[RHSA-2007:0088-01] Important: php security update

bugzilla at redhat.com bugzilla at redhat.com
Thu Feb 22 11:13:08 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: php security update
Advisory ID:       RHSA-2007:0088-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0088.html
Issue date:        2007-02-22
Updated on:        2007-02-22
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 
                   CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack v1.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server. 

A number of buffer overflow flaws were found in the PHP session extension;
the str_replace() function; and the imap_mail_compose() function. If very
long strings were passed to the str_replace() function, an integer overflow
could occur in memory allocation. If a script used the imap_mail_compose()
function to create a new MIME message based on an input body from an
untrusted source, it could result in a heap overflow. An attacker with
access to a PHP application affected by any these issues could trigger the
flaws and possibly execute arbitrary code as the 'apache' user.
(CVE-2007-0906)

When unserializing untrusted data on 64-bit platforms, the zend_hash_init()
function could be forced into an infinite loop, consuming CPU resources for
a limited time, until the script timeout alarm aborted execution of the
script. (CVE-2007-0988)

If the wddx extension was used to import WDDX data from an untrusted
source, certain WDDX input packets could expose a random portion of heap
memory. (CVE-2007-0908)

If the odbc_result_all() function was used to display data from a database,
and the database table contents were under an attacker's control, a format
string vulnerability was possible which could allow arbitrary code
execution. (CVE-2007-0909)

A one byte memory read always occurs before the beginning of a buffer. This
could be triggered, for example, by any use of the header() function in a
script. However it is unlikely that this would have any effect.
(CVE-2007-0907)

Several flaws in PHP could allow attackers to "clobber" certain
super-global variables via unspecified vectors. (CVE-2007-0910)

Red Hat would like to thank Stefan Esser for his help diagnosing these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229337 - CVE-2007-0906 PHP security issues (CVE-2007-0907, CVE-2007-0908, CVE-2007-0909,  CVE-2007-0910, CVE-2007-0988)

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.5.src.rpm
65c254f44be0f72149d1a6d2481f83d1  php-5.1.6-3.el4s1.5.src.rpm

i386:
78d8e01b70f58962f336c8bfb5ba4b96  php-5.1.6-3.el4s1.5.i386.rpm
6d2e8fa3d1b7c38b238e1ac3f7476956  php-bcmath-5.1.6-3.el4s1.5.i386.rpm
6b8b46df3e7baa0f8d3f172f17282259  php-cli-5.1.6-3.el4s1.5.i386.rpm
8ced783df3b11e6d0f6dd1f6b6829fdf  php-common-5.1.6-3.el4s1.5.i386.rpm
740a6c287dcbac0661a253ed3ff66814  php-dba-5.1.6-3.el4s1.5.i386.rpm
f7e791945b706248c53a01c1b45bfdce  php-debuginfo-5.1.6-3.el4s1.5.i386.rpm
f35f870ec7d08950d8e62ce9525c4c70  php-devel-5.1.6-3.el4s1.5.i386.rpm
23e2fd214a78125b380c59dce8b866cc  php-gd-5.1.6-3.el4s1.5.i386.rpm
ffca8a8be48b47ac67d3dafe706a17c6  php-imap-5.1.6-3.el4s1.5.i386.rpm
4c1f239d32b5e6ae2e26198116a2df40  php-ldap-5.1.6-3.el4s1.5.i386.rpm
4ab5f2d77d903027e47cde5ce2b00391  php-mbstring-5.1.6-3.el4s1.5.i386.rpm
70f18b061ad856f91d752afc602321fb  php-mysql-5.1.6-3.el4s1.5.i386.rpm
dc8653b119d187f4502ea7768d0b4df3  php-ncurses-5.1.6-3.el4s1.5.i386.rpm
eaeeb0c20afcc2f6092f2ee86026b289  php-odbc-5.1.6-3.el4s1.5.i386.rpm
8626f179feb2edf6a65592e8b7ccf4ac  php-pdo-5.1.6-3.el4s1.5.i386.rpm
29394ec7b3a94bf7800984b6261645dc  php-pgsql-5.1.6-3.el4s1.5.i386.rpm
1458d727cb6e7ca1f8b157e7e9e6647b  php-snmp-5.1.6-3.el4s1.5.i386.rpm
2852e877c69badc913b3d45508f6174d  php-soap-5.1.6-3.el4s1.5.i386.rpm
83fc3d913035f739d9f467760141131a  php-xml-5.1.6-3.el4s1.5.i386.rpm
72e4d8d62154edd162e302e4ef998237  php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm

