Oval Definition:oval:com.redhat.rhsa:def:20070155
Revision Date:2007-04-16Version:635
Title:RHSA-2007:0155: php security update (Important)
Description:PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285)

  • A flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass arbitrary data to PHP's unserialize() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1286)

  • A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)

  • A double free flaw was found in PHP's session_decode() function. If a remote attacker was able to pass arbitrary data to PHP's session_decode() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1711)

  • A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718)

  • A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)

  • A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455)

    Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2007-0455
    CVE-2007-1001
    CVE-2007-1285
    CVE-2007-1286
    CVE-2007-1583
    CVE-2007-1711
    CVE-2007-1718
    RHSA-2007:0155
    RHSA-2007:0155-01
    RHSA-2007:0155-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php-pgsql is earlier than 0:4.3.2-40.ent
  • AND php-pgsql is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-40.ent
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.2-40.ent
  • AND php is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-40.ent
  • AND php-imap is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-40.ent
  • AND php-devel is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-40.ent
  • AND php-odbc is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-40.ent
  • AND php-ldap is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php-mbstring is earlier than 0:4.3.9-3.22.4
  • AND php-mbstring is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.22.4
  • AND php-pgsql is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.22.4
  • AND php-pear is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.22.4
  • AND php-ldap is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.22.4
  • AND php-devel is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.22.4
  • AND php-gd is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.22.4
  • AND php-snmp is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.22.4
  • AND php-imap is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.22.4
  • AND php-mysql is signed with Red Hat master key
  • php is earlier than 0:4.3.9-3.22.4
  • AND php is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.22.4
  • AND php-domxml is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.22.4
  • AND php-xmlrpc is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.22.4
  • AND php-odbc is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.22.4
  • AND php-ncurses is signed with Red Hat master key
  • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • php is earlier than 0:4.3.2-40.ent
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.2-40.ent
  • AND php-devel is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.2-40.ent
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.2-40.ent
  • AND php-ldap is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.2-40.ent
  • AND php-mysql is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.2-40.ent
  • AND php-odbc is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.2-40.ent
  • AND php-pgsql is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.22.4
  • AND php is signed with Red Hat master key
  • php-devel is earlier than 0:4.3.9-3.22.4
  • AND php-devel is signed with Red Hat master key
  • php-domxml is earlier than 0:4.3.9-3.22.4
  • AND php-domxml is signed with Red Hat master key
  • php-gd is earlier than 0:4.3.9-3.22.4
  • AND php-gd is signed with Red Hat master key
  • php-imap is earlier than 0:4.3.9-3.22.4
  • AND php-imap is signed with Red Hat master key
  • php-ldap is earlier than 0:4.3.9-3.22.4
  • AND php-ldap is signed with Red Hat master key
  • php-mbstring is earlier than 0:4.3.9-3.22.4
  • AND php-mbstring is signed with Red Hat master key
  • php-mysql is earlier than 0:4.3.9-3.22.4
  • AND php-mysql is signed with Red Hat master key
  • php-ncurses is earlier than 0:4.3.9-3.22.4
  • AND php-ncurses is signed with Red Hat master key
  • php-odbc is earlier than 0:4.3.9-3.22.4
  • AND php-odbc is signed with Red Hat master key
  • php-pear is earlier than 0:4.3.9-3.22.4
  • AND php-pear is signed with Red Hat master key
  • php-pgsql is earlier than 0:4.3.9-3.22.4
  • AND php-pgsql is signed with Red Hat master key
  • php-snmp is earlier than 0:4.3.9-3.22.4
  • AND php-snmp is signed with Red Hat master key
  • php-xmlrpc is earlier than 0:4.3.9-3.22.4
  • AND php-xmlrpc is signed with Red Hat master key
  • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • php is earlier than 0:4.3.9-3.22.4
  • AND php is signed with Red Hat redhatrelease2 key
  • php-devel is earlier than 0:4.3.9-3.22.4
  • AND php-devel is signed with Red Hat redhatrelease2 key
  • php-domxml is earlier than 0:4.3.9-3.22.4
  • AND php-domxml is signed with Red Hat redhatrelease2 key
  • php-gd is earlier than 0:4.3.9-3.22.4
  • AND php-gd is signed with Red Hat redhatrelease2 key
  • php-imap is earlier than 0:4.3.9-3.22.4
  • AND php-imap is signed with Red Hat redhatrelease2 key
  • php-ldap is earlier than 0:4.3.9-3.22.4
  • AND php-ldap is signed with Red Hat redhatrelease2 key
  • php-mbstring is earlier than 0:4.3.9-3.22.4
  • AND php-mbstring is signed with Red Hat redhatrelease2 key
  • php-mysql is earlier than 0:4.3.9-3.22.4
  • AND php-mysql is signed with Red Hat redhatrelease2 key
  • php-ncurses is earlier than 0:4.3.9-3.22.4
  • AND php-ncurses is signed with Red Hat redhatrelease2 key
  • php-odbc is earlier than 0:4.3.9-3.22.4
  • AND php-odbc is signed with Red Hat redhatrelease2 key
  • php-pear is earlier than 0:4.3.9-3.22.4
  • AND php-pear is signed with Red Hat redhatrelease2 key
  • php-pgsql is earlier than 0:4.3.9-3.22.4
  • AND php-pgsql is signed with Red Hat redhatrelease2 key
  • php-snmp is earlier than 0:4.3.9-3.22.4
  • AND php-snmp is signed with Red Hat redhatrelease2 key
  • php-xmlrpc is earlier than 0:4.3.9-3.22.4
  • AND php-xmlrpc is signed with Red Hat redhatrelease2 key
  • BACK