f0ca5fa IA-32: php-5.1.6-15.el5.i386.rpm 5f7b1348a16bd5785c1309bcd80198c0 php-bcmath-5.1.6-15.el5.i386.rpm e0d6afba70023fb20ea9dcb5df1d6a85 php-cli-5.1.6-15.el5.i386.rpm 60432befe14f515cf73595e03c366258 php-common-5.1.6-15.el5.i386.rpm 3159ab6aad6adf2528ddac20c22308af php-dba-5.1.6-15.el5.i386.rpm c8a713c4b137d19a1bf67a8516014ca3 php-devel-5.1.6-15.el5.i386.rpm 8352e2b24959a7da3ac20f01807d5238 php-gd-5.1.6-15.el5.i386.rpm 49c601b5bf4ab268a186c5cfe0e6b19e php-imap-5.1.6-15.el5.i386.rpm 2652138c42f5e524bab01fca91a9455a php-ldap-5.1.6-15.el5.i386.rpm 5da5d67061bd765d4867498644c45465 php-mbstring-5.1.6-15.el5.i386.rpm 1ba4c4767de40e98fe6c8abd6ca0c1d0 php-mysql-5.1.6-15.el5.i386.rpm 5edc21abb8f4bacb8f61014e6f75d538 php-ncurses-5.1.6-15.el5.i386.rpm 2a585131f1436ef0b5df6a5c4fc276cc php-odbc-5.1.6-15.el5.i386.rpm cf8f388369116831e845ab0e515ac5fb php-pdo-5.1.6-15.el5.i386.rpm 58ea6a0807dca2f42582273c5c52b812 php-pgsql-5.1.6-15.el5.i386.rpm 2f4f878a51bad35f7fd6f830c90ebf24 php-snmp-5.1.6-15.el5.i386.rpm c0afa5819aee6ceb0928b507aef4f1ad php-soap-5.1.6-15.el5.i386.rpm 479e67dbb824b8aa9e6be6f7b5dbad5a php-xml-5.1.6-15.el5.i386.rpm f53c5cb211bacd3cf4365a654736206d php-xmlrpc-5.1.6-15.el5.i386.rpm 46116911341e7b6a31c6078d5c404075 x86_64: php-5.1.6-15.el5.x86_64.rpm d74450e5fd3f219625f54508856dfcef php-bcmath-5.1.6-15.el5.x86_64.rpm 1d341fac9963b5553f4a2a90fcf7981e php-cli-5.1.6-15.el5.x86_64.rpm e02945fa66df78cb0757d3ffdedc1c7f php-common-5.1.6-15.el5.x86_64.rpm 7442e9c08a23fe5379214592d8e232f0 php-dba-5.1.6-15.el5.x86_64.rpm 7aeaaf755ed6334e34fe5cbd5c622cdf php-devel-5.1.6-15.el5.x86_64.rpm 27d8a48e853d7746bb012bbe917a3351 php-gd-5.1.6-15.el5.x86_64.rpm eb3e30df7caf68344d2120b671dcaaf7 php-imap-5.1.6-15.el5.x86_64.rpm 4a74682deebc72ccca4cc56b661457f8 php-ldap-5.1.6-15.el5.x86_64.rpm 053973b88bc8c2f717f41c76d839b2cc php-mbstring-5.1.6-15.el5.x86_64.rpm 88a45145247bfdaaa3f46e9921e49ecd php-mysql-5.1.6-15.el5.x86_64.rpm dbfb808ba9f1ae4ba63659710edbdee7 php-ncurses-5.1.6-15.el5.x86_64.rpm eafdf750a1f786aa726bb3e4d9be5a59 php-odbc-5.1.6-15.el5.x86_64.rpm f9a62467a56ca738ec99ac64113a3c0d php-pdo-5.1.6-15.el5.x86_64.rpm e8c18113c88abb78cca377c53a7b688c php-pgsql-5.1.6-15.el5.x86_64.rpm 191593b2205e449fa6f3d1affd159ca6 php-snmp-5.1.6-15.el5.x86_64.rpm b4bcc7b3e88fb4bdce4da32023208d71 php-soap-5.1.6-15.el5.x86_64.rpm 26c96b9f75b5a47241c717224e85fe0f php-xml-5.1.6-15.el5.x86_64.rpm e3a37a527a3aca4575515e3f9fed0bfb php-xmlrpc-5.1.6-15.el5.x86_64.rpm 2fc5731073fb53cd7d44f7ee1b21f473 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.9.src.rpm e8faf5e66a4d04303153bbd3e6a1773f IA-32: php-4.3.9-3.22.9.i386.rpm f5cb79eb51c09c5e60309ece67895d64 php-devel-4.3.9-3.22.9.i386.rpm 0c04f959984ef47b0bcc307b73a8f5eb php-domxml-4.3.9-3.22.9.i386.rpm db918b65280c80a53f5a4a74bdb19a52 php-gd-4.3.9-3.22.9.i386.rpm d7431a4a781fff266232df0ad57e2709 php-imap-4.3.9-3.22.9.i386.rpm