x86_64:
9febc8aa7713fcc6e6d782e8cfad8b6b  php-5.1.6-3.el4s1.5.x86_64.rpm
a50b99d084118534a60713dc7072bfe8  php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm
ec1c3659254920ee751528b70048dc8f  php-cli-5.1.6-3.el4s1.5.x86_64.rpm
a5d8daf2c536b025cc7916c93b29dba9  php-common-5.1.6-3.el4s1.5.x86_64.rpm
6759778469af7a9a70258aa3e07e57fc  php-dba-5.1.6-3.el4s1.5.x86_64.rpm
fdcc247456d423f893f83277525191d0  php-debuginfo-5.1.6-3.el4s1.5.x86_64.rpm
f2d186ccf814a716661e05f9b9e8b968  php-devel-5.1.6-3.el4s1.5.x86_64.rpm
e9ae0a6fcb0a383c5e0ccce6d5625d10  php-gd-5.1.6-3.el4s1.5.x86_64.rpm
007ccf652a68a291f02ea20a64b17c19  php-imap-5.1.6-3.el4s1.5.x86_64.rpm
e3438ac7fa45ec4d18c5b440e6ab8b51  php-ldap-5.1.6-3.el4s1.5.x86_64.rpm
2ff48b915dd6a96e0218fbd22eb38e18  php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm
a7249f1c5007a3cbaa1db03db1947e08  php-mysql-5.1.6-3.el4s1.5.x86_64.rpm
6bca262f258fa401f85ba494b2c31e6f  php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm
f0300356cfa9a0ec53f06b22bf9831bc  php-odbc-5.1.6-3.el4s1.5.x86_64.rpm
cc1d0f4eb90a42bf2b97c901dc7e675e  php-pdo-5.1.6-3.el4s1.5.x86_64.rpm
281e15be5c482bf80b9b364baa18c464  php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm
5974ebe042e427a9bb63ebc3efd0e503  php-snmp-5.1.6-3.el4s1.5.x86_64.rpm
5504e7372468eb793607c7050109a7c9  php-soap-5.1.6-3.el4s1.5.x86_64.rpm
ec5eeca15244e5e676c2dd438bc4add0  php-xml-5.1.6-3.el4s1.5.x86_64.rpm
55e2405c3136cd7ba733391770d8e4ba  php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.5.src.rpm
65c254f44be0f72149d1a6d2481f83d1  php-5.1.6-3.el4s1.5.src.rpm

