Synopsis: Moderate: php security update Issue date: 2011-02-03 CVE Names: CVE-2009-5016 CVE-2010-3709 CVE-2010-3870 CVE-2010-4645 A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870) A NULL pointer dereference flaw was found in the PHP ZipArchive::getArchiveComment function. If a script used this function to inspect a specially-crafted ZIP archive file, it could cause the PHP interpreter to crash. (CVE-2010-3709) After installing the updated packages, the httpd daemon must be restarted for the update to take effect. SL 6.x SRPMS: php-5.3.2-6.el6_0.1.src.rpm i386: php-5.3.2-6.el6_0.1.i686.rpm php-bcmath-5.3.2-6.el6_0.1.i686.rpm php-cli-5.3.2-6.el6_0.1.i686.rpm php-common-5.3.2-6.el6_0.1.i686.rpm php-dba-5.3.2-6.el6_0.1.i686.rpm php-devel-5.3.2-6.el6_0.1.i686.rpm php-embedded-5.3.2-6.el6_0.1.i686.rpm php-enchant-5.3.2-6.el6_0.1.i686.rpm php-gd-5.3.2-6.el6_0.1.i686.rpm php-imap-5.3.2-6.el6_0.1.i686.rpm php-intl-5.3.2-6.el6_0.1.i686.rpm php-ldap-5.3.2-6.el6_0.1.i686.rpm php-mbstring-5.3.2-6.el6_0.1.i686.rpm php-mysql-5.3.2-6.el6_0.1.i686.rpm php-odbc-5.3.2-6.el6_0.1.i686.rpm php-pdo-5.3.2-6.el6_0.1.i686.rpm php-pgsql-5.3.2-6.el6_0.1.i686.rpm php-process-5.3.2-6.el6_0.1.i686.rpm php-pspell-5.3.2-6.el6_0.1.i686.rpm php-recode-5.3.2-6.el6_0.1.i686.rpm php-snmp-5.3.2-6.el6_0.1.i686.rpm php-soap-5.3.2-6.el6_0.1.i686.rpm php-tidy-5.3.2-6.el6_0.1.i686.rpm php-xml-5.3.2-6.el6_0.1.i686.rpm php-xmlrpc-5.3.2-6.el6_0.1.i686.rpm php-zts-5.3.2-6.el6_0.1.i686.rpm x86_64: php-5.3.2-6.el6_0.1.x86_64.rpm php-bcmath-5.3.2-6.el6_0.1.x86_64.rpm php-cli-5.3.2-6.el6_0.1.x86_64.rpm php-common-5.3.2-6.el6_0.1.x86_64.rpm php-dba-5.3.2-6.el6_0.1.x86_64.rpm php-devel-5.3.2-6.el6_0.1.x86_64.rpm php-embedded-5.3.2-6.el6_0.1.x86_64.rpm php-enchant-5.3.2-6.el6_0.1.x86_64.rpm php-gd-5.3.2-6.el6_0.1.x86_64.rpm php-imap-5.3.2-6.el6_0.1.x86_64.rpm php-intl-5.3.2-6.el6_0.1.x86_64.rpm php-ldap-5.3.2-6.el6_0.1.x86_64.rpm php-mbstring-5.3.2-6.el6_0.1.x86_64.rpm php-mysql-5.3.2-6.el6_0.1.x86_64.rpm php-odbc-5.3.2-6.el6_0.1.x86_64.rpm php-pdo-5.3.2-6.el6_0.1.x86_64.rpm php-pgsql-5.3.2-6.el6_0.1.x86_64.rpm php-process-5.3.2-6.el6_0.1.x86_64.rpm php-pspell-5.3.2-6.el6_0.1.x86_64.rpm php-recode-5.3.2-6.el6_0.1.x86_64.rpm php-snmp-5.3.2-6.el6_0.1.x86_64.rpm php-soap-5.3.2-6.el6_0.1.x86_64.rpm php-tidy-5.3.2-6.el6_0.1.x86_64.rpm php-xml-5.3.2-6.el6_0.1.x86_64.rpm php-xmlrpc-5.3.2-6.el6_0.1.x86_64.rpm php-zts-5.3.2-6.el6_0.1.x86_64.rpm -Connie Sieh -Troy Dawson