RHSA-2007:0082-02 Important: php security update
Posted on: 03/14/2007 06:40 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: php security update
Advisory ID: RHSA-2007:0082-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0082.html
Issue date: 2007-03-13
Updated on: 2007-03-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0906 CVE-2007-0907 CVE-2007-0908
CVE-2007-0909 CVE-2007-0988 CVE-2007-0910
CVE-2007-1285
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer
overflow could occur in memory allocation. If a script used the
imap_mail_compose() function to create a new MIME message based on an
input body from an untrusted source, it could result in a heap overflow.
An attacker with access to a PHP application affected by any these issues
could trigger the flaws and possibly execute arbitrary code as the
'apache' user. (CVE-2007-0906)

When unserializing untrusted data on 64-bit platforms, the
zend_hash_init() function could be forced into an infinite loop, consuming
CPU resources for a limited time, until the script timeout alarm aborted
execution of the script. (CVE-2007-0988)

If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)

If the odbc_result_all() function was used to display data from a
database, and the database table contents were under an attacker's
control, a format string vulnerability was possible which could allow
arbitrary code execution. (CVE-2007-0909)

A one byte memory read always occurs before the beginning of a buffer.
This could be triggered, for example, by any use of the header() function
in a script. However it is unlikely that this would have any effect.
(CVE-2007-0907)

Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. (CVE-2007-0910)

An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.
(CVE-2007-1285)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229013 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988)
231597 - CVE-2007-1285 PHP Variable Destructor Deep Recursion Stack Overflow

6. RPMs required:

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/php-5.1.6-7.el5.src.rpm
d346826e0a542ea5f6a0c21ec5c0de89 php-5.1.6-7.el5.src.rpm

i386:
a769b8752da878a65ad0991e5f35f1f3 php-5.1.6-7.el5.i386.rpm
26c852cd82b4a12e69fda6cc8a915ff2 php-bcmath-5.1.6-7.el5.i386.rpm
091678f9d2328099ef5e04fc97df370b php-cli-5.1.6-7.el5.i386.rpm
d41ed2907aec10d018e934c0c24c3ef6 php-common-5.1.6-7.el5.i386.rpm
97be9e8c8bfd86eead518ca713160b09 php-dba-5.1.6-7.el5.i386.rpm
975b56045493472002d6f670adc77a9e php-debuginfo-5.1.6-7.el5.i386.rpm
c5d05e5fc1b528ffdb140c9d6a6e273d php-devel-5.1.6-7.el5.i386.rpm
7d341380dc2fcbc68acb88c950e91aaa php-gd-5.1.6-7.el5.i386.rpm
269b687f020b595b6a9447a1c361c559 php-imap-5.1.6-7.el5.i386.rpm
34f13e8e682038c7b4523a1db3507b17 php-ldap-5.1.6-7.el5.i386.rpm
926de31a1232612a801e75ffda10a922 php-mbstring-5.1.6-7.el5.i386.rpm
60bf1b4f73996c34a2e2533925b58799 php-mysql-5.1.6-7.el5.i386.rpm
ed479d680c6766b3f21a8ee3340c4cc6 php-ncurses-5.1.6-7.el5.i386.rpm
795129d527b17823d1b9ac0fb612a397 php-odbc-5.1.6-7.el5.i386.rpm
0c57393535d5823010d992dabcebe745 php-pdo-5.1.6-7.el5.i386.rpm
753ace56f59708f10e4ad03d466d0471 php-pgsql-5.1.6-7.el5.i386.rpm
31d5fe411fc3d13715c61da09e8a3b34 php-snmp-5.1.6-7.el5.i386.rpm
3778e27df82016b0726b54febaed59cb php-soap-5.1.6-7.el5.i386.rpm
9d091c7a236f7a3c465899ee787e94a8 php-xml-5.1.6-7.el5.i386.rpm
b5d9236d70e76d14cac5acda60275d0c php-xmlrpc-5.1.6-7.el5.i386.rpm

