FSA/FC6/FEDORA-2007-503

[SECURITY] Fedora Core 6 Update: php-5.1.6-3.6.fc6
- Fedora Update Notification FEDORA-2007-503 2007-05-14 -

Product    : Fedora Core 6 Name       : php Version    : 5.1.6 Release    : 3.6.fc6 Summary    : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP language to Apache HTTP Server.

- Update Information:

This update fixes a number of security issues in PHP.

A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server. No mechanism to trigger this flaw remotely is known. (CVE-2007-2510) - - add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016) - add README.FastCGI to -cli subpackage (#236555)
 * Wed May 9 2007 Joe Orton 5.1.6-3.6.fc6

- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

025c738382f6f1ede22904ae13bd532bd1d4883a SRPMS/php-5.1.6-3.6.fc6.src.rpm 025c738382f6f1ede22904ae13bd532bd1d4883a noarch/php-5.1.6-3.6.fc6.src.rpm 6639a47dfd79e3953a4cc141b0c82ddc2b0714eb ppc/php-mysql-5.1.6-3.6.fc6.ppc.rpm 5daffc576883dfaa66e902b2a360175899b8f8c0 ppc/php-common-5.1.6-3.6.fc6.ppc.rpm 275cc10496aeb272100b89952268002e118a76b5 ppc/php-dba-5.1.6-3.6.fc6.ppc.rpm 0a47a09be3b0be8f693f807400d0a74ffa89c2a0 ppc/php-mbstring-5.1.6-3.6.fc6.ppc.rpm 7d62260422678e595c226e31d02f06bdb87a507f ppc/php-odbc-5.1.6-3.6.fc6.ppc.rpm 7906fabf744a8d9477aaa8dc3a6ca02eeb5c2ef6 ppc/php-xml-5.1.6-3.6.fc6.ppc.rpm 1ebc07839be9a2cdd04cedbdd927a295e674eee3 ppc/php-ldap-5.1.6-3.6.fc6.ppc.rpm aff32372a66f1b6cd24471df378ca16c10728f7a ppc/php-pdo-5.1.6-3.6.fc6.ppc.rpm 0dd91b0c21b9fa4fd0cb2f3b8cbb6c4fe96704a2 ppc/php-cli-5.1.6-3.6.fc6.ppc.rpm fa90930a9c67a3756acb2f7dfad43b0c75e5c37d ppc/php-bcmath-5.1.6-3.6.fc6.ppc.rpm 5d85b54f9c0c29b1afce18a3230161b3c749b7c3 ppc/php-xmlrpc-5.1.6-3.6.fc6.ppc.rpm e17cc525e2febe8aff7f00fd012c4552c9af2338 ppc/php-soap-5.1.6-3.6.fc6.ppc.rpm d2c3b18f00437f63220afcf3cddcccda79e43a92 ppc/php-ncurses-5.1.6-3.6.fc6.ppc.rpm 78bcd56e059cf23112c484ce0a7295cd9ce8c2df ppc/php-imap-5.1.6-3.6.fc6.ppc.rpm 83502b3ee4ec92d9071653713d53b574bd483673 ppc/php-pgsql-5.1.6-3.6.fc6.ppc.rpm b4486a2d7f429602bf62df9ae3be431ce4cf2993 ppc/php-gd-5.1.6-3.6.fc6.ppc.rpm ab27e14e22be9f60aa5a6c12d26764b6f5576b40 ppc/php-5.1.6-3.6.fc6.ppc.rpm 365b2eff5d76472fd8fc0377439516cbda9b2c0b ppc/debug/php-debuginfo-5.1.6-3.6.fc6.ppc.rpm 646ec0be7c5dbf36f3e98a5f71d88134d08f6a4f ppc/php-devel-5.1.6-3.6.fc6.ppc.rpm 000dfbe6c080ce0ca757e05b8384b1439da0bdf7 ppc/php-snmp-5.1.6-3.6.fc6.ppc.rpm 99fa48c00b8957848f0be19a740128287ad28a9a x86_64/php-mysql-5.1.6-3.6.fc6.x86_64.rpm e51d0f7620a3a077680637bff72151efbda7fc7d x86_64/php-pdo-5.1.6-3.6.fc6.x86_64.rpm 3d94b55e57d3884303090384319a2b2a6dbb87f5 x86_64/php-imap-5.1.6-3.6.fc6.x86_64.rpm eaa5dc9566c805672076f7ee99eda7527a2fa81d x86_64/php-devel-5.1.6-3.6.fc6.x86_64.rpm e868c68203474032791eef1ec60efc355c8a35dc x86_64/php-pgsql-5.1.6-3.6.fc6.x86_64.rpm 