__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
PHP Security Update
[Red Hat RHSA-2006:0730-6]
November 7, 2006 17:00 GMT Number R-030
[REVISED 14 Nov 2006]
[REVISED 01 Dec 2006]
[REVISED 2 May 2007]
______________________________________________________________________________
PROBLEM: An overflow in the PHP htmlentities() and htmlspecialchars()
routines.
PLATFORM: Red Hat Desktop (v. 3 & v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, and v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600
router and Branch Routers
CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks
Wireless LAN Solution Engine Express (WLSX)
Cisco Unified Application Environment
Hosting Solution Engine/Hosting Solution Software
DAMAGE: A remote attacker sending a carefully crafted request could
trigger the overflow and potentially execute arbitrary code as
the 'apache' user.
SOLUTION: Upgrade to the appropriate version.
______________________________________________________________________________
VULNERABILITY The risk is LOW. A remote attacker sending a carefully crafted
ASSESSMENT: request could trigger the overflow and potentially execute
arbitrary code as the 'apache' user.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-030.shtml
ORIGINAL BULLETIN: Red Hat RHSA-2006:0730-6
https://rhn.redhat.com/errata/RHSA-2006-0730.html
ADDITIONAL LINKS: Debian Security Advisory 1206-1
http://www.debian.org/security/2006/dsa-1206
Symantec Security Advisory SYM06-023
http://securityresponse.symantec.com/avcenter/security/
Content/2006.11.28.html
Cisco Document ID: 82377
http://www.cisco.com/warp/public/707/cisco-sr-20070425-http.shtml
CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
______________________________________________________________________________
REVISION HISTORY:
11/14/2006 - added a link to Debian Security Advisory 1206-1
12/01/2006 - added a link to Symantec Security Advisory SYM06-023
05/02/2007 - revised R-030 to add a link to Cisco Document ID: 82377 for Network
Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router and
Branch Routers; CiscoWorks Wireless LAN Solution Engine (WLSE) and
CiscoWorks Wireless LAN Solution Engine Express (WLSX); Cisco
Unified Application Environment; and Hosting Solution Engine/Hosting
Solution Software.
[***** Start Red Hat RHSA-2006:0730-6 *****]
Important: php security update
Advisory: RHSA-2006:0730-6
Type: Security Advisory
Issued on: 2006-11-06
Last updated on: 2006-11-06
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2006-5465
Details
Updated PHP packages that fix a security issue are now available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
The Hardened-PHP Project discovered an overflow in the PHP htmlentities()
and htmlspecialchars() routines. If a PHP script used the vulnerable
functions to parse UTF-8 data, a remote attacker sending a carefully
crafted request could trigger the overflow and potentially execute
arbitrary code as the 'apache' user. (CVE-2006-5465)
Users of PHP should upgrade to these updated packages which contain a
backported patch to correct this issue.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Updated packages
Red Hat Desktop (v. 3)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd
IA-32:
php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1
php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137
php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31
php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2
php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9
php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843
php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e
x86_64:
php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8
php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a
php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656
php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4
php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4
php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943
php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587
Red Hat Desktop (v. 4)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b
IA-32:
php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d
php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485
php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37
