From Fedora Project Wiki

< FSA‎ | FC5

[SECURITY] Fedora Core 5 Update: php-5.1.6-1.5

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-455
2007-04-18
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : php
Version     : 5.1.6
Release     : 1.5
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update fixes a number of security issues in PHP.

A denial of service flaw was found in the way PHP processed
a deeply nested array. A remote attacker could cause the PHP
interpreter to crash by submitting an input variable with a
deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set
global variables. A script which used the mb_parse_str()
function to set global variables could be forced to enable
the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function
processed header data. If a script sent mail using a Subject
header containing a string from an untrusted source, a
remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd
extension. A script that could be forced to process WBMP
images from an untrusted source could result in arbitrary
code execution. (CVE-2007-1001)

A buffer over-read flaw was discovered in PHP's gd
extension. A script that could be forced to write arbitrary
strings using a JIS font from an untrusted source could
cause the PHP interpreter to crash. (CVE-2007-0455)
---------------------------------------------------------------------
* Thu Apr  5 2007 Joe Orton <jorton redhat com> 5.1.6-1.5
- add security fixes for CVE-2007-0455, CVE-2007-1001,
CVE-2007-1285, CVE-2007-1583, CVE-2007-1718 (#235364)
* Fri Feb 23 2007 Joe Orton <jorton redhat com> 5.1.6-1.4
- fix pdo-abi provide
* Tue Feb 20 2007 Joe Orton <jorton redhat com> 5.1.6-1.3
- add security fixes for: CVE-2007-0906, CVE-2007-0907,
CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988 (#228011)
* Fri Nov  3 2006 Joe Orton <jorton redhat com> 5.1.6-1.2
- add security fix for CVE-2006-5465 (#213732)
* Fri Oct  6 2006 Joe Orton <jorton redhat com> 5.1.6-1.1
- update to 5.1.6 (#201767, #204995)
- add fix for upstream #38801
- add security fix for CVE-2006-4812
- drop Obsoletes for mod_php (#194590)
- add php-pdo-abi versioning (#193202)
- move php{-config,ize} man pages to -devel (#199382)

