--------------------------------------------------------------------- Fedora Legacy Update Advisory Synopsis: Updated php packages fix security issues Advisory ID: FLSA:166943 Issue date: 2005-12-02 Product: Red Hat Linux, Fedora Core Keywords: Bugfix CVE Names: CVE-2005-2498 CVE-2005-3390 CVE-2005-3389 CVE-2005-3388 CVE-2005-3353 --------------------------------------------------------------------- --------------------------------------------------------------------- 1. Topic: Updated PHP packages that fix multiple security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. [Updated 2nd December 2005] Red Hat Linux 9 packages have been updated to add missing security patches. 2. Relevant releases/architectures: Red Hat Linux 7.3 - i386 Red Hat Linux 9 - i386 Fedora Core 1 - i386 Fedora Core 2 - i386 3. Problem description: A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2498 to this issue. A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Please note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue. A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389) A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388) A denial of service flaw was found in the way PHP processes EXIF image data. It is possible for an attacker to cause PHP to crash by supplying carefully crafted EXIF image data. (CVE-2005-3353) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via yum and apt. Many people find this an easier way to apply updates. To use yum issue: yum update or to use apt: apt-get update; apt-get upgrade This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. This assumes that you have yum or apt-get configured for obtaining Fedora Legacy content. Please visit http://www.fedoralegacy.org/docs for directions on how to configure yum and apt-get. 5. Bug IDs fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166943 6. RPMs required: Red Hat Linux 7.3: SRPM: http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm Red Hat Linux 9: SRPM: http://download.fedoralegacy.org/redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm i386: http://download.fedoralegacy.org/redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm Fedora Core 1: SRPM: http://download.fedoralegacy.org/fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm Fedora Core 2: SRPM: http://download.fedoralegacy.org/fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm i386: http://download.fedoralegacy.org/fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm http://download.fedoralegacy.org/fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm 7. Verification: SHA1 sum Package Name --------------------------------------------------------------------- 8bdf500386f11c6484c04361095061cce6c5c5f8 redhat/7.3/updates/i386/php-4.1.2-7.3.18.legacy.i386.rpm 592c870e99523279267a0daea98c7dc08b09e5ca redhat/7.3/updates/i386/php-devel-4.1.2-7.3.18.legacy.i386.rpm 9f84a76296d88673ba8354f416a6ee75b86afb3f redhat/7.3/updates/i386/php-imap-4.1.2-7.3.18.legacy.i386.rpm 8c4b7136f2cac5f8eea394db819e0f67a973e4ff redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.18.legacy.i386.rpm d579f333822efd11fb2fc1364d2b9218bd3547a9 redhat/7.3/updates/i386/php-manual-4.1.2-7.3.18.legacy.i386.rpm 50ec5b4419f70839b5c0b328a605189137477d12 redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.18.legacy.i386.rpm a73300b91e8ac8aee1792f5ec0975fb312b7f780 redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.18.legacy.i386.rpm af7de72af9756d6085d255544de389eb8f355c39 redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.18.legacy.i386.rpm d96277ec0aa9d37af3372eedb0868249ca96ff51 redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.18.legacy.i386.rpm 8a03b8a7832aba6baf825ec64778f4a321707405 redhat/7.3/updates/SRPMS/php-4.1.2-7.3.18.legacy.src.rpm a3770f044b61275fe671c2e41452fdc3556cd68b redhat/9/updates/i386/php-4.2.2-17.17.legacy.i386.rpm 282e79a54800f0f078702983a54391ddf97637eb redhat/9/updates/i386/php-devel-4.2.2-17.17.legacy.i386.rpm 08cf701a137ed486294e7768d3f1464d40ee72b0 