e3ce635c4be3a8e0e7eb9cd8f2068379 php-ldap-4.3.9-3.22.9.i386.rpm fc09c0c3adab947b299c6d2cbcb48729 php-mbstring-4.3.9-3.22.9.i386.rpm 7887404560bb2b92e524124a075d1363 php-mysql-4.3.9-3.22.9.i386.rpm c70c9d4979af2a809df19bc41f8b650d php-ncurses-4.3.9-3.22.9.i386.rpm c1a87bb151525977df856e9e858a67ed php-odbc-4.3.9-3.22.9.i386.rpm 62843188fd5f12af880f324a77494cb0 php-pear-4.3.9-3.22.9.i386.rpm 5ee22eac2c6be35932b82308a5b28870 php-pgsql-4.3.9-3.22.9.i386.rpm 1d294819a2c537748fe09ad72f0a6937 php-snmp-4.3.9-3.22.9.i386.rpm 50bac687d584a5bcc75214d13b29c071 php-xmlrpc-4.3.9-3.22.9.i386.rpm ae1ca38652d31234e50d99e9ac5056e9 x86_64: php-4.3.9-3.22.9.x86_64.rpm e83c81e2e342457071be42183343eb44 php-devel-4.3.9-3.22.9.x86_64.rpm 014722aae703df5efc97699f5d79403c php-domxml-4.3.9-3.22.9.x86_64.rpm cf9d3fdc706e4ecb0d9ecc2516c683a6 php-gd-4.3.9-3.22.9.x86_64.rpm 013c2e1546325b7e35bd8dfde99b06d0 php-imap-4.3.9-3.22.9.x86_64.rpm a177149e4314b28d16459f712fd98bf9 php-ldap-4.3.9-3.22.9.x86_64.rpm fdfc175140990346e0dbe642ad2d42ab php-mbstring-4.3.9-3.22.9.x86_64.rpm 91ac7907e9fc58f88092fbf0da7fa935 php-mysql-4.3.9-3.22.9.x86_64.rpm e30571f87480f7924a1560b728ea9152 php-ncurses-4.3.9-3.22.9.x86_64.rpm 72ca3252ee573fce4d1df9fd834a9e4b php-odbc-4.3.9-3.22.9.x86_64.rpm 7e346253b45403ecafd625d3fb47e1e9 php-pear-4.3.9-3.22.9.x86_64.rpm a2634d277ed4d2b9fda943d387c4f6b5 php-pgsql-4.3.9-3.22.9.x86_64.rpm e0f4b32081eaaf91dd056a7b73b56d51 php-snmp-4.3.9-3.22.9.x86_64.rpm 09c125d212803f67c46540ff8b14c4cf php-xmlrpc-4.3.9-3.22.9.x86_64.rpm 374bac1646ae54bc69414096f1d1e7f9 Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: php-5.1.6-15.el5.src.rpm 426c81738757b1b6d1be1fce7f0ca5fa IA-32: php-5.1.6-15.el5.i386.rpm 5f7b1348a16bd5785c1309bcd80198c0 php-bcmath-5.1.6-15.el5.i386.rpm e0d6afba70023fb20ea9dcb5df1d6a85 php-cli-5.1.6-15.el5.i386.rpm 60432befe14f515cf73595e03c366258 php-common-5.1.6-15.el5.i386.rpm 3159ab6aad6adf2528ddac20c22308af php-dba-5.1.6-15.el5.i386.rpm c8a713c4b137d19a1bf67a8516014ca3 php-devel-5.1.6-15.el5.i386.rpm 8352e2b24959a7da3ac20f01807d5238 php-gd-5.1.6-15.el5.i386.rpm 49c601b5bf4ab268a186c5cfe0e6b19e php-imap-5.1.6-15.el5.i386.rpm 2652138c42f5e524bab01fca91a9455a php-ldap-5.1.6-15.el5.i386.rpm 5da5d67061bd765d4867498644c45465 php-mbstring-5.1.6-15.el5.i386.rpm 1ba4c4767de40e98fe6c8abd6ca0c1d0 php-mysql-5.1.6-15.el5.i386.rpm 5edc21abb8f4bacb8f61014e6f75d538 php-ncurses-5.1.6-15.el5.i386.rpm 2a585131f1436ef0b5df6a5c4fc276cc php-odbc-5.1.6-15.el5.i386.rpm cf8f388369116831e845ab0e515ac5fb php-pdo-5.1.6-15.el5.i386.rpm 58ea6a0807dca2f42582273c5c52b812 php-pgsql-5.1.6-15.el5.i386.rpm 2f4f878a51bad35f7fd6f830c90ebf24 php-snmp-5.1.6-15.el5.i386.rpm c0afa5819aee6ceb0928b507aef4f1ad php-soap-5.1.6-15.el5.i386.rpm 479e67dbb824b8aa9e6be6f7b5dbad5a php-xml-5.1.6-15.el5.i386.rpm f53c5cb211bacd3cf4365a654736206d php-xmlrpc-5.1.6-15.el5.i386.rpm 