Fedora Legacy Test Update Notification: php
Marc Deslauriers
marcdeslauriers at videotron.ca
Wed Jul 27 21:03:33 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-163559
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163559
2005-07-27
---------------------------------------------------------------------
Name : php
Versions : fc1: php-4.3.11-1.fc1.2.legacy
Versions : fc2: php-4.3.11-1.fc2.3.legacy
Summary : The PHP HTML-embedded scripting language.
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
---------------------------------------------------------------------
Update Information:
Updated PHP packages that fix two security issues are now available.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A bug was discovered in the PEAR XML-RPC Server package included in PHP.
If a PHP script is used which implements an XML-RPC Server using the
PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-1921 to
this issue.
A race condition in temporary file handling was discovered in the shtool
script installed by PHP. If a third-party PHP module which uses shtool
was compiled as root, a local user may be able to modify arbitrary
files. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1751 to this issue.
Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.
---------------------------------------------------------------------
fc1 changelog:
* Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.3.11-1.fc1.2.legacy
- add security fixes:
* shtool temp file handling (CAN-2005-1751)
* XML_RPC command injection (Stefan Esser, CAN-2005-1921)
fc2 changelog:
* Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.3.11-1.fc2.3.legacy
- add security fixes:
* shtool temp file handling (CAN-2005-1751)
* XML_RPC command injection (Stefan Esser, CAN-2005-1921)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
171656872d0f5824fcb30fcef4309d7fa012d9c5
fedora/1/updates-testing/i386/php-4.3.11-1.fc1.2.legacy.i386.rpm
04f3e47079d7a5240806b4fb26a5d5f1786e838e
fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.2.legacy.i386.rpm
b53f067e610d6f312403a30c8ba702d377bad46a
fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.2.legacy.i386.rpm
45a976dde09647657d1db340598ca25403f3875c
fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.2.legacy.i386.rpm
cabf9c604343977f0ff2db609e8ed9a85828dce1
fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.2.legacy.i386.rpm
0c31e1138c74bd508c298b547372a7cdf621e8ec
fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.2.legacy.i386.rpm
17f9d2c41ae2762eb9d6f4910cfd86f992b96871
fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.2.legacy.i386.rpm
2452bc637bf072d2906e9267a86fae65de4b580e
fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.2.legacy.i386.rpm
483e46c97dce391ec770b7095ce26eb929179b3a
fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.2.legacy.i386.rpm
f30e91737a2003f853ef783464a735718a3396bf
fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.2.legacy.i386.rpm
e36b3e123516ad54651eb32cfd91af219769f19a
fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.2.legacy.i386.rpm
56e68f7e47d59ba10dfef0f6b34ac203b88e80ae
fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.2.legacy.src.rpm
cf09a945e599887705e6b3cd0ff31bd6ae5c016c
fedora/2/updates-testing/i386/php-4.3.11-1.fc2.3.legacy.i386.rpm
42d388c0b0245b68809e9d26f38ba45c42065d7c
fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.3.legacy.i386.rpm
9a8c40612bc6ae96b8aace4763b3302bfe88f4ac
fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.3.legacy.i386.rpm
0bf81586c0794af8baba6dc407df1894ce5143a5
fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.3.legacy.i386.rpm
acf5d4c20689f1de12ca3c00758fd7b9fb10be45
fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.3.legacy.i386.rpm
28698222a4268b9748e2ec22418f030ce8ad68d4
fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.3.legacy.i386.rpm
fd9a5a444b8170277bbb94edf2c5cbb2d0b0a0e1
fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.3.legacy.i386.rpm
fcdb53ff36392e98eb8695e3a3a6d7aef382ad18
fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.3.legacy.i386.rpm
778c9b93507a5977ab00f479d6a55ef62e360f0b
fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.3.legacy.i386.rpm
29cf0cad08a2735ac26226a2012b8b91f63ca7ba
fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.3.legacy.i386.rpm
81fca59193d5d2ee72f6960ee8887f82c036f02d
fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.3.legacy.i386.rpm
ef0ab724d7228333d416effbc5f1da250db68fe8
fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.3.legacy.i386.rpm
761cd56c659e8c8fa83cdde3a695a1113bf8c2b5
fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.3.legacy.src.rpm
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050727/e915e058/attachment.sig>
More information about the fedora-legacy-list
mailing list