php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7
php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8
php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe
php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7
php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a
php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146
php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d
php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe
php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1
php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181
php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea
x86_64:
php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062
php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83
php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c
php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334
php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583
php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01
php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429
php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31
php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a
php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195
php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5
php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc
php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59
php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1
Red Hat Enterprise Linux AS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649
IA-32:
php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3
php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54
php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9
php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2
php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46
php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916
php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1
php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157
IA-64:
php-4.1.2-2.13.ia64.rpm 5aecc913b9c48d8d44416b0ce068579f
php-devel-4.1.2-2.13.ia64.rpm 934d8d93821fbcfba027b749848f6fc8
php-imap-4.1.2-2.13.ia64.rpm be0500ad21a8d4fc2e529b1dd261666a
php-ldap-4.1.2-2.13.ia64.rpm 6f50842d9fcc32881c8786e81be19d5d
php-manual-4.1.2-2.13.ia64.rpm 364fc84f6e69022284be68ce0ee16d10
php-mysql-4.1.2-2.13.ia64.rpm e6876036d08dd986fca2ab1b68782291
php-odbc-4.1.2-2.13.ia64.rpm 3b8f6512859a333fe87adaa4386418b1
php-pgsql-4.1.2-2.13.ia64.rpm 2920f1d9bdf41cd81d4c2ad23aad83ed
Red Hat Enterprise Linux AS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd
IA-32:
php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1
php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137
php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31
php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2
php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9
php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843
php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e
IA-64:
php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d
php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5
php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d
php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952
php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da
php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162
php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a
PPC:
php-4.3.2-37.ent.ppc.rpm 32341e761513c4e7c561588696a33390
php-devel-4.3.2-37.ent.ppc.rpm 41439d3dfffe25a3ecb543d121b7b5fb
php-imap-4.3.2-37.ent.ppc.rpm e666c1b9d1b19623e7830d79914ea360
php-ldap-4.3.2-37.ent.ppc.rpm 5aa29c738987082875d6b3d5921ef139
php-mysql-4.3.2-37.ent.ppc.rpm a6a6f04669ea946c8903ae32da99eefb
php-odbc-4.3.2-37.ent.ppc.rpm 08ba70215f98bbbf325796533509cb17
php-pgsql-4.3.2-37.ent.ppc.rpm 4eb54a995bbbde37e00f4a458dd08d59
s390:
php-4.3.2-37.ent.s390.rpm b7dce85ce8d6de774f2d726fbd39c0b3
php-devel-4.3.2-37.ent.s390.rpm 424e8521d42ea03de8522e5992564c17
php-imap-4.3.2-37.ent.s390.rpm 4d70c94d77b50975d613b90070dd2dfd
php-ldap-4.3.2-37.ent.s390.rpm d95ff2d5f0c05a2241dd9a16a6585d02
php-mysql-4.3.2-37.ent.s390.rpm 4c840608d683363255f681c20abce684
php-odbc-4.3.2-37.ent.s390.rpm 6a30b0102456cd2c312bb390daac6beb
php-pgsql-4.3.2-37.ent.s390.rpm 2b8f300a8a813eb5166b7be65d9489eb
s390x:
