Oval Definition:oval:com.redhat.rhsa:def:20060276
Revision Date:2006-04-25Version:642
Title:RHSA-2006:0276: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

  • The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)

  • The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the "html_entity_decode()" function with untrusted input from the user and displayed the result. (CVE-2006-1490)

  • The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208)

  • An input validation error was found in the "mb_send_mail()" function. An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the "mb_send_mail()" function where the "To" parameter can be controlled by the attacker. (CVE-2005-3883)

    A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected Red Hat Enterprise Linux 3. (CVE-2005-2933).

    Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2003-1303
    CVE-2005-2933
    CVE-2005-3883
    CVE-2006-0208
    CVE-2006-0996
    CVE-2006-1490
    RHSA-2006:0276
    RHSA-2006:0276-01
    RHSA-2006:0276-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php is earlier than 0:4.3.2-30.ent
  • AND php is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-30.ent
  • AND php-odbc is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-30.ent
  • AND php-ldap is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-30.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-30.ent
  • AND php-imap is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-30.ent
  • AND php-pgsql is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-30.ent
  • AND php-mysql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php-imap is earlier than 0:4.3.9-3.12
  • AND php-imap is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.12
  • AND php-pgsql is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.12
  • AND php-xmlrpc is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.12
  • AND php-odbc is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.12
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.9-3.12
  • AND php is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.12
  • AND php-snmp is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.12
  • AND php-ncurses is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.12
  • AND php-pear is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.12
  • AND php-mbstring is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.12
  • AND php-domxml is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.12
  • AND php-ldap is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.12
  • AND php-gd is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.12
  • AND php-devel is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php is earlier than 0:4.3.2-30.ent
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-30.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-30.ent
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-30.ent
  • AND php-ldap is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-30.ent
  • AND php-mysql is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-30.ent
  • AND php-odbc is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-30.ent
  • AND php-pgsql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.12
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.12
  • AND php-devel is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.12
  • AND php-domxml is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.12
  • AND php-gd is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.12
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.12
  • AND php-ldap is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.12
  • AND php-mbstring is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.12
  • AND php-mysql is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.12
  • AND php-ncurses is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.12
  • AND php-odbc is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.12
  • AND php-pear is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.12
  • AND php-pgsql is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.12
  • AND php-snmp is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.12
  • AND php-xmlrpc is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.12
  • AND php is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:4.3.9-3.12
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-domxml is earlier than 0:4.3.9-3.12
  • AND php-domxml is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:4.3.9-3.12
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:4.3.9-3.12
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:4.3.9-3.12
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:4.3.9-3.12
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:4.3.9-3.12
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-ncurses is earlier than 0:4.3.9-3.12
  • AND php-ncurses is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:4.3.9-3.12
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pear is earlier than 0:4.3.9-3.12
  • AND php-pear is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:4.3.9-3.12
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:4.3.9-3.12
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:4.3.9-3.12
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
    • BACK