46116911341e7b6a31c6078d5c404075 IA-64: php-5.1.6-15.el5.ia64.rpm 4388a47f365986ecf16edff8fd345d4d php-bcmath-5.1.6-15.el5.ia64.rpm 3913365148eb1a43fab1c5501161e2e8 php-cli-5.1.6-15.el5.ia64.rpm 6e6cfd728a69f9fd763890957d4f8c4a php-common-5.1.6-15.el5.ia64.rpm b769fe28a182bad6da27a9ae1f012b23 php-dba-5.1.6-15.el5.ia64.rpm e73374af1eeae4a81a21940746137645 php-devel-5.1.6-15.el5.ia64.rpm 39cf488743fca5aa38f385bd73513ded php-gd-5.1.6-15.el5.ia64.rpm 95a991ad2811a8a8e674c62ecf72133e php-imap-5.1.6-15.el5.ia64.rpm c57df47fb790bd9b54879ec05f7d1b8a php-ldap-5.1.6-15.el5.ia64.rpm bb16a4d336f9294ca17263c19d0c0c6f php-mbstring-5.1.6-15.el5.ia64.rpm 8ad35237e62dcc6e689a2c2729d739b8 php-mysql-5.1.6-15.el5.ia64.rpm f403c1b9fe7e92691eee7b4abf04b4e7 php-ncurses-5.1.6-15.el5.ia64.rpm 6246205d370e2d2f29fc2fadd296ea2d php-odbc-5.1.6-15.el5.ia64.rpm 67ecbc44f21f84e7880cc76a5b7dc08e php-pdo-5.1.6-15.el5.ia64.rpm 85bba602d1f95a52cecd84e2cb173309 php-pgsql-5.1.6-15.el5.ia64.rpm 015590977d71243414d31db9294ac24d php-snmp-5.1.6-15.el5.ia64.rpm fcba9a47cf50e73f66170ac2bd3806fc php-soap-5.1.6-15.el5.ia64.rpm 3d95f1d0f44fc08122c18e4bb1dcf4ba php-xml-5.1.6-15.el5.ia64.rpm fe262f8d1006e8cbf482c175c752fa0e php-xmlrpc-5.1.6-15.el5.ia64.rpm d390b4335ee1a59e7f1d45f578a8a269 PPC: php-5.1.6-15.el5.ppc.rpm 31e5be1fea2c1e4641b98dedc07d9cf7 php-bcmath-5.1.6-15.el5.ppc.rpm 93bcaa81514076414a226c8dd44346d5 php-cli-5.1.6-15.el5.ppc.rpm 2acb99897d84fa95e428d37f1c140393 php-common-5.1.6-15.el5.ppc.rpm 98ad5abac6ed5605564aed6886c4afd3 php-dba-5.1.6-15.el5.ppc.rpm 09b2c4698249d73d3323b71cea31c916 php-devel-5.1.6-15.el5.ppc.rpm 6f4ea7ef6e0ce15ddc493d4cdcb7c343 php-gd-5.1.6-15.el5.ppc.rpm d2732c759367edfd24df3173e475c96f php-imap-5.1.6-15.el5.ppc.rpm 4f4e583023a60d985cb2206566bc2595 php-ldap-5.1.6-15.el5.ppc.rpm 180a9cd498db13bc27942fbd8a6d3f74 php-mbstring-5.1.6-15.el5.ppc.rpm 31fc948c9d9bca0356129ed985111395 php-mysql-5.1.6-15.el5.ppc.rpm acad9d1a48c872138819921b805d6889 php-ncurses-5.1.6-15.el5.ppc.rpm 1eb0205087e9a33ac97b83e97221d811 php-odbc-5.1.6-15.el5.ppc.rpm e94bf38832dcb41bb931e89ac12fbce7 php-pdo-5.1.6-15.el5.ppc.rpm 533faa8cf91e4335c349739275cde758 php-pgsql-5.1.6-15.el5.ppc.rpm 62bb0eee57dd03f8e85cf2cce94308d6 php-snmp-5.1.6-15.el5.ppc.rpm 40d5ff90fd8f87db85aee80e33987df0 php-soap-5.1.6-15.el5.ppc.rpm 0f2038c669e3ca17886bf90ed2d7ba4c php-xml-5.1.6-15.el5.ppc.rpm 46c4fbe9c938ce2f777df4152e4f8a0d php-xmlrpc-5.1.6-15.el5.ppc.rpm 2ff8a345b56c53993c9d5c35208df2ee s390x: php-5.1.6-15.el5.s390x.rpm d40b11cae166a0efefa7826ea630a9b1 php-bcmath-5.1.6-15.el5.s390x.rpm 0ba0475174cb87bad5111c74b3e686fd php-cli-5.1.6-15.el5.s390x.rpm 354f81c0c4488b8a2f7b731e3548865b php-common-5.1.6-15.el5.s390x.rpm 6888db53d212dc239a8a24e9c5eefb24 php-dba-5.1.6-15.el5.s390x.rpm 03808b3f7e89db2aae16400868c71363 php-devel-5.1.6-15.el5.s390x.rpm e2f353093a5d83cffa66852f3dacddf4 php-gd-5.1.6-15.el5.s390x.rpm 