php-4.3.2-37.ent.s390x.rpm 1c3a580780f3fc679ac5cde6419d75e5
php-devel-4.3.2-37.ent.s390x.rpm 3de7ac5bb00d2576cdb00493fd98dca5
php-imap-4.3.2-37.ent.s390x.rpm 19c461115dfd50a702a4b4b7d3065c7f
php-ldap-4.3.2-37.ent.s390x.rpm e6ca295757e0f9bf6257be3d1a60dd5e
php-mysql-4.3.2-37.ent.s390x.rpm b8298c9bf26182b719ad93b3bbc13133
php-odbc-4.3.2-37.ent.s390x.rpm 2cb1a097de23ff200dc776cc17dc5db8
php-pgsql-4.3.2-37.ent.s390x.rpm 2b8b1c294a84d5181b9a9b0396ade01f
x86_64:
php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8
php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a
php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656
php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4
php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4
php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943
php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587
Red Hat Enterprise Linux AS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b
IA-32:
php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d
php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485
php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37
php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7
php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8
php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe
php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7
php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a
php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146
php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d
php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe
php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1
php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181
php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea
IA-64:
php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88
php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464
php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b
php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071
php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed
php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207
php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84
php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48
php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed
php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3
php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc
php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac
php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205
php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab
PPC:
php-4.3.9-3.22.ppc.rpm 4a6f50b1976da77625ff49148dfe36c9
php-devel-4.3.9-3.22.ppc.rpm 6a014883141733553e29db04763a003f
php-domxml-4.3.9-3.22.ppc.rpm ab4305b7e93406579da1cd4b088b07b1
php-gd-4.3.9-3.22.ppc.rpm 4dcfec3009bf8d49f576caa3d1df7774
php-imap-4.3.9-3.22.ppc.rpm bbc85fffcaa160bc4baf59629083a635
php-ldap-4.3.9-3.22.ppc.rpm 5a4bfad6607cb7575cd707bf33632c11
php-mbstring-4.3.9-3.22.ppc.rpm 22db575cd6fa588e404444e1c6b634a1
php-mysql-4.3.9-3.22.ppc.rpm a5f6fa585f9effbbb3462c162b6384f1
php-ncurses-4.3.9-3.22.ppc.rpm 0515cc0ce832ba525f9db6c6655f5249
php-odbc-4.3.9-3.22.ppc.rpm c910f7d713d59048b8f09ffd0a2d00b5
php-pear-4.3.9-3.22.ppc.rpm 15a5ab877d293f455bc24f8fe38295e0
php-pgsql-4.3.9-3.22.ppc.rpm 6c6b6ce80a13a26576ac28bc6089e3cc
php-snmp-4.3.9-3.22.ppc.rpm 1d8381e7ad0fd3fc08a6f9854b78fb24
php-xmlrpc-4.3.9-3.22.ppc.rpm fbb219e9070995cd0227e22dd5a3b201
s390:
php-4.3.9-3.22.s390.rpm 3e890a00f021dd446a901da6ffbd0477
php-devel-4.3.9-3.22.s390.rpm 5776efcef1ba11f6a233cc5535e1e7e7
php-domxml-4.3.9-3.22.s390.rpm d6e2d1623b3ed8bb12c9c944f2057492
php-gd-4.3.9-3.22.s390.rpm 442d02226344d23b33eba2b2945857ef
php-imap-4.3.9-3.22.s390.rpm 3140343b3520cbc63cb02794a24da729
php-ldap-4.3.9-3.22.s390.rpm 0d356ed6063e17dc4db3aad86d27e4f3
php-mbstring-4.3.9-3.22.s390.rpm c8f9699f1ce731fbd9450afbd007277b
php-mysql-4.3.9-3.22.s390.rpm 5924e726c40e193b49a9aa0df0f9a911
php-ncurses-4.3.9-3.22.s390.rpm a24057258cbd22f170bd95d78636a3c4
php-odbc-4.3.9-3.22.s390.rpm c43ae48eaff59d62ffac6f24af7c6e89
php-pear-4.3.9-3.22.s390.rpm 98b3f14a59ef5f93a82316a8e061f0b3
php-pgsql-4.3.9-3.22.s390.rpm 56988e2b64fe1214926699a1b1f4e584
php-snmp-4.3.9-3.22.s390.rpm 8f6417cf96ae37b94c7fad0bd0ed3e2e
php-xmlrpc-4.3.9-3.22.s390.rpm 0d4824edceac2aa36b721d7aaf9ca48b
s390x:
