Oval Definition:oval:com.redhat.rhsa:def:20050748
Revision Date:2005-08-19Version:502
Title:RHSA-2005:748: php security update (Important)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.

When using the default SELinux "targeted" policy on Red Hat Enterprise Linux 4, the impact of this issue is reduced since the scripts executed by PHP are constrained within the httpd_sys_script_t security context.

Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2005-2498
RHSA-2005:748-01
Platform(s):Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Product(s):
Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php-odbc is earlier than 0:4.3.2-25.ent
  • AND php-odbc is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-25.ent
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.2-25.ent
  • AND php is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-25.ent
  • AND php-pgsql is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-25.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-25.ent
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-25.ent
  • AND php-ldap is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php-gd is earlier than 0:4.3.9-3.8
  • AND php-gd is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.8
  • AND php-odbc is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.8
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.9-3.8
  • AND php is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.8
  • AND php-xmlrpc is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.8
  • AND php-mbstring is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.8
  • AND php-pgsql is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.8
  • AND php-devel is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.8
  • AND php-ncurses is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.8
  • AND php-snmp is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.8
  • AND php-imap is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.8
  • AND php-pear is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.8
  • AND php-domxml is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.8
  • AND php-ldap is signed with Red Hat master key
    • BACK