Oval Definition:oval:com.redhat.rhsa:def:20060568
Revision Date:2006-07-12Version:641
Title:RHSA-2006:0568: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

  • A directory traversal vulnerability was found in PHP. Local users could bypass open_basedir restrictions allowing remote attackers to create files in arbitrary directories via the tempnam() function. (CVE-2006-1494)

    The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow. (CVE-2006-1990)

  • A flaw was found in the zend_hash_del() PHP function. For PHP scripts that rely on the use of the unset() function, a remote attacker could force variable initialization to be bypassed. This would be a security issue particularly for installations that enable the "register_globals" setting. "register_globals" is disabled by default in Red Hat Enterprise Linux. (CVE-2006-3017)

    Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2006-1494
    CVE-2006-1990
    CVE-2006-3017
    RHSA-2006:0568
    RHSA-2006:0568-01
    RHSA-2006:0568-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php-odbc is earlier than 0:4.3.2-33.ent
  • AND php-odbc is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-33.ent
  • AND php-ldap is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-33.ent
  • AND php-imap is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-33.ent
  • AND php-pgsql is signed with Red Hat master key
  • php is earlier than 0:4.3.2-33.ent
  • AND php is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-33.ent
  • AND php-mysql is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-33.ent
  • AND php-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php-odbc is earlier than 0:4.3.9-3.15
  • AND php-odbc is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.15
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.9-3.15
  • AND php is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.15
  • AND php-snmp is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.15
  • AND php-ncurses is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.15
  • AND php-pear is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.15
  • AND php-mbstring is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.15
  • AND php-domxml is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.15
  • AND php-ldap is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.15
  • AND php-gd is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.15
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.15
  • AND php-imap is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.15
  • AND php-pgsql is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.15
  • AND php-xmlrpc is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php is earlier than 0:4.3.2-33.ent
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-33.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-33.ent
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-33.ent
  • AND php-ldap is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-33.ent
  • AND php-mysql is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-33.ent
  • AND php-odbc is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-33.ent
  • AND php-pgsql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.15
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.15
  • AND php-devel is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.15
  • AND php-domxml is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.15
  • AND php-gd is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.15
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.15
  • AND php-ldap is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.15
  • AND php-mbstring is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.15
  • AND php-mysql is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.15
  • AND php-ncurses is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.15
  • AND php-odbc is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.15
  • AND php-pear is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.15
  • AND php-pgsql is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.15
  • AND php-snmp is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.15
  • AND php-xmlrpc is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.15
  • AND php is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:4.3.9-3.15
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-domxml is earlier than 0:4.3.9-3.15
  • AND php-domxml is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:4.3.9-3.15
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:4.3.9-3.15
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:4.3.9-3.15
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:4.3.9-3.15
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:4.3.9-3.15
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-ncurses is earlier than 0:4.3.9-3.15
  • AND php-ncurses is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:4.3.9-3.15
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pear is earlier than 0:4.3.9-3.15
  • AND php-pear is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:4.3.9-3.15
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:4.3.9-3.15
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:4.3.9-3.15
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
    • BACK