x86_64:
71badbd6e44d51cfba34a32a23cd95b2 php-5.1.6-7.el5.x86_64.rpm
960ae9a9d0e00cd547da7eec1955a5d9 php-bcmath-5.1.6-7.el5.x86_64.rpm
c9d24ac66104b4d096acb6822fb9f8c6 php-cli-5.1.6-7.el5.x86_64.rpm
1cd6237e2d51c55c19d6d3b7e2f81f5e php-common-5.1.6-7.el5.x86_64.rpm
b079b7af288906711ccd3bf02b1a0027 php-dba-5.1.6-7.el5.x86_64.rpm
84f7f59eaab122c2e147279cb2bb23b3 php-debuginfo-5.1.6-7.el5.x86_64.rpm
6c69af2c7ed239a43c518b272c6cd3c8 php-devel-5.1.6-7.el5.x86_64.rpm
f2c4004d69f4eb094e80f5829fb33fc3 php-gd-5.1.6-7.el5.x86_64.rpm
26c944eb0a556ba0d6a634613b7f67bb php-imap-5.1.6-7.el5.x86_64.rpm
eff06352104b02ccc24a85e68714a9e2 php-ldap-5.1.6-7.el5.x86_64.rpm
39592d7a4e4c48323ba426f48a56647d php-mbstring-5.1.6-7.el5.x86_64.rpm
a5224c1cc1b10ebe5e4173e933ae5767 php-mysql-5.1.6-7.el5.x86_64.rpm
d3c8038ca9e8ac81aab049a2147b50b7 php-ncurses-5.1.6-7.el5.x86_64.rpm
67e7ee807842e2c6963b0fe558b8f311 php-odbc-5.1.6-7.el5.x86_64.rpm
c89b0119f58fd306ac673f338cc15b5f php-pdo-5.1.6-7.el5.x86_64.rpm
55338806427f9d63e7400410ab563198 php-pgsql-5.1.6-7.el5.x86_64.rpm
b4c50e81b595e80ef9aa09f53c7c5eed php-snmp-5.1.6-7.el5.x86_64.rpm
dd23b2ff36947c8bfe99e089837f664f php-soap-5.1.6-7.el5.x86_64.rpm
71ea5f61663fd7e3d5c344eb7bfdce9a php-xml-5.1.6-7.el5.x86_64.rpm
98ad623c7547160267c38608882c4109 php-xmlrpc-5.1.6-7.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/php-5.1.6-7.el5.src.rpm
d346826e0a542ea5f6a0c21ec5c0de89 php-5.1.6-7.el5.src.rpm

i386:
a769b8752da878a65ad0991e5f35f1f3 php-5.1.6-7.el5.i386.rpm
26c852cd82b4a12e69fda6cc8a915ff2 php-bcmath-5.1.6-7.el5.i386.rpm
091678f9d2328099ef5e04fc97df370b php-cli-5.1.6-7.el5.i386.rpm
d41ed2907aec10d018e934c0c24c3ef6 php-common-5.1.6-7.el5.i386.rpm
97be9e8c8bfd86eead518ca713160b09 php-dba-5.1.6-7.el5.i386.rpm
975b56045493472002d6f670adc77a9e php-debuginfo-5.1.6-7.el5.i386.rpm
c5d05e5fc1b528ffdb140c9d6a6e273d php-devel-5.1.6-7.el5.i386.rpm
7d341380dc2fcbc68acb88c950e91aaa php-gd-5.1.6-7.el5.i386.rpm
269b687f020b595b6a9447a1c361c559 php-imap-5.1.6-7.el5.i386.rpm
34f13e8e682038c7b4523a1db3507b17 php-ldap-5.1.6-7.el5.i386.rpm
926de31a1232612a801e75ffda10a922 php-mbstring-5.1.6-7.el5.i386.rpm
60bf1b4f73996c34a2e2533925b58799 php-mysql-5.1.6-7.el5.i386.rpm
ed479d680c6766b3f21a8ee3340c4cc6 php-ncurses-5.1.6-7.el5.i386.rpm
795129d527b17823d1b9ac0fb612a397 php-odbc-5.1.6-7.el5.i386.rpm
0c57393535d5823010d992dabcebe745 php-pdo-5.1.6-7.el5.i386.rpm
753ace56f59708f10e4ad03d466d0471 php-pgsql-5.1.6-7.el5.i386.rpm
31d5fe411fc3d13715c61da09e8a3b34 php-snmp-5.1.6-7.el5.i386.rpm
3778e27df82016b0726b54febaed59cb php-soap-5.1.6-7.el5.i386.rpm
9d091c7a236f7a3c465899ee787e94a8 php-xml-5.1.6-7.el5.i386.rpm
b5d9236d70e76d14cac5acda60275d0c php-xmlrpc-5.1.6-7.el5.i386.rpm

