English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Date: Fri Nov 11 03:54:32 2005
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 i386 php - security update (CENTOSPLUS only)

CentOS Errata and Security Advisory 2005:1110-001

Moderate CentOS 4 i386 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
------------------
Name        : php
Version     : 5.0.4                  Vendor: CentOS
Release     : 4.centos4              Build Date: Fri 11 Nov 2005
Install Date: (not installed)        Build Host: build-i386
Group       : Development/Languages  
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny@centos.org>
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------

Update Information:

This update is considered moderate by the CentOS Development Team.

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html

https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
php-5.0.4-4.centos4.i386.rpm
php-bcmath-5.0.4-4.centos4.i386.rpm
php-dba-5.0.4-4.centos4.i386.rpm
php-devel-5.0.4-4.centos4.i386.rpm
php-gd-5.0.4-4.centos4.i386.rpm
php-imap-5.0.4-4.centos4.i386.rpm
php-ldap-5.0.4-4.centos4.i386.rpm
php-mbstring-5.0.4-4.centos4.i386.rpm
php-mysql-5.0.4-4.centos4.i386.rpm
php-ncurses-5.0.4-4.centos4.i386.rpm
php-odbc-5.0.4-4.centos4.i386.rpm
php-pear-5.0.4-4.centos4.i386.rpm
php-pgsql-5.0.4-4.centos4.i386.rpm
php-snmp-5.0.4-4.centos4.i386.rpm
php-soap-5.0.4-4.centos4.i386.rpm
php-xml-5.0.4-4.centos4.i386.rpm
php-xmlrpc-5.0.4-4.centos4.i386.rpm

src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/0c2f1fd2/attachment.bin




Date: Fri Nov 11 03:55:24 2005
Subject: [CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 x86_64 php - security update (CENTOSPLUS only)

CentOS Errata and Security Advisory 2005:1110-001

Moderate CentOS 4 x86_64 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
-------------------
Name        : php
Version     : 5.0.4                  Vendor: CentOS
Release     : 4.centos4              Build Date: Fri 11 Nov 2005
Install Date: (not installed)        Build Host: build-i386
Group       : Development/Languages  
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny@centos.org>
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------

Update Information:

This update is considered moderate by the CentOS Development Team.

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html

https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

x86_64:
php-5.0.4-4.centos4.x86_64.rpm
php-bcmath-5.0.4-4.centos4.x86_64.rpm
php-dba-5.0.4-4.centos4.x86_64.rpm
php-devel-5.0.4-4.centos4.x86_64.rpm
php-gd-5.0.4-4.centos4.x86_64.rpm
php-imap-5.0.4-4.centos4.x86_64.rpm
php-ldap-5.0.4-4.centos4.x86_64.rpm
php-mbstring-5.0.4-4.centos4.x86_64.rpm
php-mysql-5.0.4-4.centos4.x86_64.rpm
php-ncurses-5.0.4-4.centos4.x86_64.rpm
php-odbc-5.0.4-4.centos4.x86_64.rpm
php-pear-5.0.4-4.centos4.x86_64.rpm
php-pgsql-5.0.4-4.centos4.x86_64.rpm
php-snmp-5.0.4-4.centos4.x86_64.rpm
php-soap-5.0.4-4.centos4.x86_64.rpm
php-xml-5.0.4-4.centos4.x86_64.rpm
php-xmlrpc-5.0.4-4.centos4.x86_64.rpm

src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos-announce/attachments/20051110/63467c32/attachment.bin

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.