php-4.3.9-3.22.s390x.rpm 1e54f5447beeebf543427fd1b55cd198
php-devel-4.3.9-3.22.s390x.rpm 0d8fed7a3758cdb0564ed92b290c7cae
php-domxml-4.3.9-3.22.s390x.rpm 3e5b6d634bef2ad8c686b9655242644f
php-gd-4.3.9-3.22.s390x.rpm e0bd9c3c71c79f43ed05e26391bee5ef
php-imap-4.3.9-3.22.s390x.rpm 213f8189d2027661ab668f35dc49cd0d
php-ldap-4.3.9-3.22.s390x.rpm 48c47b65a3e79cfc6a03609055ce4812
php-mbstring-4.3.9-3.22.s390x.rpm df0cf0dcd6b0c8740798edfb808d9aa6
php-mysql-4.3.9-3.22.s390x.rpm 02710ab88443b4872d71f38008772425
php-ncurses-4.3.9-3.22.s390x.rpm 666e3a3a7769ab8a6de4e3d94a237af7
php-odbc-4.3.9-3.22.s390x.rpm f4b7f3dda711296ddb6e1edd18abb677
php-pear-4.3.9-3.22.s390x.rpm 40066e8b29596dac8d3ad84935bdb79b
php-pgsql-4.3.9-3.22.s390x.rpm 6ccde97ec8544fea4945caa02e61ba5e
php-snmp-4.3.9-3.22.s390x.rpm ad927ecd2784867b133afb1ae49ee0b2
php-xmlrpc-4.3.9-3.22.s390x.rpm d56db24cc50a1bb6b86d66ef6c040932
x86_64:
php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062
php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83
php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c
php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334
php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583
php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01
php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429
php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31
php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a
php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195
php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5
php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc
php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59
php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1
Red Hat Enterprise Linux ES (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649
IA-32:
php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3
php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54
php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9
php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2
php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46
php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916
php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1
php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157
Red Hat Enterprise Linux ES (v. 3)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd
IA-32:
php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1
php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137
php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31
php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2
php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9
php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843
php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e
IA-64:
php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d
php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5
php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d
php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952
php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da
php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162
php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a
x86_64:
php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8
php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a
php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656
php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4
php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4
php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943
php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587
Red Hat Enterprise Linux ES (v. 4)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b
IA-32:
php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d
php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485
php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37
php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7
php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8
php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe
php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7
php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a
php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146
php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d
php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe
php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1
php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181
php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea
IA-64:
php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88
php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464
php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b
php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071
php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed
php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207
php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84
php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48
php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed
php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3
php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc
php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac
php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205
php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab
x86_64:
php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062
php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83
php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c
php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334
php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583
php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01
php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429
php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31
php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a
php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195
php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5
php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc
php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59
php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1
Red Hat Enterprise Linux WS (v. 2.1)
--------------------------------------------------------------------------------
SRPMS:
php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649
IA-32:
php-4.1.2-2.13.i386.rpm f9a5f65907be43038ab1e82999c3a0b3
php-devel-4.1.2-2.13.i386.rpm 9a8f4807f0cd8997fed434a752cb4b54
php-imap-4.1.2-2.13.i386.rpm 2c0b0590733c7c645f342974a3e8b2a9
php-ldap-4.1.2-2.13.i386.rpm 55886207a47014fdb407cf49cdf758c2
php-manual-4.1.2-2.13.i386.rpm 67376305696ea7234d6f5e06679b2d46
php-mysql-4.1.2-2.13.i386.rpm 564d9fae44fc408a6c10ce70e4213916
php-odbc-4.1.2-2.13.i386.rpm 9bd1c859f6fa9ff1fea4c0d70bea1ee1
php-pgsql-4.1.2-2.13.i386.rpm f8ba3c44aa016ac9aced6a3d04770157
Red Hat Enterprise Linux WS (v. 3)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.2-37.ent.src.rpm bf046ac10e41ce26a7a0189653b57acd
IA-32:
php-4.3.2-37.ent.i386.rpm ed7499077777ccac9e77546405249ee1
php-devel-4.3.2-37.ent.i386.rpm 347be6ab3592cb744da1a909d0458137
php-imap-4.3.2-37.ent.i386.rpm a764a53a4bf366694583ec0b57afcc31
php-ldap-4.3.2-37.ent.i386.rpm 07682e90cd1fe24c52bdb8131631ecb2
php-mysql-4.3.2-37.ent.i386.rpm 517a16f6dc384a6df3b4915e1c6583d9
php-odbc-4.3.2-37.ent.i386.rpm 128813456803652ad997cab7b392a843
php-pgsql-4.3.2-37.ent.i386.rpm 490c79e14227457c8c935ed5aa4ba26e
IA-64:
php-4.3.2-37.ent.ia64.rpm 648b8800529e14543fb85ac7a5fde75d
php-devel-4.3.2-37.ent.ia64.rpm 92821b6e8da55dea0c870deee826a3f5
php-imap-4.3.2-37.ent.ia64.rpm f5815a8af4fd4df9a3fd5c184c54910d
php-ldap-4.3.2-37.ent.ia64.rpm e7e62ea263c31ca820f5369070a05952
php-mysql-4.3.2-37.ent.ia64.rpm 50ee0cfa37cb40f857ac5825b3be56da
php-odbc-4.3.2-37.ent.ia64.rpm 1e2b2711a93335932e9e859cbad6f162
php-pgsql-4.3.2-37.ent.ia64.rpm dcde09bfb2ac89ac9fba9b2b06361e3a
x86_64:
php-4.3.2-37.ent.x86_64.rpm 3098d16918a9971392dbc947738896b8
php-devel-4.3.2-37.ent.x86_64.rpm 8b1b6199c734b64cf49b0bcee67f067a
php-imap-4.3.2-37.ent.x86_64.rpm 77eb040700cc8e67b6dc3a419addd656
php-ldap-4.3.2-37.ent.x86_64.rpm f0cad87123de9eded5bf22206e701ba4
php-mysql-4.3.2-37.ent.x86_64.rpm 35291e8b5ff5c0e4e6b6e19dc89566d4
php-odbc-4.3.2-37.ent.x86_64.rpm da41b9d551747ed2c3e5174a65b0a943
php-pgsql-4.3.2-37.ent.x86_64.rpm 59b82440c11498744f04d72b864c5587
Red Hat Enterprise Linux WS (v. 4)
--------------------------------------------------------------------------------
SRPMS:
php-4.3.9-3.22.src.rpm 7b7a99ed1157fa51afe3cd8f8c10ec0b
IA-32:
php-4.3.9-3.22.i386.rpm 0067885b1a2c622dab0b2659ac39189d
php-devel-4.3.9-3.22.i386.rpm f4007c3c7c5804d2f8b2966549f45485