i386:
78d8e01b70f58962f336c8bfb5ba4b96  php-5.1.6-3.el4s1.5.i386.rpm
6d2e8fa3d1b7c38b238e1ac3f7476956  php-bcmath-5.1.6-3.el4s1.5.i386.rpm
6b8b46df3e7baa0f8d3f172f17282259  php-cli-5.1.6-3.el4s1.5.i386.rpm
8ced783df3b11e6d0f6dd1f6b6829fdf  php-common-5.1.6-3.el4s1.5.i386.rpm
740a6c287dcbac0661a253ed3ff66814  php-dba-5.1.6-3.el4s1.5.i386.rpm
f7e791945b706248c53a01c1b45bfdce  php-debuginfo-5.1.6-3.el4s1.5.i386.rpm
f35f870ec7d08950d8e62ce9525c4c70  php-devel-5.1.6-3.el4s1.5.i386.rpm
23e2fd214a78125b380c59dce8b866cc  php-gd-5.1.6-3.el4s1.5.i386.rpm
ffca8a8be48b47ac67d3dafe706a17c6  php-imap-5.1.6-3.el4s1.5.i386.rpm
4c1f239d32b5e6ae2e26198116a2df40  php-ldap-5.1.6-3.el4s1.5.i386.rpm
4ab5f2d77d903027e47cde5ce2b00391  php-mbstring-5.1.6-3.el4s1.5.i386.rpm
70f18b061ad856f91d752afc602321fb  php-mysql-5.1.6-3.el4s1.5.i386.rpm
dc8653b119d187f4502ea7768d0b4df3  php-ncurses-5.1.6-3.el4s1.5.i386.rpm
eaeeb0c20afcc2f6092f2ee86026b289  php-odbc-5.1.6-3.el4s1.5.i386.rpm
8626f179feb2edf6a65592e8b7ccf4ac  php-pdo-5.1.6-3.el4s1.5.i386.rpm
29394ec7b3a94bf7800984b6261645dc  php-pgsql-5.1.6-3.el4s1.5.i386.rpm
1458d727cb6e7ca1f8b157e7e9e6647b  php-snmp-5.1.6-3.el4s1.5.i386.rpm
2852e877c69badc913b3d45508f6174d  php-soap-5.1.6-3.el4s1.5.i386.rpm
83fc3d913035f739d9f467760141131a  php-xml-5.1.6-3.el4s1.5.i386.rpm
72e4d8d62154edd162e302e4ef998237  php-xmlrpc-5.1.6-3.el4s1.5.i386.rpm

x86_64:
9febc8aa7713fcc6e6d782e8cfad8b6b  php-5.1.6-3.el4s1.5.x86_64.rpm
a50b99d084118534a60713dc7072bfe8  php-bcmath-5.1.6-3.el4s1.5.x86_64.rpm
ec1c3659254920ee751528b70048dc8f  php-cli-5.1.6-3.el4s1.5.x86_64.rpm
a5d8daf2c536b025cc7916c93b29dba9  php-common-5.1.6-3.el4s1.5.x86_64.rpm
6759778469af7a9a70258aa3e07e57fc  php-dba-5.1.6-3.el4s1.5.x86_64.rpm
fdcc247456d423f893f83277525191d0  php-debuginfo-5.1.6-3.el4s1.5.x86_64.rpm
f2d186ccf814a716661e05f9b9e8b968  php-devel-5.1.6-3.el4s1.5.x86_64.rpm
e9ae0a6fcb0a383c5e0ccce6d5625d10  php-gd-5.1.6-3.el4s1.5.x86_64.rpm
007ccf652a68a291f02ea20a64b17c19  php-imap-5.1.6-3.el4s1.5.x86_64.rpm
e3438ac7fa45ec4d18c5b440e6ab8b51  php-ldap-5.1.6-3.el4s1.5.x86_64.rpm
2ff48b915dd6a96e0218fbd22eb38e18  php-mbstring-5.1.6-3.el4s1.5.x86_64.rpm
a7249f1c5007a3cbaa1db03db1947e08  php-mysql-5.1.6-3.el4s1.5.x86_64.rpm
6bca262f258fa401f85ba494b2c31e6f  php-ncurses-5.1.6-3.el4s1.5.x86_64.rpm
f0300356cfa9a0ec53f06b22bf9831bc  php-odbc-5.1.6-3.el4s1.5.x86_64.rpm
cc1d0f4eb90a42bf2b97c901dc7e675e  php-pdo-5.1.6-3.el4s1.5.x86_64.rpm
281e15be5c482bf80b9b364baa18c464  php-pgsql-5.1.6-3.el4s1.5.x86_64.rpm
5974ebe042e427a9bb63ebc3efd0e503  php-snmp-5.1.6-3.el4s1.5.x86_64.rpm
5504e7372468eb793607c7050109a7c9  php-soap-5.1.6-3.el4s1.5.x86_64.rpm
ec5eeca15244e5e676c2dd438bc4add0  php-xml-5.1.6-3.el4s1.5.x86_64.rpm
55e2405c3136cd7ba733391770d8e4ba  php-xmlrpc-5.1.6-3.el4s1.5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFF3Xq8XlSAg2UNWIIRAhyAAJ0VW5uMUdJPbAMlKL/HCeomv/WnIgCfTRgW
31rxkqofwf6aYAXCukY6IiI=
=//rW
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list