LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

September 2007

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA September 2007

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA for php on SL5.x, SL4.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Thu, 20 Sep 2007 15:06:01 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (124 lines)

Synopsis:	Moderate: php security update
Issue date:	2007-09-20
CVE Names:	CVE-2007-2756 CVE-2007-2872 CVE-2007-3799
                 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658
                 CVE-2007-4670

Various integer overflow flaws were found in the PHP gd extension. A script
that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)

An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_script function
with a user-supplied third argument. (CVE-2007-2872)

A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)

An infinite-loop flaw was discovered in the PHP gd extension. A script
that could be forced to process PNG images from an untrusted source could
allow a remote attacker to cause a denial of service. (CVE-2007-2756)

SL 4.x

   SRPMS:
php-4.3.9-3.22.9.src.rpm
   i386:
php-4.3.9-3.22.9.i386.rpm
php-devel-4.3.9-3.22.9.i386.rpm
php-domxml-4.3.9-3.22.9.i386.rpm
php-gd-4.3.9-3.22.9.i386.rpm
php-imap-4.3.9-3.22.9.i386.rpm
php-ldap-4.3.9-3.22.9.i386.rpm
php-mbstring-4.3.9-3.22.9.i386.rpm
php-mysql-4.3.9-3.22.9.i386.rpm
php-ncurses-4.3.9-3.22.9.i386.rpm
php-odbc-4.3.9-3.22.9.i386.rpm
php-pear-4.3.9-3.22.9.i386.rpm
php-pgsql-4.3.9-3.22.9.i386.rpm
php-snmp-4.3.9-3.22.9.i386.rpm
php-xmlrpc-4.3.9-3.22.9.i386.rpm
   x86_64:
php-4.3.9-3.22.9.x86_64.rpm
php-devel-4.3.9-3.22.9.x86_64.rpm
php-domxml-4.3.9-3.22.9.x86_64.rpm
php-gd-4.3.9-3.22.9.x86_64.rpm
php-imap-4.3.9-3.22.9.x86_64.rpm
php-ldap-4.3.9-3.22.9.x86_64.rpm
php-mbstring-4.3.9-3.22.9.x86_64.rpm
php-mysql-4.3.9-3.22.9.x86_64.rpm
php-ncurses-4.3.9-3.22.9.x86_64.rpm
php-odbc-4.3.9-3.22.9.x86_64.rpm
php-pear-4.3.9-3.22.9.x86_64.rpm
php-pgsql-4.3.9-3.22.9.x86_64.rpm
php-snmp-4.3.9-3.22.9.x86_64.rpm
php-xmlrpc-4.3.9-3.22.9.x86_64.rpm

SL 5.x

   SRPMS:
php-5.1.6-15.el5.src.rpm
   i386:
php-5.1.6-15.el5.i386.rpm
php-bcmath-5.1.6-15.el5.i386.rpm
php-cli-5.1.6-15.el5.i386.rpm
php-common-5.1.6-15.el5.i386.rpm
php-dba-5.1.6-15.el5.i386.rpm
php-devel-5.1.6-15.el5.i386.rpm
php-gd-5.1.6-15.el5.i386.rpm
php-imap-5.1.6-15.el5.i386.rpm
php-ldap-5.1.6-15.el5.i386.rpm
php-mbstring-5.1.6-15.el5.i386.rpm
php-mysql-5.1.6-15.el5.i386.rpm
php-ncurses-5.1.6-15.el5.i386.rpm
php-odbc-5.1.6-15.el5.i386.rpm
php-pdo-5.1.6-15.el5.i386.rpm
php-pgsql-5.1.6-15.el5.i386.rpm
php-snmp-5.1.6-15.el5.i386.rpm
php-soap-5.1.6-15.el5.i386.rpm
php-xml-5.1.6-15.el5.i386.rpm
php-xmlrpc-5.1.6-15.el5.i386.rpm
   x86_64:
php-5.1.6-15.el5.x86_64.rpm
php-bcmath-5.1.6-15.el5.x86_64.rpm
php-cli-5.1.6-15.el5.x86_64.rpm
php-common-5.1.6-15.el5.x86_64.rpm
php-dba-5.1.6-15.el5.x86_64.rpm
php-devel-5.1.6-15.el5.x86_64.rpm
php-gd-5.1.6-15.el5.x86_64.rpm
php-imap-5.1.6-15.el5.x86_64.rpm
php-ldap-5.1.6-15.el5.x86_64.rpm
php-mbstring-5.1.6-15.el5.x86_64.rpm
php-mysql-5.1.6-15.el5.x86_64.rpm
php-ncurses-5.1.6-15.el5.x86_64.rpm
php-odbc-5.1.6-15.el5.x86_64.rpm
php-pdo-5.1.6-15.el5.x86_64.rpm
php-pgsql-5.1.6-15.el5.x86_64.rpm
php-snmp-5.1.6-15.el5.x86_64.rpm
php-soap-5.1.6-15.el5.x86_64.rpm
php-xml-5.1.6-15.el5.x86_64.rpm
php-xmlrpc-5.1.6-15.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV