[SECURITY] Fedora Core 6 Update: php-5.1.6-3.6.fc6

Joe Orton jorton at redhat.com
Mon May 14 17:11:53 UTC 2007 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-503
2007-05-14
---------------------------------------------------------------------

Product     : Fedora Core 6
Name        : php
Version     : 5.1.6
Release     : 3.6.fc6
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module which adds support for the PHP
language to Apache HTTP Server.

---------------------------------------------------------------------
Update Information:

This update fixes a number of security issues in PHP.

A heap buffer overflow flaw was found in the PHP 'xmlrpc'
extension. A PHP script which implements an XML-RPC server
using this extension could allow a remote attacker to
execute arbitrary code as the 'apache' user. Note that this
flaw does not affect PHP applications using the pure-PHP
XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script
used this extension to provide access to a private FTP
server, and passed untrusted script input directly to any
function provided by this extension, a remote attacker would
be able to send arbitrary FTP commands to the server.
(CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap' 
extension, regarding the handling of an HTTP redirect
response when using the SOAP client provided by this
extension with an untrusted SOAP server. No mechanism to
trigger this flaw remotely is known. (CVE-2007-2510) 
---------------------------------------------------------------------
* Wed May  9 2007 Joe Orton <jorton at redhat.com> 5.1.6-3.6.fc6
- add security fixes for CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 (#235016)
- add README.FastCGI to -cli subpackage (#236555)

