[SECURITY] Fedora Core 2 Test Update: php-4.3.8-2.1
Joe Orton
jorton at redhat.com
Wed Jul 21 16:39:07 UTC 2004
---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-223
2004-07-19
---------------------------------------------------------------------
Product : Fedora Core 2
Name : php
Version : 4.3.8
Release : 2.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
---------------------------------------------------------------------
Update Information:
This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595). CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled. CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.
The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.
---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.1
- revert upstream default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)
* Wed Jul 14 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.0
- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/2/
f57de325c1b0075c8b9918b6190291f0 SRPMS/php-4.3.8-2.1.src.rpm
5662c06c3240456e7e3d4c0f7c702091 x86_64/php-4.3.8-2.1.x86_64.rpm
bae4a119545924fa86ba27cec76579b8 x86_64/php-devel-4.3.8-2.1.x86_64.rpm
9d557e3c97a77eae1f84a66b1f648747 x86_64/php-pear-4.3.8-2.1.x86_64.rpm
5033078b1490ed8dbbef575f8defccfc x86_64/php-imap-4.3.8-2.1.x86_64.rpm
03088300f7ba6b5e3950ae49ae2943cb x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
8d1111d0d1bcd9aaf7c3bff047516037 x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
1b8329e32b68dc614ba575200458e15f x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
f8644e6afbe2ede2739a8441e9ec1add x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
9c3e014c1fc5c540ad8262c48717192b x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
8566d34805f400fa54ea222e1d9f721b x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
b42b50b676276985caffaf4aef14ad10 x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
d6f06baeeb3c699c66474dfdd7704838 x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
369344ee09f9dc6b6e9cbdf06641e8b0 x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
088181222edea8ab4a4dc763007e4d2f i386/php-4.3.8-2.1.i386.rpm
a837db46b13ffc028d7021559cd2c8d1 i386/php-devel-4.3.8-2.1.i386.rpm
22ee568040d733d37f4f6276bbe833d2 i386/php-pear-4.3.8-2.1.i386.rpm
4c239feb935da1423acbc75afcf89751 i386/php-imap-4.3.8-2.1.i386.rpm
4d67505e39bae6c2dea332b102eabc08 i386/php-ldap-4.3.8-2.1.i386.rpm
986a8110572e045dde818b20ccedc134 i386/php-mysql-4.3.8-2.1.i386.rpm
0852df1fd8a4f0a711aa3f24149469f0 i386/php-pgsql-4.3.8-2.1.i386.rpm
f4409be67a95f71e0522764ccf8e73bf i386/php-odbc-4.3.8-2.1.i386.rpm
c6e003d848e6bbaa8253ba57c7172738 i386/php-snmp-4.3.8-2.1.i386.rpm
71767893d4008f6971d773f22f7bcf06 i386/php-domxml-4.3.8-2.1.i386.rpm
a335f1db2c569f2e7ea56643bdb98538 i386/php-xmlrpc-4.3.8-2.1.i386.rpm
3a95b4f7f54fb509935506d4c15ff970 i386/php-mbstring-4.3.8-2.1.i386.rpm
9f51560ac257ae5d69133d05c603799b i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command. You may
need to edit your up2date channels configuration. Within
/etc/sysconfig/rhn/sources enable the following line:
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-2
---------------------------------------------------------------------
More information about the fedora-test-list
mailing list