ia64:
59deca45db02df88f078a90d4b63a5e0 php-5.1.6-7.el5.ia64.rpm
78724383db37df0b5b6d3238d0546a4b php-bcmath-5.1.6-7.el5.ia64.rpm
35a4becee4cba77a326cb5065e518aac php-cli-5.1.6-7.el5.ia64.rpm
81211a5929b97c9b61f768ef7afa59fa php-common-5.1.6-7.el5.ia64.rpm
a30941ed55d65041bd2fc02da0b4eec5 php-dba-5.1.6-7.el5.ia64.rpm
5303ed94098f13a8a73f616930a38bee php-debuginfo-5.1.6-7.el5.ia64.rpm
44c8d443ec2c792f7645492956795d8c php-devel-5.1.6-7.el5.ia64.rpm
956d3a5cfad2ced91d9abd53c2d54d2e php-gd-5.1.6-7.el5.ia64.rpm
7d1dc114f00391a3ed80b7abce52bd42 php-imap-5.1.6-7.el5.ia64.rpm
c9f494abcaccb0dc69f5da39b5ef6e3c php-ldap-5.1.6-7.el5.ia64.rpm
54c5bf8b6188859ccf89bd8ee5f1479c php-mbstring-5.1.6-7.el5.ia64.rpm
cdd50f81d23f0970cbf6676943024e27 php-mysql-5.1.6-7.el5.ia64.rpm
363ef052d679f52e52060596971d984e php-ncurses-5.1.6-7.el5.ia64.rpm
8e74366714aa43bca1ee3d7523e3308d php-odbc-5.1.6-7.el5.ia64.rpm
a31e6f3cb40333d91cfea4cc1dc31be5 php-pdo-5.1.6-7.el5.ia64.rpm
c8a9283cb3b466074f8e2b5b71695cf9 php-pgsql-5.1.6-7.el5.ia64.rpm
54b5685395b3e38507253f6fceb3ad7a php-snmp-5.1.6-7.el5.ia64.rpm
4fa28d4d0eea108631ae11dc24c507a7 php-soap-5.1.6-7.el5.ia64.rpm
f3b3cf435a9a27ea4508508b52be5e51 php-xml-5.1.6-7.el5.ia64.rpm
ba31d4201e6ba1c47a2be5d205ea320b php-xmlrpc-5.1.6-7.el5.ia64.rpm

ppc:
b1431b1febce8f6a0da1b706b3e4a65d php-5.1.6-7.el5.ppc.rpm
f6a464c2ee63ce883b41b6bd06c2525d php-bcmath-5.1.6-7.el5.ppc.rpm
9c08683931c05da19969c88ed37dfa20 php-cli-5.1.6-7.el5.ppc.rpm
976bc9b3bef1c643d5f2bc4f4889263c php-common-5.1.6-7.el5.ppc.rpm
41f8e6c1d21bf2aaecbd5f99aef96fc8 php-dba-5.1.6-7.el5.ppc.rpm
7f78105c12345bd1d8df7189b94f4c39 php-debuginfo-5.1.6-7.el5.ppc.rpm
56718bdd1283ebcf7d8e482e9b4bb45e php-devel-5.1.6-7.el5.ppc.rpm
a884ad0bb5c9ccddb2aa48e5ec84b0ea php-gd-5.1.6-7.el5.ppc.rpm
966418dde96d45630db83ab784a07b23 php-imap-5.1.6-7.el5.ppc.rpm
d13978e5285271326934106918a6c272 php-ldap-5.1.6-7.el5.ppc.rpm
d1e1122d2723ce66af63298629703d49 php-mbstring-5.1.6-7.el5.ppc.rpm
292b11fbcc67e277e0971758a55a60e1 php-mysql-5.1.6-7.el5.ppc.rpm
57763f1feff7a785191d5224a1ae9290 php-ncurses-5.1.6-7.el5.ppc.rpm
aac7f53adff7b9173fc581be6809cedc php-odbc-5.1.6-7.el5.ppc.rpm
6aec0a62b0305cd4a887bb3d54b6ab91 php-pdo-5.1.6-7.el5.ppc.rpm
91a79293698ccafcea817a49576b6b1c php-pgsql-5.1.6-7.el5.ppc.rpm
8176898811a0e898bfb0158adcd1228f php-snmp-5.1.6-7.el5.ppc.rpm
cd324c31c751ce87d5e2875811979d7e php-soap-5.1.6-7.el5.ppc.rpm
8374aaa3195e80cf03f21970aacdea06 php-xml-5.1.6-7.el5.ppc.rpm
1699a4cede424374f53db51a40d6c23f php-xmlrpc-5.1.6-7.el5.ppc.rpm

