Oval Definition:oval:com.redhat.rhsa:def:20060669
Revision Date:2006-09-21Version:645
Title:RHSA-2006:0669: php security update (Moderate)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

  • A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016)

  • A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)

  • An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)

  • A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484)

  • An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)

    Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2006-3016
    CVE-2006-4020
    CVE-2006-4482
    CVE-2006-4484
    CVE-2006-4486
    RHSA-2006:0669
    RHSA-2006:0669-01
    RHSA-2006:0669-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php-imap is earlier than 0:4.3.2-36.ent
  • AND php-imap is signed with Red Hat master key
  • php is earlier than 0:4.3.2-36.ent
  • AND php is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-36.ent
  • AND php-mysql is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-36.ent
  • AND php-odbc is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-36.ent
  • AND php-pgsql is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-36.ent
  • AND php-ldap is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-36.ent
  • AND php-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php-snmp is earlier than 0:4.3.9-3.18
  • AND php-snmp is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.18
  • AND php-ncurses is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.18
  • AND php-pear is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.18
  • AND php-mbstring is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.18
  • AND php-domxml is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.18
  • AND php-ldap is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.18
  • AND php-devel is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.18
  • AND php-gd is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.18
  • AND php-imap is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.18
  • AND php-pgsql is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.18
  • AND php-xmlrpc is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.18
  • AND php-odbc is signed with Red Hat master key
  • php is earlier than 0:4.3.9-3.18
  • AND php is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.18
  • AND php-mysql is signed with Red Hat master key
  • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php is earlier than 0:4.3.2-36.ent
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-36.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-36.ent
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-36.ent
  • AND php-ldap is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-36.ent
  • AND php-mysql is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-36.ent
  • AND php-odbc is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-36.ent
  • AND php-pgsql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.18
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.18
  • AND php-devel is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.18
  • AND php-domxml is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.18
  • AND php-gd is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.18
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.18
  • AND php-ldap is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.18
  • AND php-mbstring is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.18
  • AND php-mysql is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.18
  • AND php-ncurses is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.18
  • AND php-odbc is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.18
  • AND php-pear is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.18
  • AND php-pgsql is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.18
  • AND php-snmp is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.18
  • AND php-xmlrpc is signed with Red Hat master key
  • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.18
  • AND php is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:4.3.9-3.18
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-domxml is earlier than 0:4.3.9-3.18
  • AND php-domxml is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:4.3.9-3.18
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:4.3.9-3.18
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:4.3.9-3.18
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:4.3.9-3.18
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:4.3.9-3.18
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-ncurses is earlier than 0:4.3.9-3.18
  • AND php-ncurses is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:4.3.9-3.18
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pear is earlier than 0:4.3.9-3.18
  • AND php-pear is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:4.3.9-3.18
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:4.3.9-3.18
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:4.3.9-3.18
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
  • BACK