LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

Synopsis:	Moderate: php security update
Issue date:	2011-02-03
CVE Names:	CVE-2009-5016 CVE-2010-3709 CVE-2010-3870
                   CVE-2010-4645

A flaw was found in the way PHP converted certain floating point values
from string representation to a number. If a PHP script evaluated an
attacker's input in a numeric context, the PHP interpreter could cause 
high CPU usage until the script execution time limit is reached. This 
issue only affected i386 systems. (CVE-2010-4645)

A numeric truncation error and an input validation flaw were found in 
the way the PHP utf8_decode() function decoded partial multi-byte 
sequences for some multi-byte encodings, sending them to output without 
them being escaped. An attacker could use these flaws to perform a 
cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870)

A NULL pointer dereference flaw was found in the PHP
ZipArchive::getArchiveComment function. If a script used this function 
to inspect a specially-crafted ZIP archive file, it could cause the PHP
interpreter to crash. (CVE-2010-3709)

After installing the updated packages, the httpd daemon must be 
restarted for the update to take effect.

SL 6.x

      SRPMS:
php-5.3.2-6.el6_0.1.src.rpm
      i386:
php-5.3.2-6.el6_0.1.i686.rpm
php-bcmath-5.3.2-6.el6_0.1.i686.rpm
php-cli-5.3.2-6.el6_0.1.i686.rpm
php-common-5.3.2-6.el6_0.1.i686.rpm
php-dba-5.3.2-6.el6_0.1.i686.rpm
php-devel-5.3.2-6.el6_0.1.i686.rpm
php-embedded-5.3.2-6.el6_0.1.i686.rpm
php-enchant-5.3.2-6.el6_0.1.i686.rpm
php-gd-5.3.2-6.el6_0.1.i686.rpm
php-imap-5.3.2-6.el6_0.1.i686.rpm
php-intl-5.3.2-6.el6_0.1.i686.rpm
php-ldap-5.3.2-6.el6_0.1.i686.rpm
php-mbstring-5.3.2-6.el6_0.1.i686.rpm
php-mysql-5.3.2-6.el6_0.1.i686.rpm
php-odbc-5.3.2-6.el6_0.1.i686.rpm
php-pdo-5.3.2-6.el6_0.1.i686.rpm
php-pgsql-5.3.2-6.el6_0.1.i686.rpm
php-process-5.3.2-6.el6_0.1.i686.rpm
php-pspell-5.3.2-6.el6_0.1.i686.rpm
php-recode-5.3.2-6.el6_0.1.i686.rpm
php-snmp-5.3.2-6.el6_0.1.i686.rpm
php-soap-5.3.2-6.el6_0.1.i686.rpm
php-tidy-5.3.2-6.el6_0.1.i686.rpm
php-xml-5.3.2-6.el6_0.1.i686.rpm
php-xmlrpc-5.3.2-6.el6_0.1.i686.rpm
php-zts-5.3.2-6.el6_0.1.i686.rpm
      x86_64:
php-5.3.2-6.el6_0.1.x86_64.rpm
php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm
php-cli-5.3.2-6.el6_0.1.x86_64.rpm
php-common-5.3.2-6.el6_0.1.x86_64.rpm
php-dba-5.3.2-6.el6_0.1.x86_64.rpm
php-devel-5.3.2-6.el6_0.1.x86_64.rpm
php-embedded-5.3.2-6.el6_0.1.x86_64.rpm
php-enchant-5.3.2-6.el6_0.1.x86_64.rpm
php-gd-5.3.2-6.el6_0.1.x86_64.rpm
php-imap-5.3.2-6.el6_0.1.x86_64.rpm
php-intl-5.3.2-6.el6_0.1.x86_64.rpm
php-ldap-5.3.2-6.el6_0.1.x86_64.rpm
php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm
php-mysql-5.3.2-6.el6_0.1.x86_64.rpm
php-odbc-5.3.2-6.el6_0.1.x86_64.rpm
php-pdo-5.3.2-6.el6_0.1.x86_64.rpm
php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm
php-process-5.3.2-6.el6_0.1.x86_64.rpm
php-pspell-5.3.2-6.el6_0.1.x86_64.rpm
php-recode-5.3.2-6.el6_0.1.x86_64.rpm
php-snmp-5.3.2-6.el6_0.1.x86_64.rpm
php-soap-5.3.2-6.el6_0.1.x86_64.rpm
php-tidy-5.3.2-6.el6_0.1.x86_64.rpm
php-xml-5.3.2-6.el6_0.1.x86_64.rpm
php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm
php-zts-5.3.2-6.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson