| Description: | Updated PHP packages that fix several security issues are now available forRed Hat Enterprise Linux 3 and 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web server.It was discovered that the PHP escapeshellcmdfunction did not properlyescape multi-byte characters which are not valid in the locale used by thescript. This could allow an attacker to bypass quoting restrictions imposedby escapeshellcmdand execute arbitrary commands if the PHP script wasusing certain locales. Scripts using the default UTF-8 locale are notaffected by this issue. (CVE-2008-2051) |