3b0e95e19afbac009fdfb47ed39945e8 php-imap-5.1.6-15.el5.s390x.rpm 8567a1281c77a33c6ac98cab13f01802 php-ldap-5.1.6-15.el5.s390x.rpm b9ed713df137817cc631fc75d544fc31 php-mbstring-5.1.6-15.el5.s390x.rpm e13db14a5cd355f291f8d66b7367055c php-mysql-5.1.6-15.el5.s390x.rpm b9aae6ffa7a117d07f4f4a5d8508d6d5 php-ncurses-5.1.6-15.el5.s390x.rpm 5d224c4fb289de13a258e96d4509d21f php-odbc-5.1.6-15.el5.s390x.rpm 66401a173943a3d86d63ff19c92166df php-pdo-5.1.6-15.el5.s390x.rpm c34f65292dbf37341b833abb19084f3a php-pgsql-5.1.6-15.el5.s390x.rpm 22ea15ae3758812b79a26a7b978f8f84 php-snmp-5.1.6-15.el5.s390x.rpm 5a96fde5c5595869e73b324e35ce9d84 php-soap-5.1.6-15.el5.s390x.rpm f1c4420fb50a3a320724812e8ff07f29 php-xml-5.1.6-15.el5.s390x.rpm bb64161d8ed550c70d538ba9ce11b422 php-xmlrpc-5.1.6-15.el5.s390x.rpm d025259bcc4261d82189f7a756445ddc x86_64: php-5.1.6-15.el5.x86_64.rpm d74450e5fd3f219625f54508856dfcef php-bcmath-5.1.6-15.el5.x86_64.rpm 1d341fac9963b5553f4a2a90fcf7981e php-cli-5.1.6-15.el5.x86_64.rpm e02945fa66df78cb0757d3ffdedc1c7f php-common-5.1.6-15.el5.x86_64.rpm 7442e9c08a23fe5379214592d8e232f0 php-dba-5.1.6-15.el5.x86_64.rpm 7aeaaf755ed6334e34fe5cbd5c622cdf php-devel-5.1.6-15.el5.x86_64.rpm 27d8a48e853d7746bb012bbe917a3351 php-gd-5.1.6-15.el5.x86_64.rpm eb3e30df7caf68344d2120b671dcaaf7 php-imap-5.1.6-15.el5.x86_64.rpm 4a74682deebc72ccca4cc56b661457f8 php-ldap-5.1.6-15.el5.x86_64.rpm 053973b88bc8c2f717f41c76d839b2cc php-mbstring-5.1.6-15.el5.x86_64.rpm 88a45145247bfdaaa3f46e9921e49ecd php-mysql-5.1.6-15.el5.x86_64.rpm dbfb808ba9f1ae4ba63659710edbdee7 php-ncurses-5.1.6-15.el5.x86_64.rpm eafdf750a1f786aa726bb3e4d9be5a59 php-odbc-5.1.6-15.el5.x86_64.rpm f9a62467a56ca738ec99ac64113a3c0d php-pdo-5.1.6-15.el5.x86_64.rpm e8c18113c88abb78cca377c53a7b688c php-pgsql-5.1.6-15.el5.x86_64.rpm 191593b2205e449fa6f3d1affd159ca6 php-snmp-5.1.6-15.el5.x86_64.rpm b4bcc7b3e88fb4bdce4da32023208d71 php-soap-5.1.6-15.el5.x86_64.rpm 26c96b9f75b5a47241c717224e85fe0f php-xml-5.1.6-15.el5.x86_64.rpm e3a37a527a3aca4575515e3f9fed0bfb php-xmlrpc-5.1.6-15.el5.x86_64.rpm 2fc5731073fb53cd7d44f7ee1b21f473 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.9.src.rpm e8faf5e66a4d04303153bbd3e6a1773f IA-32: php-4.3.9-3.22.9.i386.rpm f5cb79eb51c09c5e60309ece67895d64 php-devel-4.3.9-3.22.9.i386.rpm 0c04f959984ef47b0bcc307b73a8f5eb php-domxml-4.3.9-3.22.9.i386.rpm db918b65280c80a53f5a4a74bdb19a52 php-gd-4.3.9-3.22.9.i386.rpm d7431a4a781fff266232df0ad57e2709 php-imap-4.3.9-3.22.9.i386.rpm e3ce635c4be3a8e0e7eb9cd8f2068379 php-ldap-4.3.9-3.22.9.i386.rpm fc09c0c3adab947b299c6d2cbcb48729 php-mbstring-4.3.9-3.22.9.i386.rpm 7887404560bb2b92e524124a075d1363 php-mysql-4.3.9-3.22.9.i386.rpm c70c9d4979af2a809df19bc41f8b650d php-ncurses-4.3.9-3.22.9.i386.rpm c1a87bb151525977df856e9e858a67ed php-odbc-4.3.9-3.22.9.i386.rpm 62843188fd5f12af880f324a77494cb0 php-pear-4.3.9-3.22.9.i386.rpm 