Did I miss a PHP update for FC4?

Peter Gordon admin at ramshacklestudios.com
Sat Dec 3 07:39:38 UTC 2005

On Sat, 2005-12-03 at 00:46 -0600, Gilbert Sebenste wrote:
> A few weeks ago some major security holes were announced in regards to the 
> PHP packages. Was there an update I missed? I see the current version on a 
> system I am running it on is php-5.0.4-10.5.
I'm not sure exactly if these are the security issues you refer to, but
the RPM's changelog for php-5.0.4-10.5 says:

* Fri Nov 04 2005 Joe Orton <jorton at redhat.com> 5.0.4-10.5
- add security fixes from upstream:
 * XSS issues in phpinfo() (CVE-2005-3388, #172212)
 * GLOBALS handling (CVE-2005-3390, #172207)
 * parse_str() enabling register_globals (CVE-2005-3389, #172209)
 * exif: infinite recursion on corrupt JPEG (CVE-2005-3353)
- add unserializer fix for x86_64 (upstream #34435)

Peter Gordon (codergeek42)
GnuPG Public Key: 0xDA3634D7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051202/0e0a2f31/attachment-0001.sig>

More information about the fedora-list mailing list