Fedora Legacy Test Update Notification: php

Marc Deslauriers marcdeslauriers at videotron.ca
Fri Oct 1 10:21:26 UTC 2004 

This is to fix the missing mail support in yesterday's php update

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-1868
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1868
2004-10-01
---------------------------------------------------------------------

Name        : php
Versions    : 7.3: 4.1.2-7.3.10.legacy, 9: 4.2.2-17.6.legacy
Summary     : The PHP HTML-embedded scripting language.
Description : 
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

Stefan Esser discovered a flaw when memory_limit is enabled in versions
of
PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter
to
allocate more memory than the memory_limit setting before script
execution
begins, then the attacker may be able to supply the contents of a PHP
hash
table remotely. This hash table could then be used to execute arbitrary
code as the 'apache' user. The Common Vulnerabilities and Exposures
project
(cve.mitre.org) has assigned the name CAN-2004-0594 to this issue.

This issue has a higher risk when PHP is running on an instance of
Apache
which is vulnerable to CAN-2004-0493. It may also be possible to exploit
this issue if using a non-default PHP configuration with the
"register_defaults" setting is changed to "On".

Stefan Esser discovered a flaw in the strip_tags function in versions of
PHP before 4.3.8. The strip_tags function is commonly used by PHP
scripts
to prevent Cross-Site-Scripting attacks by removing HTML tags from
user-supplied form data. By embedding NUL bytes into form data, HTML
tags
can in some cases be passed intact through the strip_tags function,
which
may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to
this issue.

---------------------------------------------------------------------
7.3 changelog:

* Thu Sep 30 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.2-7.3.10.legacy
 
- Added missing BuildRequires: sendmail
 
* Sun Aug 01 2004 John Dalbec <jpdalbec at ysu.edu> 4.1.2-7.3.9.legacy
 
- Added missing BuildRequires: flex mm-devel libtool
 
* Mon Jul 26 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.2-7.3.8.legacy
 
- Added better security fix for CAN-2004-0594
- Added fixes for various compiler warnings
 
* Thu Jul 15 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.2-7.3.7.legacy
 
- Added security fix for CAN-2004-0594
- Added security fix for CAN-2004-0595
- Added a few more fixes
- Added imap-devel BuildRequires

9 changelog:
* Thu Sep 30 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.6.legacy
 
- Added sendmail to BuildRequires
 
* Tue Sep 28 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.5.legacy
 
- Added flex and libtool to BuildRequires
 
* Mon Jul 26 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.4.legacy
 
- Added better security fix for CAN-2004-0594
 
* Thu Jul 15 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.3.legacy
 
- Added security fix for CAN-2004-0594
- Added security fix for CAN-2004-0595
- Added a few more fixes

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/redhat/
(sha1sums)

6aaefdbf687f8dbf9ffc7b2ab0a0ff2914a13028 
7.3/updates-testing/i386/php-4.1.2-7.3.10.legacy.i386.rpm
3f38e8929822edc377f61a05c31e45c8599a4ba6 
7.3/updates-testing/i386/php-devel-4.1.2-7.3.10.legacy.i386.rpm
8c9ac5e7c5040b2d9cf75848acc1260842a5e4aa 
7.3/updates-testing/i386/php-imap-4.1.2-7.3.10.legacy.i386.rpm
d01be5026d335032486eee9f91fdc72e43d78f54 
7.3/updates-testing/i386/php-ldap-4.1.2-7.3.10.legacy.i386.rpm
20ed3b170959f47061fbf688bd0bf6c2380cee6c 
7.3/updates-testing/i386/php-manual-4.1.2-7.3.10.legacy.i386.rpm
66413adf5bf185326ea1658d837bbd34a4c2e59b 
7.3/updates-testing/i386/php-mysql-4.1.2-7.3.10.legacy.i386.rpm
5fd105b2b8e9aea72d4e34f4800218b40fe844b9 
7.3/updates-testing/i386/php-odbc-4.1.2-7.3.10.legacy.i386.rpm
3c9152d075afc06ffb2ac64deeca3b331f3a6c06 
7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.10.legacy.i386.rpm
58027e3f2bd1485bae158cf99aebc63b631972ec 
7.3/updates-testing/i386/php-snmp-4.1.2-7.3.10.legacy.i386.rpm
bd2e823603fab8b75a17647ac396263cc1ad6d7e 
7.3/updates-testing/SRPMS/php-4.1.2-7.3.10.legacy.src.rpm
3507dd3165e3e397a352dedadfdac0b0c3d7fdc6 
9/updates-testing/i386/php-4.2.2-17.6.legacy.i386.rpm
32b33c0e780746969475151f5f6f26b1d8a5903d 
9/updates-testing/i386/php-devel-4.2.2-17.6.legacy.i386.rpm
2ba36c0b30493a3db6dd3a6bbd3f768f3daf4cf1 
9/updates-testing/i386/php-imap-4.2.2-17.6.legacy.i386.rpm
63fb9ab7574deea72561f40d7c4b02a16fd97178 
9/updates-testing/i386/php-ldap-4.2.2-17.6.legacy.i386.rpm
2c7b5e0a66aa3546fb52b56550b06d9be5a14523 
9/updates-testing/i386/php-manual-4.2.2-17.6.legacy.i386.rpm
79e95e24fe05c4a5a27f46ad71567d49aac884e8 
9/updates-testing/i386/php-mysql-4.2.2-17.6.legacy.i386.rpm
28a7da3cf299a44f83eeb8a89a6384cea33541e9 
9/updates-testing/i386/php-odbc-4.2.2-17.6.legacy.i386.rpm
2847bc6f77054db273fba96e7c1aa5cca5172ba8 
9/updates-testing/i386/php-pgsql-4.2.2-17.6.legacy.i386.rpm
bba2c27aee02d6bf5e56b41f46a94d49e1c7ef5e 
9/updates-testing/i386/php-snmp-4.2.2-17.6.legacy.i386.rpm
dd9b309c802e4501eb98c1d25aef2c4aa745fa92 
9/updates-testing/SRPMS/php-4.2.2-17.6.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20041001/010a1e55/attachment.sig>

More information about the fedora-legacy-list mailing list