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3acc2efde826494f4403464cab0ca7657100ebfb  SRPMS/php-5.1.6-1.5.src.rpm
3acc2efde826494f4403464cab0ca7657100ebfb  noarch/php-5.1.6-1.5.src.rpm
a58bd184ab0ce1fe0a5c8107e31d4f7f7a6c40ab  ppc/php-imap-5.1.6-1.5.ppc.rpm
2371ff00318392511255a098abe3dc60a02afc57  ppc/php-xml-5.1.6-1.5.ppc.rpm
67fc96ee713a8b232ca2235db81ec3ff34091d5e  ppc/php-snmp-5.1.6-1.5.ppc.rpm
8a358224691dad2a5a104f85273164833e1716ed  ppc/php-ncurses-5.1.6-1.5.ppc.rpm
bb92f83ca915d03aa32c271406605a093163171b  ppc/php-bcmath-5.1.6-1.5.ppc.rpm
9a0ba2559665bce0c4d98e84e368748a39d261aa  ppc/php-5.1.6-1.5.ppc.rpm
93733fb5febe43b95945b7fb14682a7c3e50d6e6  ppc/php-pdo-5.1.6-1.5.ppc.rpm
6259e0b788eecdc623175455d99ae2795d31b43a  ppc/php-devel-5.1.6-1.5.ppc.rpm
ce67182f097f10f8f164b256058d5373b0527fe6  ppc/php-xmlrpc-5.1.6-1.5.ppc.rpm
46412fad50c6b995e0845c937a9f66e2187d0141  ppc/php-soap-5.1.6-1.5.ppc.rpm
b648af44ace9e22057d2a42c7c874a85e6bd6a4a  ppc/php-odbc-5.1.6-1.5.ppc.rpm
0d2f2df06d1460640206cbbbb125614709792d21  ppc/php-dba-5.1.6-1.5.ppc.rpm
31528990ef677c95430426ae3334ab6666186766  ppc/php-mbstring-5.1.6-1.5.ppc.rpm
68ffe16f2bd35431bca5a5b7460013b7ef169083  ppc/php-gd-5.1.6-1.5.ppc.rpm
5fb8781025762d46e70ec8b9b8a35e3d31b5ed04  ppc/debug/php-debuginfo-5.1.6-1.5.ppc.rpm
f0eadde0805284ba5c11c177de0dc79abe43d79d  ppc/php-ldap-5.1.6-1.5.ppc.rpm
d2b14eba25de2c971cb229aa049b5fff0a516068  ppc/php-mysql-5.1.6-1.5.ppc.rpm
688327e56543579c4a2492edeb23d246a835017e  ppc/php-pgsql-5.1.6-1.5.ppc.rpm
a261ef8bec5f88705133aa6d819455a43cc85bcd  x86_64/php-mysql-5.1.6-1.5.x86_64.rpm
ec119d6df73f337e4c77f89824c1c71fcb41f148  x86_64/php-xml-5.1.6-1.5.x86_64.rpm
395d8f9d19755138343e8c29de0ecd633bfe1894  x86_64/php-soap-5.1.6-1.5.x86_64.rpm
7995f07ffd64492ea2b3164bfb3c091c69657703  x86_64/php-ncurses-5.1.6-1.5.x86_64.rpm
13c77b3cbf07db7881f885e85a74dde07c910b57  x86_64/php-5.1.6-1.5.x86_64.rpm
f285207c77e8d119fc741399c22af7ada04821db  x86_64/php-pdo-5.1.6-1.5.x86_64.rpm
612314a9dcc3fd058fc89dde4140b47af5587eca  x86_64/php-pgsql-5.1.6-1.5.x86_64.rpm
780e74eb7233c6caaab6d3b0013f0fb3425bcdfb  x86_64/php-ldap-5.1.6-1.5.x86_64.rpm
bda586c6d3129cd4ec3a954def127b5b5a74d7c4  x86_64/php-mbstring-5.1.6-1.5.x86_64.rpm
c4545ee4c0c266222d2767edc70a6c1890cefc26  x86_64/php-dba-5.1.6-1.5.x86_64.rpm
97b9935c912432ccac25185a5d1b61c282c574c9  x86_64/php-odbc-5.1.6-1.5.x86_64.rpm
77f7ada0f37bd8ee02c01438572d833e8bdace0f  x86_64/php-bcmath-5.1.6-1.5.x86_64.rpm
971ddb46656a97d7936baffa3f048d57591a5ea9  x86_64/php-xmlrpc-5.1.6-1.5.x86_64.rpm
f61bdeda008058af56ae95bb7b4095df619ea696  x86_64/php-devel-5.1.6-1.5.x86_64.rpm
8d33b1406833a0f9e291e69adeea2fd382708ec9  x86_64/php-snmp-5.1.6-1.5.x86_64.rpm
5dd0f84a2f6be21bed6db74292b617fd88a0f502  x86_64/debug/php-debuginfo-5.1.6-1.5.x86_64.rpm
7739c9ebafc087eb5e550be208c93e3e0782463c  x86_64/php-imap-5.1.6-1.5.x86_64.rpm
b8b31652e28d3ee2d31c644b2685639c161843f1  x86_64/php-gd-5.1.6-1.5.x86_64.rpm
5182fd38d92865263c2334b4889eb85eadf2d1be  i386/php-mbstring-5.1.6-1.5.i386.rpm
04f3f2f49ba7bfafdc4b6edfa87023f48d94f168  i386/php-xmlrpc-5.1.6-1.5.i386.rpm
80a526ca1f9a88a6acd2e307b8c297ffd77c4268  i386/php-dba-5.1.6-1.5.i386.rpm
a63ccf9714d62794eb43f3cd649eb55ddd932139  i386/php-devel-5.1.6-1.5.i386.rpm
fb29c291bddfbc1edbc22198308cc85248d79d58  i386/php-mysql-5.1.6-1.5.i386.rpm
8bd4b2f10dd2414bfb17bd7dab4c83c6b677f060  i386/php-snmp-5.1.6-1.5.i386.rpm
95fda6708a4456c0d35c9392e52cb294af3da7e5  i386/php-xml-5.1.6-1.5.i386.rpm
1a6285aae244b6c57a1ecb439b958a409276e45a  i386/php-pgsql-5.1.6-1.5.i386.rpm
766d8b6740ee93bf80123d6861fd7ff3fcbf1223  i386/php-bcmath-5.1.6-1.5.i386.rpm
9d5f62294afc525b6d0adcc22faab62ad9d9f290  i386/php-imap-5.1.6-1.5.i386.rpm
562d315769c26db6b75825993e854ecc73e816fa  i386/php-pdo-5.1.6-1.5.i386.rpm
fe3298930192b04874edd49f513cf6a1617e5f2f  i386/php-odbc-5.1.6-1.5.i386.rpm
5f00f0bdb98693b10410af42681b6909128c1ce1  i386/php-gd-5.1.6-1.5.i386.rpm
259da340d4e9c240e3a0577334e274461a6e6189  i386/php-5.1.6-1.5.i386.rpm
8867d1852d6fbe2178034840c651c14301982af5  i386/debug/php-debuginfo-5.1.6-1.5.i386.rpm
5b80f260aeb3ec189dbbb59efc672cff8a2ecf6f  i386/php-soap-5.1.6-1.5.i386.rpm
72693d70434fc6fc8281be8f85f6dcc3eb53a4a5  i386/php-ncurses-5.1.6-1.5.i386.rpm
9b3a6d07c3580034204654008fe8898a4e24c84c  i386/php-ldap-5.1.6-1.5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------