s390x:
b4a2955f08aa005731c012c813801d5b php-5.1.6-7.el5.s390x.rpm
b56b3928b80aeabef61cbe3198e482d2 php-bcmath-5.1.6-7.el5.s390x.rpm
7443d3356b3d062889d44eab3863fc8a php-cli-5.1.6-7.el5.s390x.rpm
49c9eef065dbde46a4dd48cd074e004f php-common-5.1.6-7.el5.s390x.rpm
d2cfd29995ce8dca7db53b85634dfe18 php-dba-5.1.6-7.el5.s390x.rpm
a8d0842fc94886bfed462d5df2be7de1 php-debuginfo-5.1.6-7.el5.s390x.rpm
37d02d98287aa59b7ebd1dd5b2ea3f04 php-devel-5.1.6-7.el5.s390x.rpm
9efbd00b56547364d6ca50e8c1321d00 php-gd-5.1.6-7.el5.s390x.rpm
75932b10f243bace44feaad9370dd9a8 php-imap-5.1.6-7.el5.s390x.rpm
6f45228c38354873e0d6b72a371ff932 php-ldap-5.1.6-7.el5.s390x.rpm
2b4708e0e7d21060c57a84721d714c26 php-mbstring-5.1.6-7.el5.s390x.rpm
0b6d512aeb6489877db6aefaf0e2df09 php-mysql-5.1.6-7.el5.s390x.rpm
9f7f86b4d351f5bd2c44b909c0911c4c php-ncurses-5.1.6-7.el5.s390x.rpm
d488c8e34ed2d15d4cd1d66e3757da0e php-odbc-5.1.6-7.el5.s390x.rpm
28628c46d048241cf3670b93309a364b php-pdo-5.1.6-7.el5.s390x.rpm
768215dba4ffd10112b7d31507898802 php-pgsql-5.1.6-7.el5.s390x.rpm
95755db467614b64b65531616206bb3e php-snmp-5.1.6-7.el5.s390x.rpm
48d2893c0e654f5973ca6588faa362d9 php-soap-5.1.6-7.el5.s390x.rpm
01ecda2d3055673ade18449218ca1995 php-xml-5.1.6-7.el5.s390x.rpm
cac4acbde1d01621fe6bf9ca332e4ebc php-xmlrpc-5.1.6-7.el5.s390x.rpm

x86_64:
71badbd6e44d51cfba34a32a23cd95b2 php-5.1.6-7.el5.x86_64.rpm
960ae9a9d0e00cd547da7eec1955a5d9 php-bcmath-5.1.6-7.el5.x86_64.rpm
c9d24ac66104b4d096acb6822fb9f8c6 php-cli-5.1.6-7.el5.x86_64.rpm
1cd6237e2d51c55c19d6d3b7e2f81f5e php-common-5.1.6-7.el5.x86_64.rpm
b079b7af288906711ccd3bf02b1a0027 php-dba-5.1.6-7.el5.x86_64.rpm
84f7f59eaab122c2e147279cb2bb23b3 php-debuginfo-5.1.6-7.el5.x86_64.rpm
6c69af2c7ed239a43c518b272c6cd3c8 php-devel-5.1.6-7.el5.x86_64.rpm
f2c4004d69f4eb094e80f5829fb33fc3 php-gd-5.1.6-7.el5.x86_64.rpm
26c944eb0a556ba0d6a634613b7f67bb php-imap-5.1.6-7.el5.x86_64.rpm
eff06352104b02ccc24a85e68714a9e2 php-ldap-5.1.6-7.el5.x86_64.rpm
39592d7a4e4c48323ba426f48a56647d php-mbstring-5.1.6-7.el5.x86_64.rpm
a5224c1cc1b10ebe5e4173e933ae5767 php-mysql-5.1.6-7.el5.x86_64.rpm
d3c8038ca9e8ac81aab049a2147b50b7 php-ncurses-5.1.6-7.el5.x86_64.rpm
67e7ee807842e2c6963b0fe558b8f311 php-odbc-5.1.6-7.el5.x86_64.rpm
c89b0119f58fd306ac673f338cc15b5f php-pdo-5.1.6-7.el5.x86_64.rpm
55338806427f9d63e7400410ab563198 php-pgsql-5.1.6-7.el5.x86_64.rpm
b4c50e81b595e80ef9aa09f53c7c5eed php-snmp-5.1.6-7.el5.x86_64.rpm
dd23b2ff36947c8bfe99e089837f664f php-soap-5.1.6-7.el5.x86_64.rpm
71ea5f61663fd7e3d5c344eb7bfdce9a php-xml-5.1.6-7.el5.x86_64.rpm
98ad623c7547160267c38608882c4109 php-xmlrpc-5.1.6-7.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1285
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFF+BaNXlSAg2UNWIIRAhxfAJ9ip8A1CTLUML/z4PpO+CXcZMU0tQCgrosR
pesgJ9SMJSFRFvqeJna4aPI=
=k5xl
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20070082_02_important_php_security_update.html)