redhat/9/updates/i386/php-imap-4.2.2-17.17.legacy.i386.rpm 1b882b5ad1933a567eeb03e9ea40f59a124bfd4f redhat/9/updates/i386/php-ldap-4.2.2-17.17.legacy.i386.rpm 11ce31a48256813fd0b61975b4189f9053ea0b37 redhat/9/updates/i386/php-manual-4.2.2-17.17.legacy.i386.rpm a23a1e0fc5f254f0b3284c20f35736e9c0cb70f4 redhat/9/updates/i386/php-mysql-4.2.2-17.17.legacy.i386.rpm 11204a5ad7b12dc80a021ebf23acaf5c791c518d redhat/9/updates/i386/php-odbc-4.2.2-17.17.legacy.i386.rpm 791b822042fed0cd3936e0148a51a215db3d7f78 redhat/9/updates/i386/php-pgsql-4.2.2-17.17.legacy.i386.rpm b93fc807a74caefeb1f0d848b4a6f2c268ec1508 redhat/9/updates/i386/php-snmp-4.2.2-17.17.legacy.i386.rpm 5df94b0dda6f043a8312a03be66689c2abd373ab redhat/9/updates/SRPMS/php-4.2.2-17.17.legacy.src.rpm cd04cc6c329e18a9c0c989cdb9a5fcdc9b6712c8 fedora/1/updates/i386/php-4.3.11-1.fc1.3.legacy.i386.rpm bdb82f6017f088488443cec5f97650aa172714bd fedora/1/updates/i386/php-devel-4.3.11-1.fc1.3.legacy.i386.rpm 5921f184247991ddac4b398a617abea8768cd9d5 fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.3.legacy.i386.rpm b38b1aabdcee19a8764b9156ffbd4a7fd15c5345 fedora/1/updates/i386/php-imap-4.3.11-1.fc1.3.legacy.i386.rpm ecb2bfd639fe1e44a389e2527babbd912279d6ad fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.3.legacy.i386.rpm 3bd193c7d75216cbe34cee7c637be042b2197693 fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.3.legacy.i386.rpm 0883a4ef7c03d8faebc90ed0f4a138e1f9b64c9f fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.3.legacy.i386.rpm 62017bd8700dcaceb2280443abb3e6fd17e9458e fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.3.legacy.i386.rpm c9a90440e780eb1420100ed8b0e28d92ddea0295 fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.3.legacy.i386.rpm ef627102ded443de2e78c33a29f76c6066f7bf5a fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.3.legacy.i386.rpm 38da5e66ead97e573a7105ad4a62a14c75763268 fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.3.legacy.i386.rpm d2b93da45a735956e980e8a5401c4b171644794a fedora/1/updates/SRPMS/php-4.3.11-1.fc1.3.legacy.src.rpm edce472b6a404a45bb0187ed2058929b51850423 fedora/2/updates/i386/php-4.3.11-1.fc2.4.legacy.i386.rpm 5f55d05ec4dbbbd6717a14f495bfe9948bec3837 fedora/2/updates/i386/php-devel-4.3.11-1.fc2.4.legacy.i386.rpm d308529686de245b33057c4ce1a7e0435ba748e6 fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.4.legacy.i386.rpm a85ba72dbcf8357c63bd7ddd71a8e7b1e270a0d0 fedora/2/updates/i386/php-imap-4.3.11-1.fc2.4.legacy.i386.rpm 8856c97f65e6dfdf5241faa5294a9a8883de049b fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.4.legacy.i386.rpm f7d1159e5756ba33282920d0923bcd338306a2c8 fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.4.legacy.i386.rpm 24d23bd41dc5c3233019a86a988057dfa8fd3576 fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.4.legacy.i386.rpm 618b32b0c28b71755c8f487b035649e44213b2cf fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.4.legacy.i386.rpm cf728abb52acc26f2f6d33dbb5135fdbd2ec4df0 fedora/2/updates/i386/php-pear-4.3.11-1.fc2.4.legacy.i386.rpm fe3a23d81b92930426f7dd3a5b687ef979d8a3b9 fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.4.legacy.i386.rpm 771c5041ed29045e4de59bcacbc0c640247c80e7 fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.4.legacy.i386.rpm 2962cc479b53c181dd67fdd4008ee904d81e71ac fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.4.legacy.i386.rpm 2c6d2007423a9334a22451521a742ca942677c57 fedora/2/updates/SRPMS/php-4.3.11-1.fc2.4.legacy.src.rpm These packages are GPG signed by Fedora Legacy for security. Our key is available from http://www.fedoralegacy.org/about/security.php You can verify each package with the following command: rpm --checksig -v <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the sha1sum with the following command: sha1sum <filename> 8. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 9. Contact: The Fedora Legacy security contact is <secnotice@xxxxxxxxxxxxxxxx>. More project details at http://www.fedoralegacy.org ---------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature