[SECURITY] Fedora Core 3 Update: php-4.3.11-2.8
Posted on: 11/08/2005 09:12 PM

A new update is available for Fedora Core - [SECURITY] Fedora Core 3 Update: php-4.3.11-2.8. Here the announcement:

Fedora Update Notification
FEDORA-2005-1061
2005-11-08
---------------------------------------------------------------------

Product : Fedora Core 3
Name : php
Version : 4.3.11
Release : 2.8
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)
---------------------------------------------------------------------
* Fri Nov 4 2005 Joe Orton lt;jorton@redhat.comgt; 4.3.11-2.8
- add security fixes from upstream:
* XSS issues in phpinfo() (CVE-2005-3388, #172212)
* GLOBALS handling (CVE-2005-3390, #172207)
* parse_str() enabling register_globals (CVE-2005-3389, #172209)
* exif: infinite recursion on corrupt JPEG (CVE-2005-3353)


---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

68724665fc23eb17fd5f6ab53a7a8578 SRPMS/php-4.3.11-2.8.src.rpm
6fe3ca959bf1ac54195cb1a0ece80161 x86_64/php-4.3.11-2.8.x86_64.rpm
52b086b6ae3b62b6b39850694306544f x86_64/php-devel-4.3.11-2.8.x86_64.rpm
c6a89e2a4974fa966adf9f1e1d19b1e3 x86_64/php-pear-4.3.11-2.8.x86_64.rpm
495ad7cec5eead31eaf655ecda78ffc4 x86_64/php-imap-4.3.11-2.8.x86_64.rpm
26e0c1d33f77040d732c16f01ecc469c x86_64/php-ldap-4.3.11-2.8.x86_64.rpm
5d99c02f4e8c71762421368f94be7cb6 x86_64/php-mysql-4.3.11-2.8.x86_64.rpm
ac907f06ae9ecaa185fdeba117d7a5f4 x86_64/php-pgsql-4.3.11-2.8.x86_64.rpm
4e8d7ee61c64683f5eb90a02fac4c71d x86_64/php-odbc-4.3.11-2.8.x86_64.rpm
2b59cd899b7640ff67918c02f0b83c9b x86_64/php-snmp-4.3.11-2.8.x86_64.rpm
50c12c4604d7fa6ed6d423732dad41cd x86_64/php-domxml-4.3.11-2.8.x86_64.rpm
ed79ef8a38f3112fb90b5087730a2372 x86_64/php-xmlrpc-4.3.11-2.8.x86_64.rpm
ed7b9255c03b60c57c64ec065b7bcb82 x86_64/php-mbstring-4.3.11-2.8.x86_64.rpm
cac58fd700a3e3f5493e37b062407968 x86_64/php-ncurses-4.3.11-2.8.x86_64.rpm
3aefa8e720ef35c0a4a18de7f1dc8736 x86_64/php-gd-4.3.11-2.8.x86_64.rpm
4bd7ffa3c678ae086c9a688bbdedaf67 x86_64/debug/php-debuginfo-4.3.11-2.8.x86_64.rpm
b03e664e7299012091046f8c6d4113e5 i386/php-4.3.11-2.8.i386.rpm
7a2f5d835948e35cdd0dd3689b27ffef i386/php-devel-4.3.11-2.8.i386.rpm
0263c49fdf67f20293b70f97536f3343 i386/php-pear-4.3.11-2.8.i386.rpm
ebdd6d6529c4348fe2ed7ae3df166acc i386/php-imap-4.3.11-2.8.i386.rpm
3a98ee4ea5066f91dc4d2a19a040f949 i386/php-ldap-4.3.11-2.8.i386.rpm
0f30bca149e3e13a01255b66843bc1e6 i386/php-mysql-4.3.11-2.8.i386.rpm
9193d56cae5d3b292de0b53a33559c2a i386/php-pgsql-4.3.11-2.8.i386.rpm
e69f716a3e0115e7143ed79bcc6c93fe i386/php-odbc-4.3.11-2.8.i386.rpm
b291a190a62bafa094d193be6f5a16aa i386/php-snmp-4.3.11-2.8.i386.rpm
c0422acefee1c4de9ab681c4e23e1233 i386/php-domxml-4.3.11-2.8.i386.rpm
5fafa898dd4512197186ac552566b83b i386/php-xmlrpc-4.3.11-2.8.i386.rpm
746dbb670f222d4b4618ea6d62f1489c i386/php-mbstring-4.3.11-2.8.i386.rpm
e28a918dd7533591e376db828b840878 i386/php-ncurses-4.3.11-2.8.i386.rpm
f4bb825f723c15f0c86ab87c25483ee1 i386/php-gd-4.3.11-2.8.i386.rpm
c68cdde6bf01755485d6e33f1e3c4243 i386/debug/php-debuginfo-4.3.11-2.8.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_fedora_core_3_update_php_4311_28.html)