FSA/FC5/FEDORA-2007-455

[SECURITY] Fedora Core 5 Update: php-5.1.6-1.5
- Fedora Update Notification FEDORA-2007-455 2007-04-18 -

Product    : Fedora Core 5 Name       : php Version    : 5.1.6 Release    : 1.5 Summary    : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.

- Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary strings using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) - - add security fixes for CVE-2007-0455, CVE-2007-1001, CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364) - fix pdo-abi provide - add security fixes for: CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011) - add security fix for CVE-2006-5465 (#213732) - update to 5.1.6 (#201767, #204995) - add fix for upstream #38801 - add security fix for CVE-2006-4812 - drop Obsoletes for mod_php (#194590) - add php-pdo-abi versioning (#193202) - move php{-config,ize} man pages to -devel (#199382)
 * Thu Apr 5 2007 Joe Orton 5.1.6-1.5
 * Fri Feb 23 2007 Joe Orton 5.1.6-1.4
 * Tue Feb 20 2007 Joe Orton 5.1.6-1.3
 * Fri Nov 3 2006 Joe Orton 5.1.6-1.2
 * Fri Oct 6 2006 Joe Orton 5.1.6-1.1

- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3acc2efde826494f4403464cab0ca7657100ebfb SRPMS/php-5.1.6-1.5.src.rpm 3acc2efde826494f4403464cab0ca7657100ebfb noarch/php-5.1.6-1.5.src.rpm a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab ppc/php-imap-5.1.6-1.5.ppc.rpm 2371ff00318392511255a098abe3dc60a02afc57 ppc/php-xml-5.1.6-1.5.ppc.rpm 67fc96ee713a8b232ca2235db81ec3ff34091d5e ppc/php-snmp-5.1.6-1.5.ppc.rpm 8a358224691dad2a5a104f85273164833e1716ed ppc/php-ncurses-5.1.6-1.5.ppc.rpm bb92f83ca915d03aa32c271406605a093163171b ppc/php-bcmath-5.1.6-1.5.ppc.rpm 9a0ba2559665bce0c4d98e84e368748a39d261aa ppc/php-5.1.6-1.5.ppc.rpm 93733fb5febe43b95945b7fb14682a7c3e50d6e6 ppc/php-pdo-5.1.6-1.5.ppc.rpm 6259e0b788eecdc623175455d99ae2795d31b43a ppc/php-devel-5.1.6-1.5.ppc.rpm ce67182f097f10f8f164b256058d5373b0527fe6 ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm 46412fad50c6b995e0845c937a9f66e2187d0141 ppc/php-soap-5.1.6-1.5.ppc.rpm b648af44ace9e22057d2a42c7c874a85e6bd6a4a ppc/php-odbc-5.1.6-1.5.ppc.rpm 0d2f2df06d1460640206cbbbb125614709792d21 ppc/php-dba-5.1.6-1.5.ppc.rpm 31528990ef677c95430426ae3334ab6666186766 ppc/php-mbstring-5.1.6-1.5.ppc.rpm 68ffe16f2bd35431bca5a5b7460013b7ef169083 ppc/php-gd-5.1.6-1.5.ppc.rpm 5fb8781025762d46e70ec8b9b8a35e3d31b5ed04 ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm f0eadde0805284ba5c11c177de0dc79abe43d79d ppc/php-ldap-5.1.6-1.5.ppc.rpm d2b14eba25de2c971cb229aa049b5fff0a516068 ppc/php-mysql-5.1.6-1.5.ppc.rpm 688327e56543579c4a2492edeb23d246a835017e ppc/php-pgsql-5.1.6-1.5.ppc.rpm a261ef8bec5f88705133aa6d819455a43cc85bcd x86_64/php-mysql-5.1.6-1.5.x86_64.rpm ec119d6df73f337e4c77f89824c1c71fcb41f148 x86_64/php-xml-5.1.6-1.5.x86_64.rpm 