Oval Definition:oval:com.redhat.rhsa:def:20050406
Revision Date:2005-05-04Version:502
Title:RHSA-2005:406: PHP security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues.

A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue.

A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.

Several bug fixes are also included in this update:

- some performance issues in the unserialize() function have been fixed

- the behaviour of the interpreter when handling integer overflow during conversion of a floating variable to an integer has been reverted to match the behaviour used upstream; the integer will now be wrapped rather than truncated

- a fix for the virtual() function in the Apache httpd module which would flush the response prematurely

- the hard-coded default "safe mode" setting is now "disabled" rather than "enabled"; to match the default /etc/php.ini setting

- in the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392).

Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2004-1392
CVE-2005-0524
CVE-2005-0525
CVE-2005-1042
CVE-2005-1043
RHSA-2005:406-01
Platform(s):Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 4 is installed
  • AND Package Information
  • php-gd is earlier than 0:4.3.9-3.6
  • AND php-gd is signed with Red Hat master key
  • OR
  • php-odbc is earlier than 0:4.3.9-3.6
  • AND php-odbc is signed with Red Hat master key
  • OR
  • php-mysql is earlier than 0:4.3.9-3.6
  • AND php-mysql is signed with Red Hat master key
  • OR
  • php is earlier than 0:4.3.9-3.6
  • AND php is signed with Red Hat master key
  • OR
  • php-xmlrpc is earlier than 0:4.3.9-3.6
  • AND php-xmlrpc is signed with Red Hat master key
  • OR
  • php-mbstring is earlier than 0:4.3.9-3.6
  • AND php-mbstring is signed with Red Hat master key
  • OR
  • php-pgsql is earlier than 0:4.3.9-3.6
  • AND php-pgsql is signed with Red Hat master key
  • OR
  • php-devel is earlier than 0:4.3.9-3.6
  • AND php-devel is signed with Red Hat master key
  • OR
  • php-ncurses is earlier than 0:4.3.9-3.6
  • AND php-ncurses is signed with Red Hat master key
  • OR
  • php-snmp is earlier than 0:4.3.9-3.6
  • AND php-snmp is signed with Red Hat master key
  • OR
  • php-imap is earlier than 0:4.3.9-3.6
  • AND php-imap is signed with Red Hat master key
  • OR
  • php-pear is earlier than 0:4.3.9-3.6
  • AND php-pear is signed with Red Hat master key
  • OR
  • php-domxml is earlier than 0:4.3.9-3.6
  • AND php-domxml is signed with Red Hat master key
  • OR
  • php-ldap is earlier than 0:4.3.9-3.6
  • AND php-ldap is signed with Red Hat master key
  • BACK