5ee22eac2c6be35932b82308a5b28870 php-pgsql-4.3.9-3.22.9.i386.rpm 1d294819a2c537748fe09ad72f0a6937 php-snmp-4.3.9-3.22.9.i386.rpm 50bac687d584a5bcc75214d13b29c071 php-xmlrpc-4.3.9-3.22.9.i386.rpm ae1ca38652d31234e50d99e9ac5056e9 IA-64: php-4.3.9-3.22.9.ia64.rpm f01bb7d5b1a489342b5f3ef7322d1cc2 php-devel-4.3.9-3.22.9.ia64.rpm 675ecf89dde72e3096a7efa9ff90d06a php-domxml-4.3.9-3.22.9.ia64.rpm 7d8a64b6b071debd56ad0863a2175ee0 php-gd-4.3.9-3.22.9.ia64.rpm bab5aeb8b6fc0d19870ce445ae34d39e php-imap-4.3.9-3.22.9.ia64.rpm d35eb7fb24a240976a09197f631aebbc php-ldap-4.3.9-3.22.9.ia64.rpm e8441d1dca97f68a154e105759a2423e php-mbstring-4.3.9-3.22.9.ia64.rpm faaca0de23911004b2dbf8a1bad94859 php-mysql-4.3.9-3.22.9.ia64.rpm dd715845962a8bbf06b21ea77ca29a42 php-ncurses-4.3.9-3.22.9.ia64.rpm 17daef5653617f17e9affcd2248ae2bf php-odbc-4.3.9-3.22.9.ia64.rpm 37a146a6f04376b5b147f16f39344445 php-pear-4.3.9-3.22.9.ia64.rpm 006fd4dc0f4b2591d49c8c65321956a6 php-pgsql-4.3.9-3.22.9.ia64.rpm 38b0b0a7ca997ed8088865604639434c php-snmp-4.3.9-3.22.9.ia64.rpm dcae1981ff4bfe381fad8a32d2e071a5 php-xmlrpc-4.3.9-3.22.9.ia64.rpm 8934f07315d5fd021c475b4bf821671a PPC: php-4.3.9-3.22.9.ppc.rpm 732a95f82c367ec47b006c7585095733 php-devel-4.3.9-3.22.9.ppc.rpm 53ecedce407bf8c427cde2b8e44fc05f php-domxml-4.3.9-3.22.9.ppc.rpm 3f8a0bb779b648933277fe6d509e0917 php-gd-4.3.9-3.22.9.ppc.rpm 54b82217fe337e747f0674d512b8fe68 php-imap-4.3.9-3.22.9.ppc.rpm a3560c434d4806d96ad157bb984b1d43 php-ldap-4.3.9-3.22.9.ppc.rpm d3d02be1ca0ae87807e8ec6f22d8630f php-mbstring-4.3.9-3.22.9.ppc.rpm 84230e82aa52694112e2832fe3831bf8 php-mysql-4.3.9-3.22.9.ppc.rpm 41f2eb554021b6b5c9324c6a04f7da7a php-ncurses-4.3.9-3.22.9.ppc.rpm e9ff8ab49132263b0d2240eeba38dc75 php-odbc-4.3.9-3.22.9.ppc.rpm 1bacbe894a59b5cf0cd7fd729e9f46be php-pear-4.3.9-3.22.9.ppc.rpm bd8cf25c07721ae75956f1dba313dddf php-pgsql-4.3.9-3.22.9.ppc.rpm fb04294bf4b307764b1763ef7861ca74 php-snmp-4.3.9-3.22.9.ppc.rpm 04522d687d3f41bac3b156f2c1e225c3 php-xmlrpc-4.3.9-3.22.9.ppc.rpm cb5a32b754a03414007d590bd556d3b8 s390: php-4.3.9-3.22.9.s390.rpm 966a3d0fd1bb6be07eaf60807238ba75 php-devel-4.3.9-3.22.9.s390.rpm 5aef3e9ad39b1141b5b8e414db3e0f97 php-domxml-4.3.9-3.22.9.s390.rpm 055f761da58dd3e1765bcddb85165369 php-gd-4.3.9-3.22.9.s390.rpm 00cc7dad9fab2011b0f2007ee4815d8d php-imap-4.3.9-3.22.9.s390.rpm ba0999c3e5483570f199b6ec4d86a978 php-ldap-4.3.9-3.22.9.s390.rpm 8f62b6a87fb6026f16a331f46eb165ad php-mbstring-4.3.9-3.22.9.s390.rpm 94d58ddbe91d7a4b95473eb16bf743a4 php-mysql-4.3.9-3.22.9.s390.rpm f7df921de7891b1ecefcfc98eca37834 php-ncurses-4.3.9-3.22.9.s390.rpm c82eea12c7bcaa89c8053719cd206f58 php-odbc-4.3.9-3.22.9.s390.rpm 50a663f52500ad9d663f46aa7fd4ffa2 php-pear-4.3.9-3.22.9.s390.rpm 36f75110ba41866c21959e7dade96a67 php-pgsql-4.3.9-3.22.9.s390.rpm b8189f044fb3ee875fe72966ce4b1161 php-snmp-4.3.9-3.22.9.s390.rpm 3686493ad75f8fca1769e06ec83b34da