Synopsis: Moderate: php53 security update Issue date: 2011-02-03 CVE Names: CVE-2010-3710 CVE-2010-4156 CVE-2010-4645 A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A stack memory exhaustion flaw was found in the way the PHP filter_var() function validated email addresses. An attacker could use this flaw to crash the PHP interpreter by providing excessively long input to be validated as an email address. (CVE-2010-3710) A memory disclosure flaw was found in the PHP multi-byte string extension. If the mb_strcut() function was called with a length argument exceeding the input string size, the function could disclose a portion of the PHP interpreter's memory. (CVE-2010-4156) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. SL 5.x SRPMS: php53-5.3.3-1.el5_6.1.src.rpm i386: php53-5.3.3-1.el5_6.1.i386.rpm php53-bcmath-5.3.3-1.el5_6.1.i386.rpm php53-cli-5.3.3-1.el5_6.1.i386.rpm php53-common-5.3.3-1.el5_6.1.i386.rpm php53-dba-5.3.3-1.el5_6.1.i386.rpm php53-devel-5.3.3-1.el5_6.1.i386.rpm php53-gd-5.3.3-1.el5_6.1.i386.rpm php53-imap-5.3.3-1.el5_6.1.i386.rpm php53-intl-5.3.3-1.el5_6.1.i386.rpm php53-ldap-5.3.3-1.el5_6.1.i386.rpm php53-mbstring-5.3.3-1.el5_6.1.i386.rpm php53-mysql-5.3.3-1.el5_6.1.i386.rpm php53-odbc-5.3.3-1.el5_6.1.i386.rpm php53-pdo-5.3.3-1.el5_6.1.i386.rpm php53-pgsql-5.3.3-1.el5_6.1.i386.rpm php53-process-5.3.3-1.el5_6.1.i386.rpm php53-pspell-5.3.3-1.el5_6.1.i386.rpm php53-snmp-5.3.3-1.el5_6.1.i386.rpm php53-soap-5.3.3-1.el5_6.1.i386.rpm php53-xml-5.3.3-1.el5_6.1.i386.rpm php53-xmlrpc-5.3.3-1.el5_6.1.i386.rpm x86_64: php53-5.3.3-1.el5_6.1.x86_64.rpm php53-bcmath-5.3.3-1.el5_6.1.x86_64.rpm php53-cli-5.3.3-1.el5_6.1.x86_64.rpm php53-common-5.3.3-1.el5_6.1.x86_64.rpm php53-dba-5.3.3-1.el5_6.1.x86_64.rpm php53-devel-5.3.3-1.el5_6.1.x86_64.rpm php53-gd-5.3.3-1.el5_6.1.x86_64.rpm php53-imap-5.3.3-1.el5_6.1.x86_64.rpm php53-intl-5.3.3-1.el5_6.1.x86_64.rpm php53-ldap-5.3.3-1.el5_6.1.x86_64.rpm php53-mbstring-5.3.3-1.el5_6.1.x86_64.rpm php53-mysql-5.3.3-1.el5_6.1.x86_64.rpm php53-odbc-5.3.3-1.el5_6.1.x86_64.rpm php53-pdo-5.3.3-1.el5_6.1.x86_64.rpm php53-pgsql-5.3.3-1.el5_6.1.x86_64.rpm php53-process-5.3.3-1.el5_6.1.x86_64.rpm php53-pspell-5.3.3-1.el5_6.1.x86_64.rpm php53-snmp-5.3.3-1.el5_6.1.x86_64.rpm php53-soap-5.3.3-1.el5_6.1.x86_64.rpm php53-xml-5.3.3-1.el5_6.1.x86_64.rpm php53-xmlrpc-5.3.3-1.el5_6.1.x86_64.rpm -Connie Sieh -Troy Dawson