FSA/FC5/FEDORA-2007-526

[SECURITY] Fedora Core 5 Update: php-5.1.6-1.6
- Fedora Update Notification FEDORA-2007-526 2007-05-24 -

Product    : Fedora Core 5 Name       : php Version    : 5.1.6 Release    : 1.6 Summary    : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.

- Update Information:

This update fixes a number of security issues in PHP.

A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server. No mechanism to trigger this flaw remotely is known. (CVE-2007-2510) - - add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016) - add security fixes for CVE-2007-0455, CVE-2007-1001, CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364) - fix pdo-abi provide - add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011) - add security fix for CVE-2006-5465 (#213732) - update to 5.1.6 (#201767, #204995) - add fix for upstream #38801 - add security fix for CVE-2006-4812 - drop Obsoletes for mod_php (#194590) - add php-pdo-abi versioning (#193202) - move php{-config,ize} man pages to -devel (#199382)
 * Wed May 9 2007 Joe Orton 5.1.6-1.6
 * Thu Apr 5 2007 Joe Orton 5.1.6-1.5
 * Fri Feb 23 2007 Joe Orton 5.1.6-1.4
 * Tue Feb 20 2007 Joe Orton 5.1.6-1.3
 * Fri Nov 3 2006 Joe Orton 5.1.6-1.2
 * Fri Oct 6 2006 Joe Orton 5.1.6-1.1

- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

82efb63b8164c8640948b7abd9dd527fce07e95f SRPMS/php-5.1.6-1.6.src.rpm 82efb63b8164c8640948b7abd9dd527fce07e95f noarch/php-5.1.6-1.6.src.rpm a5710ca823e349ced47b30c798e7c5e22fcbd9ea ppc/php-5.1.6-1.6.ppc.rpm 20b84a9539622a416aea0b8a313772ce8a977769 ppc/php-xmlrpc-5.1.6-1.6.ppc.rpm e28986afd4df27ca1e3f82205d86ad59219c5cef ppc/php-mbstring-5.1.6-1.6.ppc.rpm e2c2f324e67330ee82db26ab205932be5cbf890c ppc/php-bcmath-5.1.6-1.6.ppc.rpm e0a686e0cf557f4686c403925b351dee3c3e3894 ppc/php-ldap-5.1.6-1.6.ppc.rpm 9126717490cb8fa5d44e97b9b720b39df55b5375 ppc/debug/php-debuginfo-5.1.6-1.6.ppc.rpm 23772d91b23207ac50160c4c5a910940b9c36d94 ppc/php-gd-5.1.6-1.6.ppc.rpm 58f9717ab0932be1acf262e46d4aab5f8776c99a ppc/php-soap-5.1.6-1.6.ppc.rpm ad40644efbe40306e4edb261ddb33e0f801550e0 ppc/php-ncurses-5.1.6-1.6.ppc.rpm 83aebbaaf9f69bee988cc37f69e88e40d31866a8 ppc/php-pgsql-5.1.6-1.6.ppc.rpm 02541d25b1b4ff0dca2adf7add84cfd59893e6b2 ppc/php-dba-5.1.6-1.6.ppc.rpm 23f9f51eba68f4df51e844f7b3eb04a351db5f82 ppc/php-snmp-5.1.6-1.6.ppc.rpm 53b3b1c89ef1a7904a2ff2c3d54ae9c1cdb164c6 ppc/php-xml-5.1.6-1.6.ppc.rpm f66f442cbc97bf07b5c2eaf1b510f957c528618a ppc/php-mysql-5.1.6-1.6.ppc.rpm 2594340c25cb5422c8daf015df5d80fe166be393 ppc/php-imap-5.1.6-1.6.ppc.rpm 5de3d50a1bb5f96da59520671dcd5bc3e7adc8a9 ppc/php-pdo-5.1.6-1.6.ppc.rpm daa6530e8fdf1431d3a56d1b391fa239769254af ppc/php-odbc-5.1.6-1.6.ppc.rpm 1f32c323282745d508da99931ccdfd8cec678161 ppc/php-devel-5.1.6-1.6.ppc.rpm 038c637938d291995ec10953f537f7aa7af28495 x86_64/php-pgsql-5.1.6-1.6.x86_64.rpm a15a40b309061b87750e0616aa75a22bb50dfdf7 x86_64/php-bcmath-5.1.6-1.6.x86_64.rpm 91d24f6c318e68a4c64e21ecddcb3c28f54839cd x86_64/php-ncurses-5.1.6-1.6.x86_64.rpm e229637107f4c8d52b6518e32148b47156a9dbaf x86_64/debug/php-debuginfo-5.1.6-1.6.x86_64.rpm af25cf8a33e6dae1d55e1a200619c09b2d485ccb x86_64/php-5.1.6-1.6.x86_64.rpm 64ee9228dedb5edf8320815e153b430d55e6ac88 x86_64/php-ldap-5.1.6-1.6.x86_64.rpm 64ef3804b62d761b2fb1f03305d9c1d81cfd1547 x86_64/php-soap-5.1.6-1.6.x86_64.rpm 970d5e920fd5251d9370fc0d750eefcbf668c699 x86_64/php-dba-5.1.6-1.6.x86_64.rpm 929168d9a3e145ed5c9c6d9f8ea73363a1036fdd x86_64/php-gd-5.1.6-1.6.x86_64.rpm 80102cd57264aad342473eca104d18dee4171bea x86_64/php-devel-5.1.6-1.6.x86_64.rpm 43a1f33efd279bb3a7c132d5b4c4fe1353669fc7 x86_64/php-imap-5.1.6-1.6.x86_64.rpm 8ba73e3e2aa7b2a06e0648edbf6ca49b2a39acab x86_64/php-xml-5.1.6-1.6.x86_64.rpm 55518e43298156315ea24b3df1e1f278a84ffa36 x86_64/php-mysql-5.1.6-1.6.x86_64.rpm 758e21693582f484f45034e4208ed061f166cba0 x86_64/php-xmlrpc-5.1.6-1.6.x86_64.rpm 957963dbddf499ce0e6fd0d937337b21dd66740c x86_64/php-pdo-5.1.6-1.6.x86_64.rpm c6d1bdeed6e9f74ffce92897384dd73485f6c7a7 x86_64/php-mbstring-5.1.6-1.6.x86_64.rpm a65b9f21a7ba170fc17134e201bdc7ee63962421 x86_64/php-snmp-5.1.6-1.6.x86_64.rpm e9b8a31712be7342c2f6e439740772a7e60f3d33 x86_64/php-odbc-5.1.6-1.6.x86_64.rpm a9a0c8b5ce548824285a1341464090dba3d551e5 i386/php-xml-5.1.6-1.6.i386.rpm 04266f1d89faf9049f5f26a53305458bd7b4486e i386/php-pdo-5.1.6-1.6.i386.rpm e01a54b838910252e2120dd76b5087acc7056bed i386/php-imap-5.1.6-1.6.i386.rpm adb9805f47c01e568011ae2cbc0e2e97de2edbe4 i386/php-xmlrpc-5.1.6-1.6.i386.rpm c5ec295f6be39e238ca1e56af1310b859784e24f i386/php-bcmath-5.1.6-1.6.i386.rpm e026fa792ff7c9947b332108b8f604742e3e9fc2 i386/debug/php-debuginfo-5.1.6-1.6.i386.rpm 2c6b6afda734d05797a8edb41f23619743d65b0a i386/php-dba-5.1.6-1.6.i386.rpm 16c8db332d6baa10cd869e3fc13fb73a69544e8a i386/php-5.1.6-1.6.i386.rpm 88034a31f5ed88981a41e69d9f8d0bce53052d3d i386/php-ncurses-5.1.6-1.6.i386.rpm 1d7d8705e3b57e3a0125192afcf2c5b0554616c5 i386/php-devel-5.1.6-1.6.i386.rpm 662415d12d3b5ad06da97e4eee738611edbd4a80 i386/php-mbstring-5.1.6-1.6.i386.rpm 8734486e4d593c31d03e8d50cca3187bd5cee1c4 i386/php-odbc-5.1.6-1.6.i386.rpm d6e5c4ddba272f8eb9b1c3b246792238f76c380e i386/php-gd-5.1.6-1.6.i386.rpm 436a33efb954dd69d4cf1fad76397e7cd0963952 i386/php-pgsql-5.1.6-1.6.i386.rpm a5fcd1d00a7a0f765b7fcd9ff7417274c49ee071 i386/php-mysql-5.1.6-1.6.i386.rpm c7534ef580a5eae406ac3cd7f5fb0eb610e3b1f2 i386/php-snmp-5.1.6-1.6.i386.rpm 40adab182711178dfff70c0c75a92d1b92104965 i386/php-ldap-5.1.6-1.6.i386.rpm 7ffcac7e33e1a691f4e72ac7c8d64e9885b03e6f i386/php-soap-5.1.6-1.6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. -