php-domxml-4.3.9-3.22.i386.rpm 6099d76e98d764484adb7d2535f24f37
php-gd-4.3.9-3.22.i386.rpm b06ea4791691f2c80e17d9386c19c3d7
php-imap-4.3.9-3.22.i386.rpm 2631dbea1fb7c74a212edf01c32dbdb8
php-ldap-4.3.9-3.22.i386.rpm 8c4db990b3d058505057e240081edabe
php-mbstring-4.3.9-3.22.i386.rpm b9b101f48f3e0fc2355d77ea11a31fb7
php-mysql-4.3.9-3.22.i386.rpm ea2fe798ece3915e18836fb05649167a
php-ncurses-4.3.9-3.22.i386.rpm 38f99ef0585340bcfbf50571e4abd146
php-odbc-4.3.9-3.22.i386.rpm a16182cc71c61a40d7125fc59614a94d
php-pear-4.3.9-3.22.i386.rpm fd51e9a92d2cbf334128c7a5965d8dfe
php-pgsql-4.3.9-3.22.i386.rpm e6c866ca18d53b5880182a27c0f0f3c1
php-snmp-4.3.9-3.22.i386.rpm 96e4a0b41c3851653537be4651acb181
php-xmlrpc-4.3.9-3.22.i386.rpm df071781b4905745f8005306809215ea
IA-64:
php-4.3.9-3.22.ia64.rpm e03e95b1b231c7d1041470df1cb20b88
php-devel-4.3.9-3.22.ia64.rpm 21f6917b4f11e4fd1444b8c0565d3464
php-domxml-4.3.9-3.22.ia64.rpm f4ddc27eb23f1fdbf94147374ba26a5b
php-gd-4.3.9-3.22.ia64.rpm ae3c91e4d89c32d9e1ea0a9050dcd071
php-imap-4.3.9-3.22.ia64.rpm 5213e2497c3207dc818397e4eed744ed
php-ldap-4.3.9-3.22.ia64.rpm 4716f9efb52d99adedd9307a9e72d207
php-mbstring-4.3.9-3.22.ia64.rpm a417bdc307612127a59707be62468e84
php-mysql-4.3.9-3.22.ia64.rpm 7e031129d7e5bb5c96d19348ed798e48
php-ncurses-4.3.9-3.22.ia64.rpm 29c881c335dc851988e2836b0c0716ed
php-odbc-4.3.9-3.22.ia64.rpm ac60d1f87b072811484d1ac6247d63e3
php-pear-4.3.9-3.22.ia64.rpm 8d211933c1609b1ef71e83a1cbf39bcc
php-pgsql-4.3.9-3.22.ia64.rpm 85cf38ce549350f197648738dc27e8ac
php-snmp-4.3.9-3.22.ia64.rpm a6bbeae52e324ddb3358f65e75c65205
php-xmlrpc-4.3.9-3.22.ia64.rpm 5f139b51a5abf46d6d6d84029f81b6ab
x86_64:
php-4.3.9-3.22.x86_64.rpm 085471928ff4dbde6ba7b40b06635062
php-devel-4.3.9-3.22.x86_64.rpm cd02436bba3b0512a0cc1959997c4a83
php-domxml-4.3.9-3.22.x86_64.rpm 7a3c76b8bd6d84055a4eb82c7741d56c
php-gd-4.3.9-3.22.x86_64.rpm 9e65d19b9b73cd9d64bcfb5b4b474334
php-imap-4.3.9-3.22.x86_64.rpm 7e5e8ed005e8594377ccbd0832154583
php-ldap-4.3.9-3.22.x86_64.rpm 95c97da74a3c1ee347001e6e7ec33d01
php-mbstring-4.3.9-3.22.x86_64.rpm 28164b292394b9c2e91d836dccddb429
php-mysql-4.3.9-3.22.x86_64.rpm 1934965b64a54e0d9a37251af02b3f31
php-ncurses-4.3.9-3.22.x86_64.rpm 8930d4801fceb82cf468a2c6e121093a
php-odbc-4.3.9-3.22.x86_64.rpm 97d71db6e2790f50f7289fa7ea181195
php-pear-4.3.9-3.22.x86_64.rpm e702b0f8f0a2c5bcec3cfb5d180ffeb5
php-pgsql-4.3.9-3.22.x86_64.rpm 194cee18d6d752e25e4db85e446717dc
php-snmp-4.3.9-3.22.x86_64.rpm e650c74b27ac987be8789fdcc6434a59
php-xmlrpc-4.3.9-3.22.x86_64.rpm 5f5f07ad2c0c24a980bd040d61c36dc1
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
--------------------------------------------------------------------------------
SRPMS:
php-4.1.2-2.13.src.rpm a389b1cf12dd65bd9d04729739378649
IA-64:
php-4.1.2-2.13.ia64.rpm 5aecc913b9c48d8d44416b0ce068579f
php-devel-4.1.2-2.13.ia64.rpm 934d8d93821fbcfba027b749848f6fc8
php-imap-4.1.2-2.13.ia64.rpm be0500ad21a8d4fc2e529b1dd261666a
php-ldap-4.1.2-2.13.ia64.rpm 6f50842d9fcc32881c8786e81be19d5d
php-manual-4.1.2-2.13.ia64.rpm 364fc84f6e69022284be68ce0ee16d10
php-mysql-4.1.2-2.13.ia64.rpm e6876036d08dd986fca2ab1b68782291
php-odbc-4.1.2-2.13.ia64.rpm 3b8f6512859a333fe87adaa4386418b1
php-pgsql-4.1.2-2.13.ia64.rpm 2920f1d9bdf41cd81d4c2ad23aad83ed
(The unlinked packages above are only available from the Red Hat Network)
Bugs fixed (see bugzilla for more information)
213543 - CVE-2006-5465 PHP buffer overflow
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
http://www.hardened-php.net/advisory_132006.138.html
http://www.redhat.com/security/updates/classification/#important
--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on how
to verify the signature are available from:
https://www.redhat.com/security/team/key/#package
The Red Hat security contact is secalert@redhat.com. More contact details at
http://www.redhat.com/security/team/contact/
[***** End Red Hat RHSA-2006:0730-6 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
R-020: HTTP Header Injection Vulnerabilities in the Flash Player Plugin
R-021: HP Tru64 UNIX Running dtmail
R-022: ClamAV
R-023: Python2.4 Buffer Overflow
R-024: Symantec Device Driver Elevation of Privilege
R-025: Security Vulnerability in Webmail
R-026: Webmin Multiple Vulnerabilities
R-027: HP NonStop Server Running G06.29
R-028: HP-UX Local Increased Privilege
R-029: Vulnerability With Graphics Driver for Solaris 10 and Linux