5ee65d504fbfe508bae88e1cd5d53ca2e861dc79 x86_64/php-odbc-5.1.6-3.6.fc6.x86_64.rpm 86b255e7ba2860728b36b02f519f70528c61ee67 x86_64/debug/php-debuginfo-5.1.6-3.6.fc6.x86_64.rpm 17956ed917566a550c31eb99e868f40cda2742b7 x86_64/php-gd-5.1.6-3.6.fc6.x86_64.rpm 79341e6bc0b70c2b2d417c5ba69589d521f8cc82 x86_64/php-soap-5.1.6-3.6.fc6.x86_64.rpm 05c0f6da52c9d79d716cccf62d5f0c32877119b9 x86_64/php-cli-5.1.6-3.6.fc6.x86_64.rpm b1968843b5906ee7c87db88cd5e5687dd0f6954c x86_64/php-dba-5.1.6-3.6.fc6.x86_64.rpm 5e067abee811e071f627d9e817defdf87d4fac24 x86_64/php-bcmath-5.1.6-3.6.fc6.x86_64.rpm c407ba010219e485ac08b1641b4fa3e670b2be86 x86_64/php-xmlrpc-5.1.6-3.6.fc6.x86_64.rpm 7d85318b2fc4bcc80f59292ddad5c84952c335a9 x86_64/php-ncurses-5.1.6-3.6.fc6.x86_64.rpm a195364ed05efdd090c630fe9c31b5512e60723b x86_64/php-snmp-5.1.6-3.6.fc6.x86_64.rpm 1b1b505ceed75bc1088eb543b976e4b741c06c53 x86_64/php-ldap-5.1.6-3.6.fc6.x86_64.rpm 0ae538a20ab854d6939d5c866ef461357b3ea429 x86_64/php-mbstring-5.1.6-3.6.fc6.x86_64.rpm dd98183718043e8954ea0caf5824874d9f565452 x86_64/php-common-5.1.6-3.6.fc6.x86_64.rpm db87c758dec5768839d24929666e3002ec402ed2 x86_64/php-5.1.6-3.6.fc6.x86_64.rpm d1bcdfdc4829dad5fbd5e368fd5e2c3f4bac924a x86_64/php-xml-5.1.6-3.6.fc6.x86_64.rpm 4221bd8ad5f9eeb919cbcab8610b683ccc267652 i386/php-imap-5.1.6-3.6.fc6.i386.rpm 28e43258ea27104ece07f406f150fe12b4cc5d25 i386/php-snmp-5.1.6-3.6.fc6.i386.rpm edc8329aebf6f3a21228d336b63e36310b2a3216 i386/php-common-5.1.6-3.6.fc6.i386.rpm 43cee34fd3796f235f7592e2e18fb58520c15a5d i386/php-xmlrpc-5.1.6-3.6.fc6.i386.rpm e7bef5c9d67f4dfafd4f546ac0c3da81a6310958 i386/php-xml-5.1.6-3.6.fc6.i386.rpm 3030d7c005509f9c26ad8904bc38ed0ea462204c i386/php-mysql-5.1.6-3.6.fc6.i386.rpm 6a70f36a5405691931fe47284055b32638b38025 i386/php-dba-5.1.6-3.6.fc6.i386.rpm f862dfd87d4c093973c84adc0c657e843c310889 i386/php-ncurses-5.1.6-3.6.fc6.i386.rpm 2de47b3f6ff2de50ce15d7906fc8295127305f1f i386/php-gd-5.1.6-3.6.fc6.i386.rpm 24739795c8f6f8711550e3596228eb4ffa8447b9 i386/php-devel-5.1.6-3.6.fc6.i386.rpm 32f0edfc011a12f43bf1f0e0f5c43a921df36a48 i386/php-5.1.6-3.6.fc6.i386.rpm 9e78d97bb36a1ad342b7e50fdff57350571e53a6 i386/php-mbstring-5.1.6-3.6.fc6.i386.rpm 95ee47c8ddd4e320a0271cd4036caf5befbefc1b i386/php-odbc-5.1.6-3.6.fc6.i386.rpm 96459f3dbc08507e742f7549d9c79ffd9f68802c i386/php-pgsql-5.1.6-3.6.fc6.i386.rpm b9b5b88f4e0f1f383152e92609d291a7f889362c i386/php-cli-5.1.6-3.6.fc6.i386.rpm 16d1d49c871f501c7ab94dea03abfb2a7b3a2d44 i386/php-bcmath-5.1.6-3.6.fc6.i386.rpm 4272095a7a88337ad1bd99f2fc513c9dea2fbc5a i386/php-pdo-5.1.6-3.6.fc6.i386.rpm fc84a09cd9fd46ea308b35f2c429d4b950f767c6 i386/debug/php-debuginfo-5.1.6-3.6.fc6.i386.rpm e89eff0339fb72a8a44f2aaa917739a3002d3c3b i386/php-ldap-5.1.6-3.6.fc6.i386.rpm 32770eea8b45127aab2bcb7d9941666622e35800 i386/php-soap-5.1.6-3.6.fc6.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. -