---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

025c738382f6f1ede22904ae13bd532bd1d4883a  SRPMS/php-5.1.6-3.6.fc6.src.rpm
025c738382f6f1ede22904ae13bd532bd1d4883a  noarch/php-5.1.6-3.6.fc6.src.rpm
6639a47dfd79e3953a4cc141b0c82ddc2b0714eb  ppc/php-mysql-5.1.6-3.6.fc6.ppc.rpm
5daffc576883dfaa66e902b2a360175899b8f8c0  ppc/php-common-5.1.6-3.6.fc6.ppc.rpm
275cc10496aeb272100b89952268002e118a76b5  ppc/php-dba-5.1.6-3.6.fc6.ppc.rpm
0a47a09be3b0be8f693f807400d0a74ffa89c2a0  ppc/php-mbstring-5.1.6-3.6.fc6.ppc.rpm
7d62260422678e595c226e31d02f06bdb87a507f  ppc/php-odbc-5.1.6-3.6.fc6.ppc.rpm
7906fabf744a8d9477aaa8dc3a6ca02eeb5c2ef6  ppc/php-xml-5.1.6-3.6.fc6.ppc.rpm
1ebc07839be9a2cdd04cedbdd927a295e674eee3  ppc/php-ldap-5.1.6-3.6.fc6.ppc.rpm
aff32372a66f1b6cd24471df378ca16c10728f7a  ppc/php-pdo-5.1.6-3.6.fc6.ppc.rpm
0dd91b0c21b9fa4fd0cb2f3b8cbb6c4fe96704a2  ppc/php-cli-5.1.6-3.6.fc6.ppc.rpm
fa90930a9c67a3756acb2f7dfad43b0c75e5c37d  ppc/php-bcmath-5.1.6-3.6.fc6.ppc.rpm
5d85b54f9c0c29b1afce18a3230161b3c749b7c3  ppc/php-xmlrpc-5.1.6-3.6.fc6.ppc.rpm
e17cc525e2febe8aff7f00fd012c4552c9af2338  ppc/php-soap-5.1.6-3.6.fc6.ppc.rpm
d2c3b18f00437f63220afcf3cddcccda79e43a92  ppc/php-ncurses-5.1.6-3.6.fc6.ppc.rpm
78bcd56e059cf23112c484ce0a7295cd9ce8c2df  ppc/php-imap-5.1.6-3.6.fc6.ppc.rpm
83502b3ee4ec92d9071653713d53b574bd483673  ppc/php-pgsql-5.1.6-3.6.fc6.ppc.rpm
b4486a2d7f429602bf62df9ae3be431ce4cf2993  ppc/php-gd-5.1.6-3.6.fc6.ppc.rpm
ab27e14e22be9f60aa5a6c12d26764b6f5576b40  ppc/php-5.1.6-3.6.fc6.ppc.rpm
365b2eff5d76472fd8fc0377439516cbda9b2c0b  ppc/debug/php-debuginfo-5.1.6-3.6.fc6.ppc.rpm
646ec0be7c5dbf36f3e98a5f71d88134d08f6a4f  ppc/php-devel-5.1.6-3.6.fc6.ppc.rpm
000dfbe6c080ce0ca757e05b8384b1439da0bdf7  ppc/php-snmp-5.1.6-3.6.fc6.ppc.rpm
99fa48c00b8957848f0be19a740128287ad28a9a  x86_64/php-mysql-5.1.6-3.6.fc6.x86_64.rpm
e51d0f7620a3a077680637bff72151efbda7fc7d  x86_64/php-pdo-5.1.6-3.6.fc6.x86_64.rpm
3d94b55e57d3884303090384319a2b2a6dbb87f5  x86_64/php-imap-5.1.6-3.6.fc6.x86_64.rpm
eaa5dc9566c805672076f7ee99eda7527a2fa81d  x86_64/php-devel-5.1.6-3.6.fc6.x86_64.rpm
e868c68203474032791eef1ec60efc355c8a35dc  x86_64/php-pgsql-5.1.6-3.6.fc6.x86_64.rpm
5ee65d504fbfe508bae88e1cd5d53ca2e861dc79  x86_64/php-odbc-5.1.6-3.6.fc6.x86_64.rpm
86b255e7ba2860728b36b02f519f70528c61ee67  x86_64/debug/php-debuginfo-5.1.6-3.6.fc6.x86_64.rpm
17956ed917566a550c31eb99e868f40cda2742b7  x86_64/php-gd-5.1.6-3.6.fc6.x86_64.rpm
79341e6bc0b70c2b2d417c5ba69589d521f8cc82  x86_64/php-soap-5.1.6-3.6.fc6.x86_64.rpm
05c0f6da52c9d79d716cccf62d5f0c32877119b9  x86_64/php-cli-5.1.6-3.6.fc6.x86_64.rpm
b1968843b5906ee7c87db88cd5e5687dd0f6954c  x86_64/php-dba-5.1.6-3.6.fc6.x86_64.rpm
5e067abee811e071f627d9e817defdf87d4fac24  x86_64/php-bcmath-5.1.6-3.6.fc6.x86_64.rpm
c407ba010219e485ac08b1641b4fa3e670b2be86  x86_64/php-xmlrpc-5.1.6-3.6.fc6.x86_64.rpm
7d85318b2fc4bcc80f59292ddad5c84952c335a9  x86_64/php-ncurses-5.1.6-3.6.fc6.x86_64.rpm
a195364ed05efdd090c630fe9c31b5512e60723b  x86_64/php-snmp-5.1.6-3.6.fc6.x86_64.rpm
1b1b505ceed75bc1088eb543b976e4b741c06c53  x86_64/php-ldap-5.1.6-3.6.fc6.x86_64.rpm
0ae538a20ab854d6939d5c866ef461357b3ea429  x86_64/php-mbstring-5.1.6-3.6.fc6.x86_64.rpm
dd98183718043e8954ea0caf5824874d9f565452  x86_64/php-common-5.1.6-3.6.fc6.x86_64.rpm
db87c758dec5768839d24929666e3002ec402ed2  x86_64/php-5.1.6-3.6.fc6.x86_64.rpm
d1bcdfdc4829dad5fbd5e368fd5e2c3f4bac924a  x86_64/php-xml-5.1.6-3.6.fc6.x86_64.rpm
4221bd8ad5f9eeb919cbcab8610b683ccc267652  i386/php-imap-5.1.6-3.6.fc6.i386.rpm
28e43258ea27104ece07f406f150fe12b4cc5d25  i386/php-snmp-5.1.6-3.6.fc6.i386.rpm
edc8329aebf6f3a21228d336b63e36310b2a3216  i386/php-common-5.1.6-3.6.fc6.i386.rpm
43cee34fd3796f235f7592e2e18fb58520c15a5d  i386/php-xmlrpc-5.1.6-3.6.fc6.i386.rpm
e7bef5c9d67f4dfafd4f546ac0c3da81a6310958  i386/php-xml-5.1.6-3.6.fc6.i386.rpm
3030d7c005509f9c26ad8904bc38ed0ea462204c  i386/php-mysql-5.1.6-3.6.fc6.i386.rpm
6a70f36a5405691931fe47284055b32638b38025  i386/php-dba-5.1.6-3.6.fc6.i386.rpm
f862dfd87d4c093973c84adc0c657e843c310889  i386/php-ncurses-5.1.6-3.6.fc6.i386.rpm
2de47b3f6ff2de50ce15d7906fc8295127305f1f  i386/php-gd-5.1.6-3.6.fc6.i386.rpm
24739795c8f6f8711550e3596228eb4ffa8447b9  i386/php-devel-5.1.6-3.6.fc6.i386.rpm
32f0edfc011a12f43bf1f0e0f5c43a921df36a48  i386/php-5.1.6-3.6.fc6.i386.rpm
9e78d97bb36a1ad342b7e50fdff57350571e53a6  i386/php-mbstring-5.1.6-3.6.fc6.i386.rpm
95ee47c8ddd4e320a0271cd4036caf5befbefc1b  i386/php-odbc-5.1.6-3.6.fc6.i386.rpm
96459f3dbc08507e742f7549d9c79ffd9f68802c  i386/php-pgsql-5.1.6-3.6.fc6.i386.rpm
b9b5b88f4e0f1f383152e92609d291a7f889362c  i386/php-cli-5.1.6-3.6.fc6.i386.rpm
16d1d49c871f501c7ab94dea03abfb2a7b3a2d44  i386/php-bcmath-5.1.6-3.6.fc6.i386.rpm
4272095a7a88337ad1bd99f2fc513c9dea2fbc5a  i386/php-pdo-5.1.6-3.6.fc6.i386.rpm
fc84a09cd9fd46ea308b35f2c429d4b950f767c6  i386/debug/php-debuginfo-5.1.6-3.6.fc6.i386.rpm
e89eff0339fb72a8a44f2aaa917739a3002d3c3b  i386/php-ldap-5.1.6-3.6.fc6.i386.rpm
32770eea8b45127aab2bcb7d9941666622e35800  i386/php-soap-5.1.6-3.6.fc6.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the Fedora-package-announce mailing list