395d8f9d19755138343e8c29de0ecd633bfe1894 x86_64/php-soap-5.1.6-1.5.x86_64.rpm 7995f07ffd64492ea2b3164bfb3c091c69657703 x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm 13c77b3cbf07db7881f885e85a74dde07c910b57 x86_64/php-5.1.6-1.5.x86_64.rpm f285207c77e8d119fc741399c22af7ada04821db x86_64/php-pdo-5.1.6-1.5.x86_64.rpm 612314a9dcc3fd058fc89dde4140b47af5587eca x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm 780e74eb7233c6caaab6d3b0013f0fb3425bcdfb x86_64/php-ldap-5.1.6-1.5.x86_64.rpm bda586c6d3129cd4ec3a954def127b5b5a74d7c4 x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm c4545ee4c0c266222d2767edc70a6c1890cefc26 x86_64/php-dba-5.1.6-1.5.x86_64.rpm 97b9935c912432ccac25185a5d1b61c282c574c9 x86_64/php-odbc-5.1.6-1.5.x86_64.rpm 77f7ada0f37bd8ee02c01438572d833e8bdace0f x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm 971ddb46656a97d7936baffa3f048d57591a5ea9 x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm f61bdeda008058af56ae95bb7b4095df619ea696 x86_64/php-devel-5.1.6-1.5.x86_64.rpm 8d33b1406833a0f9e291e69adeea2fd382708ec9 x86_64/php-snmp-5.1.6-1.5.x86_64.rpm 5dd0f84a2f6be21bed6db74292b617fd88a0f502 x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm 7739c9ebafc087eb5e550be208c93e3e0782463c x86_64/php-imap-5.1.6-1.5.x86_64.rpm b8b31652e28d3ee2d31c644b2685639c161843f1 x86_64/php-gd-5.1.6-1.5.x86_64.rpm 5182fd38d92865263c2334b4889eb85eadf2d1be i386/php-mbstring-5.1.6-1.5.i386.rpm 04f3f2f49ba7bfafdc4b6edfa87023f48d94f168 i386/php-xmlrpc-5.1.6-1.5.i386.rpm 80a526ca1f9a88a6acd2e307b8c297ffd77c4268 i386/php-dba-5.1.6-1.5.i386.rpm a63ccf9714d62794eb43f3cd649eb55ddd932139 i386/php-devel-5.1.6-1.5.i386.rpm fb29c291bddfbc1edbc22198308cc85248d79d58 i386/php-mysql-5.1.6-1.5.i386.rpm 8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060 i386/php-snmp-5.1.6-1.5.i386.rpm 95fda6708a4456c0d35c9392e52cb294af3da7e5 i386/php-xml-5.1.6-1.5.i386.rpm 1a6285aae244b6c57a1ecb439b958a409276e45a i386/php-pgsql-5.1.6-1.5.i386.rpm 766d8b6740ee93bf80123d6861fd7ff3fcbf1223 i386/php-bcmath-5.1.6-1.5.i386.rpm 9d5f62294afc525b6d0adcc22faab62ad9d9f290 i386/php-imap-5.1.6-1.5.i386.rpm 562d315769c26db6b75825993e854ecc73e816fa i386/php-pdo-5.1.6-1.5.i386.rpm fe3298930192b04874edd49f513cf6a1617e5f2f i386/php-odbc-5.1.6-1.5.i386.rpm 5f00f0bdb98693b10410af42681b6909128c1ce1 i386/php-gd-5.1.6-1.5.i386.rpm 259da340d4e9c240e3a0577334e274461a6e6189 i386/php-5.1.6-1.5.i386.rpm 8867d1852d6fbe2178034840c651c14301982af5 i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm 5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f i386/php-soap-5.1.6-1.5.i386.rpm 72693d70434fc6fc8281be8f85f6dcc3eb53a4a5 i386/php-ncurses-5.1.6-1.5.i386.rpm 9b3a6d07c3580034204654008fe8898a4e24c84c i386/php-ldap-5.1.6-1.5.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. -