php-xmlrpc-4.3.9-3.22.9.s390.rpm 56dc4b878f38476e975b9bd729a14d7b s390x: php-4.3.9-3.22.9.s390x.rpm a02beec04350a707a43d21be520943b6 php-devel-4.3.9-3.22.9.s390x.rpm fcb3725d7eb892164ce07703c3470d98 php-domxml-4.3.9-3.22.9.s390x.rpm de8e463abb27ee7bdaccea98f8894d37 php-gd-4.3.9-3.22.9.s390x.rpm 68a8234046c23de52fbc99a7f314c055 php-imap-4.3.9-3.22.9.s390x.rpm 50dd76290dcc36b6a6cd03bc449489fd php-ldap-4.3.9-3.22.9.s390x.rpm 1ca8a0225afaad9d4f22f72968897e99 php-mbstring-4.3.9-3.22.9.s390x.rpm 44dc741a1fee812673b10f2c33c114b7 php-mysql-4.3.9-3.22.9.s390x.rpm 207dcd1dbe39b8ccfb1ce69a1b60501a php-ncurses-4.3.9-3.22.9.s390x.rpm eb0ce95bbb416dbc6cb11f160157f8c3 php-odbc-4.3.9-3.22.9.s390x.rpm 6582f964f856944737960186578380a4 php-pear-4.3.9-3.22.9.s390x.rpm 76c383335c4cb672ac5dc4b1a1472471 php-pgsql-4.3.9-3.22.9.s390x.rpm 0e0fdbec3297b0c94f21dfdd2ba728a2 php-snmp-4.3.9-3.22.9.s390x.rpm 79cf46ab55e44b8bbde862cf3f5e2455 php-xmlrpc-4.3.9-3.22.9.s390x.rpm 5e676266ae73dccf7e41aa40dea8db28 x86_64: php-4.3.9-3.22.9.x86_64.rpm e83c81e2e342457071be42183343eb44 php-devel-4.3.9-3.22.9.x86_64.rpm 014722aae703df5efc97699f5d79403c php-domxml-4.3.9-3.22.9.x86_64.rpm cf9d3fdc706e4ecb0d9ecc2516c683a6 php-gd-4.3.9-3.22.9.x86_64.rpm 013c2e1546325b7e35bd8dfde99b06d0 php-imap-4.3.9-3.22.9.x86_64.rpm a177149e4314b28d16459f712fd98bf9 php-ldap-4.3.9-3.22.9.x86_64.rpm fdfc175140990346e0dbe642ad2d42ab php-mbstring-4.3.9-3.22.9.x86_64.rpm 91ac7907e9fc58f88092fbf0da7fa935 php-mysql-4.3.9-3.22.9.x86_64.rpm e30571f87480f7924a1560b728ea9152 php-ncurses-4.3.9-3.22.9.x86_64.rpm 72ca3252ee573fce4d1df9fd834a9e4b php-odbc-4.3.9-3.22.9.x86_64.rpm 7e346253b45403ecafd625d3fb47e1e9 php-pear-4.3.9-3.22.9.x86_64.rpm a2634d277ed4d2b9fda943d387c4f6b5 php-pgsql-4.3.9-3.22.9.x86_64.rpm e0f4b32081eaaf91dd056a7b73b56d51 php-snmp-4.3.9-3.22.9.x86_64.rpm 09c125d212803f67c46540ff8b14c4cf php-xmlrpc-4.3.9-3.22.9.x86_64.rpm 374bac1646ae54bc69414096f1d1e7f9 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.9.src.rpm e8faf5e66a4d04303153bbd3e6a1773f IA-32: php-4.3.9-3.22.9.i386.rpm f5cb79eb51c09c5e60309ece67895d64 php-devel-4.3.9-3.22.9.i386.rpm 0c04f959984ef47b0bcc307b73a8f5eb php-domxml-4.3.9-3.22.9.i386.rpm db918b65280c80a53f5a4a74bdb19a52 php-gd-4.3.9-3.22.9.i386.rpm d7431a4a781fff266232df0ad57e2709 php-imap-4.3.9-3.22.9.i386.rpm e3ce635c4be3a8e0e7eb9cd8f2068379 php-ldap-4.3.9-3.22.9.i386.rpm fc09c0c3adab947b299c6d2cbcb48729 php-mbstring-4.3.9-3.22.9.i386.rpm 7887404560bb2b92e524124a075d1363 php-mysql-4.3.9-3.22.9.i386.rpm c70c9d4979af2a809df19bc41f8b650d php-ncurses-4.3.9-3.22.9.i386.rpm c1a87bb151525977df856e9e858a67ed php-odbc-4.3.9-3.22.9.i386.rpm 62843188fd5f12af880f324a77494cb0 php-pear-4.3.9-3.22.9.i386.rpm 5ee22eac2c6be35932b82308a5b28870 php-pgsql-4.3.9-3.22.9.i386.rpm 1d294819a2c537748fe09ad72f0a6937 php-snmp-4.3.9-3.22.9.i386.rpm 50bac687d584a5bcc75214d13b29c071 php-xmlrpc-4.3.9-3.22.9.i386.rpm