[SECURITY] Fedora Core 2 Test Update: php-4.3.8-2.1

Joe Orton jorton at redhat.com
Wed Jul 21 16:39:07 UTC 2004 

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-223
2004-07-19
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : php
Version     : 4.3.8                      
Release     : 2.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.0
 
- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/2/

f57de325c1b0075c8b9918b6190291f0  SRPMS/php-4.3.8-2.1.src.rpm
5662c06c3240456e7e3d4c0f7c702091  x86_64/php-4.3.8-2.1.x86_64.rpm
bae4a119545924fa86ba27cec76579b8  x86_64/php-devel-4.3.8-2.1.x86_64.rpm
9d557e3c97a77eae1f84a66b1f648747  x86_64/php-pear-4.3.8-2.1.x86_64.rpm
5033078b1490ed8dbbef575f8defccfc  x86_64/php-imap-4.3.8-2.1.x86_64.rpm
03088300f7ba6b5e3950ae49ae2943cb  x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
8d1111d0d1bcd9aaf7c3bff047516037  x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
1b8329e32b68dc614ba575200458e15f  x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
f8644e6afbe2ede2739a8441e9ec1add  x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
9c3e014c1fc5c540ad8262c48717192b  x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
8566d34805f400fa54ea222e1d9f721b  x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
b42b50b676276985caffaf4aef14ad10  x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
d6f06baeeb3c699c66474dfdd7704838  x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
369344ee09f9dc6b6e9cbdf06641e8b0  x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
088181222edea8ab4a4dc763007e4d2f  i386/php-4.3.8-2.1.i386.rpm
a837db46b13ffc028d7021559cd2c8d1  i386/php-devel-4.3.8-2.1.i386.rpm
22ee568040d733d37f4f6276bbe833d2  i386/php-pear-4.3.8-2.1.i386.rpm
4c239feb935da1423acbc75afcf89751  i386/php-imap-4.3.8-2.1.i386.rpm
4d67505e39bae6c2dea332b102eabc08  i386/php-ldap-4.3.8-2.1.i386.rpm
986a8110572e045dde818b20ccedc134  i386/php-mysql-4.3.8-2.1.i386.rpm
0852df1fd8a4f0a711aa3f24149469f0  i386/php-pgsql-4.3.8-2.1.i386.rpm
f4409be67a95f71e0522764ccf8e73bf  i386/php-odbc-4.3.8-2.1.i386.rpm
c6e003d848e6bbaa8253ba57c7172738  i386/php-snmp-4.3.8-2.1.i386.rpm
71767893d4008f6971d773f22f7bcf06  i386/php-domxml-4.3.8-2.1.i386.rpm
a335f1db2c569f2e7ea56643bdb98538  i386/php-xmlrpc-4.3.8-2.1.i386.rpm
3a95b4f7f54fb509935506d4c15ff970  i386/php-mbstring-4.3.8-2.1.i386.rpm
9f51560ac257ae5d69133d05c603799b  i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-2
---------------------------------------------------------------------

More information about the fedora-test-list mailing list