Fedora Legacy Test Update Notification: php

Mon May 2 11:58:23 UTC 2005

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-155505
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505
2005-05-02
---------------------------------------------------------------------

Name        : php
Versions    : rh7.3: php-4.1.2-7.3.17.legacy
Versions    : rh9: php-4.2.2-17.14.legacy
Versions    : fc1: php-4.3.11-1.fc1.1.legacy
Versions    : fc2: php-4.3.11-1.fc2.1.legacy
Summary     : The PHP HTML-embedded scripting language.
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

Updated PHP packages that fix various security issues are now available.

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of
time by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2005-0524 and CAN-2005-0525 to these issues.

A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in
such a way that it could execute arbitrary instructions when processed
by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-1042 to this issue.

A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an
infinite loop for a short period of time by supplying a carefully
crafted image file to PHP for processing. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to
this issue.

The security fixes to the "unserializer" code in the previous release
introduced some performance issues. A bug fix for that issue is also
included in this update.

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.

---------------------------------------------------------------------
7.3 changelog:
* Sun Apr 24 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.1.2-7.3.17.legacy
- Added security patch for CAN-2005-0524 and CAN-2005-0525

9 changelog:
* Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.14.legacy
- Updated CAN-2004-1019 security patch to backported unserializer
  from 4.3.11 to fix performance regressions

* Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.2-17.13.legacy
- Added security patches for CAN-2005-0524, CAN-2005-0525,
  CAN-2005-1042 and CAN-2005-1043

fc1 changelog:
* Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.3.11-1.fc1.1.legacy
- update to 4.3.11 to fix security issues and extreme
  unserializer slowdown caused by update to 4.3.10
  (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043)
- snmp: disable MSHUTDOWN function to prevent error_log noise
- revert default php.ini changes since 4.3.10
- restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP
- remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect
- don't configure with --enable-safe-mode (RH #148969)
- install gd headers (RH #145891)
- bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball)
- Removed LDAP patch which is now included in 4.3.11

fc2 changelog:
* Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.3.11-1.fc2.1.legacy
- update to 4.3.11 to fix security issues and extreme
  unserializer slowdown caused by update to 4.3.10
  (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043)
- snmp: disable MSHUTDOWN function to prevent error_log noise
- revert default php.ini changes since 4.3.10
- restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP
- remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect
- don't configure with --enable-safe-mode (RH #148969)
- install gd headers (RH #145891)
- bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

422f8a972c62b1aa1d79e9f96cc39446852eb589
redhat/7.3/updates-testing/i386/php-4.1.2-7.3.17.legacy.i386.rpm
7c6d48ebbfb96004baee8515ae9517dcf500f43c
redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm
8f1837ee66212ede899189e09edf25d903a7e133
redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm
79d4f45a887ce9df8232911f5aab6bf5bd77369d
redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm
63edb9b27730ad5c782484cf4757905140ece1c2
redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm
39b40cb4bae1374335cf7f82fbfa02501a4ed630
redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm
51d4baf10b3bc132ba9205aa6cd35615041c33bd
redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm
42a557e7f68f290a6cf21de4c2ad1f7fe97cf763
redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm
5753d915ad5d32c14cbbaea33a7f35a3b5b908d3
redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm
576f29104b946e3773d4c7b77de5b80a942a0678
redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm
bd793f717cca20745ab9c67cb6a7b4bcebe46d93
redhat/9/updates-testing/i386/php-4.2.2-17.14.legacy.i386.rpm
8df50f63c5d3525a4359a72587c6b902d8a3325f
redhat/9/updates-testing/i386/php-devel-4.2.2-17.14.legacy.i386.rpm
665060794635ded7a76eaccb46cd09ffd04900ea
redhat/9/updates-testing/i386/php-imap-4.2.2-17.14.legacy.i386.rpm
8b34f184aba7260a8eac2708e12e906c877c10cd
redhat/9/updates-testing/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm
1450f499aeac4db7d0d8c258b72d2f4c31747012
redhat/9/updates-testing/i386/php-manual-4.2.2-17.14.legacy.i386.rpm
37cb28e9531af331954903f6b8df8509aa962a5c
redhat/9/updates-testing/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm
aa0378307ef06cd7f3464e59f4153d11d1d372f5
redhat/9/updates-testing/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm
00b4e55c27460abaa6d02019d7b40a73d5bdd913
redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm
8b9cf1cdafdf8f1afa9587c1f180d685632c1c65
redhat/9/updates-testing/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm
7bf7cf164de61276adf952694ee7c7d2fb86ea2e
redhat/9/updates-testing/SRPMS/php-4.2.2-17.14.legacy.src.rpm
ca0fa574e713f27e91548a2e3e4dc2e8b087ff47
fedora/1/updates-testing/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm
53c419397f8f3f7625503afd8ab1a8ca0d65a197
fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm
72d65111cbaf7fb56ed879ee4278602e84868540
fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm
fe8216746096b3a6070d43659944c158df23d1a9
fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm
fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6
fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm
d36a8ac545d151a20817a95d441d221c36edcb74
fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm
f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03
fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm
a2a0944dfd1362ad186ab8b345d7e7ab32911a7a
fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm
4d4546fecefc879004ebbfc596cd109f4d144ba7
fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm
5d968e87611c5dce727a492f149b3583e1588e30
fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm
22a069541240a9ab4f9fe62887cd7ea45d961238
fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm
08203f404d05ab58128b8b12c8b5a8e5ac53b34e
fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm
cf87d547555b25bec6bdbbacaed09bf59116462a
fedora/2/updates-testing/i386/php-4.3.11-1.fc2.1.legacy.i386.rpm
8d0e85bb8608c0aaa67c0cd93fad51918504dca1
fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.1.legacy.i386.rpm
c34306f2c178aca2d40a2fb02ab92951481d7965
fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.1.legacy.i386.rpm
d67efa4111be3ab2c11556981f3e21ef035c6bf2
fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.1.legacy.i386.rpm
6a838167ef82524e12cea8ec4b663bfa463be127
fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.1.legacy.i386.rpm
c15e35d8dd28b9092e857146cb971649e1e6e2d3
fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.1.legacy.i386.rpm
8b8efb2dbf87e833c45fd18969eccfd82e6c0af0
fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.1.legacy.i386.rpm
68d579b5386545f37ef5f7ba9ad74b556b952b20
fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.1.legacy.i386.rpm
efcf302bcaf1fbddd592140b8ed1401629654df7
fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.1.legacy.i386.rpm
620540f63830340a425943cc2ca6b4ca20853e07
fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.1.legacy.i386.rpm
212356f439acd229b7fd7ba82c9dab2acae06620
fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.1.legacy.i386.rpm
a181288b9b5994b9334c3b7204d43f3e0a65e7d4
fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.1.legacy.i386.rpm
ae4b48eb0ff02f4577b1d42facd0821279b11510
fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050502/d90a87fa/attachment.sig>