ae1ca38652d31234e50d99e9ac5056e9 IA-64: php-4.3.9-3.22.9.ia64.rpm f01bb7d5b1a489342b5f3ef7322d1cc2 php-devel-4.3.9-3.22.9.ia64.rpm 675ecf89dde72e3096a7efa9ff90d06a php-domxml-4.3.9-3.22.9.ia64.rpm 7d8a64b6b071debd56ad0863a2175ee0 php-gd-4.3.9-3.22.9.ia64.rpm bab5aeb8b6fc0d19870ce445ae34d39e php-imap-4.3.9-3.22.9.ia64.rpm d35eb7fb24a240976a09197f631aebbc php-ldap-4.3.9-3.22.9.ia64.rpm e8441d1dca97f68a154e105759a2423e php-mbstring-4.3.9-3.22.9.ia64.rpm faaca0de23911004b2dbf8a1bad94859 php-mysql-4.3.9-3.22.9.ia64.rpm dd715845962a8bbf06b21ea77ca29a42 php-ncurses-4.3.9-3.22.9.ia64.rpm 17daef5653617f17e9affcd2248ae2bf php-odbc-4.3.9-3.22.9.ia64.rpm 37a146a6f04376b5b147f16f39344445 php-pear-4.3.9-3.22.9.ia64.rpm 006fd4dc0f4b2591d49c8c65321956a6 php-pgsql-4.3.9-3.22.9.ia64.rpm 38b0b0a7ca997ed8088865604639434c php-snmp-4.3.9-3.22.9.ia64.rpm dcae1981ff4bfe381fad8a32d2e071a5 php-xmlrpc-4.3.9-3.22.9.ia64.rpm 8934f07315d5fd021c475b4bf821671a x86_64: php-4.3.9-3.22.9.x86_64.rpm e83c81e2e342457071be42183343eb44 php-devel-4.3.9-3.22.9.x86_64.rpm 014722aae703df5efc97699f5d79403c php-domxml-4.3.9-3.22.9.x86_64.rpm cf9d3fdc706e4ecb0d9ecc2516c683a6 php-gd-4.3.9-3.22.9.x86_64.rpm 013c2e1546325b7e35bd8dfde99b06d0 php-imap-4.3.9-3.22.9.x86_64.rpm a177149e4314b28d16459f712fd98bf9 php-ldap-4.3.9-3.22.9.x86_64.rpm fdfc175140990346e0dbe642ad2d42ab php-mbstring-4.3.9-3.22.9.x86_64.rpm 91ac7907e9fc58f88092fbf0da7fa935 php-mysql-4.3.9-3.22.9.x86_64.rpm e30571f87480f7924a1560b728ea9152 php-ncurses-4.3.9-3.22.9.x86_64.rpm 72ca3252ee573fce4d1df9fd834a9e4b php-odbc-4.3.9-3.22.9.x86_64.rpm 7e346253b45403ecafd625d3fb47e1e9 php-pear-4.3.9-3.22.9.x86_64.rpm a2634d277ed4d2b9fda943d387c4f6b5 php-pgsql-4.3.9-3.22.9.x86_64.rpm e0f4b32081eaaf91dd056a7b73b56d51 php-snmp-4.3.9-3.22.9.x86_64.rpm 09c125d212803f67c46540ff8b14c4cf php-xmlrpc-4.3.9-3.22.9.x86_64.rpm 374bac1646ae54bc69414096f1d1e7f9 Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: php-4.3.9-3.22.9.src.rpm e8faf5e66a4d04303153bbd3e6a1773f IA-32: php-4.3.9-3.22.9.i386.rpm f5cb79eb51c09c5e60309ece67895d64 php-devel-4.3.9-3.22.9.i386.rpm 0c04f959984ef47b0bcc307b73a8f5eb php-domxml-4.3.9-3.22.9.i386.rpm db918b65280c80a53f5a4a74bdb19a52 php-gd-4.3.9-3.22.9.i386.rpm d7431a4a781fff266232df0ad57e2709 php-imap-4.3.9-3.22.9.i386.rpm e3ce635c4be3a8e0e7eb9cd8f2068379 php-ldap-4.3.9-3.22.9.i386.rpm fc09c0c3adab947b299c6d2cbcb48729 php-mbstring-4.3.9-3.22.9.i386.rpm 7887404560bb2b92e524124a075d1363 php-mysql-4.3.9-3.22.9.i386.rpm c70c9d4979af2a809df19bc41f8b650d php-ncurses-4.3.9-3.22.9.i386.rpm c1a87bb151525977df856e9e858a67ed php-odbc-4.3.9-3.22.9.i386.rpm 62843188fd5f12af880f324a77494cb0 php-pear-4.3.9-3.22.9.i386.rpm 5ee22eac2c6be35932b82308a5b28870 php-pgsql-4.3.9-3.22.9.i386.rpm 1d294819a2c537748fe09ad72f0a6937 php-snmp-4.3.9-3.22.9.i386.rpm 50bac687d584a5bcc75214d13b29c071 php-xmlrpc-4.3.9-3.22.9.i386.rpm ae1ca38652d31234e50d99e9ac5056e9 IA-64: php-4.3.9-3.22.9.ia64.rpm f01bb7d5b1a489342b5f3ef7322d1cc2 php-devel-4.3.9-3.22.9.ia64.rpm 675ecf89dde72e3096a7efa9ff90d06a php-domxml-4.3.9-3.22.9.ia64.rpm 7d8a64b6b071debd56ad0863a2175ee0 php-gd-4.3.9-3.22.9.ia64.rpm bab5aeb8b6fc0d19870ce445ae34d39e php-imap-4.3.9-3.22.9.ia64.rpm d35eb7fb24a240976a09197f631aebbc php-ldap-4.3.9-3.22.9.ia64.rpm e8441d1dca97f68a154e105759a2423e php-mbstring-4.3.9-3.22.9.ia64.rpm faaca0de23911004b2dbf8a1bad94859 php-mysql-4.3.9-3.22.9.ia64.rpm dd715845962a8bbf06b21ea77ca29a42 php-ncurses-4.3.9-3.22.9.ia64.rpm 17daef5653617f17e9affcd2248ae2bf php-odbc-4.3.9-3.22.9.ia64.rpm 37a146a6f04376b5b147f16f39344445 php-pear-4.3.9-3.22.9.ia64.rpm 006fd4dc0f4b2591d49c8c65321956a6 php-pgsql-4.3.9-3.22.9.ia64.rpm 38b0b0a7ca997ed8088865604639434c php-snmp-4.3.9-3.22.9.ia64.rpm dcae1981ff4bfe381fad8a32d2e071a5 php-xmlrpc-4.3.9-3.22.9.ia64.rpm 8934f07315d5fd021c475b4bf821671a x86_64: php-4.3.9-3.22.9.x86_64.rpm e83c81e2e342457071be42183343eb44 php-devel-4.3.9-3.22.9.x86_64.rpm 014722aae703df5efc97699f5d79403c php-domxml-4.3.9-3.22.9.x86_64.rpm cf9d3fdc706e4ecb0d9ecc2516c683a6 php-gd-4.3.9-3.22.9.x86_64.rpm 013c2e1546325b7e35bd8dfde99b06d0 php-imap-4.3.9-3.22.9.x86_64.rpm a177149e4314b28d16459f712fd98bf9 php-ldap-4.3.9-3.22.9.x86_64.rpm fdfc175140990346e0dbe642ad2d42ab php-mbstring-4.3.9-3.22.9.x86_64.rpm 91ac7907e9fc58f88092fbf0da7fa935 php-mysql-4.3.9-3.22.9.x86_64.rpm e30571f87480f7924a1560b728ea9152 php-ncurses-4.3.9-3.22.9.x86_64.rpm 72ca3252ee573fce4d1df9fd834a9e4b php-odbc-4.3.9-3.22.9.x86_64.rpm 7e346253b45403ecafd625d3fb47e1e9 php-pear-4.3.9-3.22.9.x86_64.rpm a2634d277ed4d2b9fda943d387c4f6b5 php-pgsql-4.3.9-3.22.9.x86_64.rpm e0f4b32081eaaf91dd056a7b73b56d51 php-snmp-4.3.9-3.22.9.x86_64.rpm 09c125d212803f67c46540ff8b14c4cf php-xmlrpc-4.3.9-3.22.9.x86_64.rpm 374bac1646ae54bc69414096f1d1e7f9 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 242032 - CVE-2007-2872 php chunk_split integer overflow 242033 - CVE-2007-2756 php imagecreatefrompng infinite loop 250726 - CVE-2007-3799 php cross-site cookie insertion 276081 - CVE-2007-3998 php floating point exception inside wordwrap 278011 - CVE-2007-4658 php money_format format string issue 278031 - CVE-2007-3996 php multiple integer overflows in gd 278041 - CVE-2007-4670 php malformed cookie handling References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0890-2 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-345: ClamAV Vulnerabilities R-346: krb5 Vulnerability R-347: xorg-server Vulnerability R-348: Kernel Security Update R-349: Apple Quicktime Vulnerability R-350: Gt Security Update R-351: Denial of Service Vulnerabilities in Content Switching Module R-352: The Cisco Adaptive Security Appliance Vulnerability R-353: phpWiki Security Vulnerabilities R-354: Earth Resources Mapping NCSView ActiveX Vulnerabilities