English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 158599 CVE descriptions
and 75017 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: php security update
Advisory ID:       RHSA-2007:0355-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0355.html
Issue date:        2007-05-10
Updated on:        2007-05-10
Product:           Red Hat Application Stack
CVE Names:         CVE-2007-1864 CVE-2007-2509 CVE-2007-2510 
- ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix several security issues are now available for
Red Hat Application Stack.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) - i386, x86_64
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) - i386, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server. 

A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension.  A
PHP script which implements an XML-RPC server using this extension
could allow a remote attacker to execute arbitrary code as the 'apache'
user.  Note that this flaw does not affect PHP applications using the
pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension.  If a PHP script used this
extension to provide access to a private FTP server, and passed untrusted
script input directly to any function provided by this extension, a remote
attacker would be able to send arbitrary FTP commands to the server. 
(CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap' extension, regarding the
handling of an HTTP redirect response when using the SOAP client provided
by this extension with an untrusted SOAP server. No mechanism to trigger
this flaw remotely is known. (CVE-2007-2510)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

239020 - CVE-2007-1864 various PHP security issues (CVE-2007-2509 CVE-2007-2510)

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.7.src.rpm
cff9b05cdb9d99d8c3290475931ea9a7  php-5.1.6-3.el4s1.7.src.rpm

i386:
04367a352aa071fbed93cf3788f7fe6f  php-5.1.6-3.el4s1.7.i386.rpm
0db0392959cd799affd85dbfceec269e  php-bcmath-5.1.6-3.el4s1.7.i386.rpm
a810a48a8a9ad5016f4f50c69a311099  php-cli-5.1.6-3.el4s1.7.i386.rpm
fe8b49b9e79d710c133975e5056d069f  php-common-5.1.6-3.el4s1.7.i386.rpm
d71d3d49b1ea3991c3078c7a7799f6ee  php-dba-5.1.6-3.el4s1.7.i386.rpm
854d7952e23fae74baa43175b316244e  php-debuginfo-5.1.6-3.el4s1.7.i386.rpm
847357a3cdc3b2f71fdd6055dc8596e6  php-devel-5.1.6-3.el4s1.7.i386.rpm
fca2d8725c370539ce45578b4c1b46ec  php-gd-5.1.6-3.el4s1.7.i386.rpm
2b372a600032e9e5f15c85404c6f9bee  php-imap-5.1.6-3.el4s1.7.i386.rpm
5273a2328242f8bffae5d688e4faa4f4  php-ldap-5.1.6-3.el4s1.7.i386.rpm
4fed146b78166396ba55249659e2e9a2  php-mbstring-5.1.6-3.el4s1.7.i386.rpm
e8bda2b233e83b64ac65dd0ee1fbc38a  php-mysql-5.1.6-3.el4s1.7.i386.rpm
da4d850e7d8ab8a483a946fb840e63cd  php-ncurses-5.1.6-3.el4s1.7.i386.rpm
d027f436fe6b4a1ea992d740300ef0c1  php-odbc-5.1.6-3.el4s1.7.i386.rpm
966b8b90d0bdf8ea4a62b943255a768e  php-pdo-5.1.6-3.el4s1.7.i386.rpm
d05bfc8a816b6360f60b861dd935032c  php-pgsql-5.1.6-3.el4s1.7.i386.rpm
a68350514cfd237aec23ae80cc9e16f3  php-snmp-5.1.6-3.el4s1.7.i386.rpm
bd771df1a22fcfacafda52f16f1644d0  php-soap-5.1.6-3.el4s1.7.i386.rpm
5dc95397755aa44c4ef051ec0b8dbc3c  php-xml-5.1.6-3.el4s1.7.i386.rpm
ea58cf29c6254f96ce30cfbcd9c549e6  php-xmlrpc-5.1.6-3.el4s1.7.i386.rpm

x86_64:
742ecefe4b335801ccc2042e8856ac85  php-5.1.6-3.el4s1.7.x86_64.rpm
2660a29ec897fd657793ed4e5e8b0273  php-bcmath-5.1.6-3.el4s1.7.x86_64.rpm
f6da9c8cbb02cd031f98047459edcb30  php-cli-5.1.6-3.el4s1.7.x86_64.rpm
3e4add133b2839049c7c614e6d0493ef  php-common-5.1.6-3.el4s1.7.x86_64.rpm
3f2de3cb8ee513219729e81e9b48aa63  php-dba-5.1.6-3.el4s1.7.x86_64.rpm
af392615f54bca2b9fc6adb2809fe260  php-debuginfo-5.1.6-3.el4s1.7.x86_64.rpm
f0ed56a0318d9ec1365b788998a233ba  php-devel-5.1.6-3.el4s1.7.x86_64.rpm
abc77c1b1784056d72e5ae89eb59fe90  php-gd-5.1.6-3.el4s1.7.x86_64.rpm
06ee2cc7ce2b08416a659eb2a867ce14  php-imap-5.1.6-3.el4s1.7.x86_64.rpm
2c25134eb525881e7a8a39b43a487047  php-ldap-5.1.6-3.el4s1.7.x86_64.rpm
65dd7cbdd1d1b334a68f4cf3d635141d  php-mbstring-5.1.6-3.el4s1.7.x86_64.rpm
3fd0d1043e78812b94cac1f58702b962  php-mysql-5.1.6-3.el4s1.7.x86_64.rpm
053aa31c9b08961941d2caabf0ff60ae  php-ncurses-5.1.6-3.el4s1.7.x86_64.rpm
375b85042b2230e2f31f0f2a2e7bb876  php-odbc-5.1.6-3.el4s1.7.x86_64.rpm
2742c76965610103dd8cc7e205ca6daf  php-pdo-5.1.6-3.el4s1.7.x86_64.rpm
840782025f561ca1f19e52f97d4b0421  php-pgsql-5.1.6-3.el4s1.7.x86_64.rpm
6488e3f6f576291406db6354088b66e7  php-snmp-5.1.6-3.el4s1.7.x86_64.rpm
8b890ca36a773e03a1df121315bd9a82  php-soap-5.1.6-3.el4s1.7.x86_64.rpm
4594ad24bf279518288538dafb76b4c9  php-xml-5.1.6-3.el4s1.7.x86_64.rpm
db7b188cfc13891a2cf58250b4c118a8  php-xmlrpc-5.1.6-3.el4s1.7.x86_64.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/php-5.1.6-3.el4s1.7.src.rpm
cff9b05cdb9d99d8c3290475931ea9a7  php-5.1.6-3.el4s1.7.src.rpm

i386:
04367a352aa071fbed93cf3788f7fe6f  php-5.1.6-3.el4s1.7.i386.rpm
0db0392959cd799affd85dbfceec269e  php-bcmath-5.1.6-3.el4s1.7.i386.rpm
a810a48a8a9ad5016f4f50c69a311099  php-cli-5.1.6-3.el4s1.7.i386.rpm
fe8b49b9e79d710c133975e5056d069f  php-common-5.1.6-3.el4s1.7.i386.rpm
d71d3d49b1ea3991c3078c7a7799f6ee  php-dba-5.1.6-3.el4s1.7.i386.rpm
854d7952e23fae74baa43175b316244e  php-debuginfo-5.1.6-3.el4s1.7.i386.rpm
847357a3cdc3b2f71fdd6055dc8596e6  php-devel-5.1.6-3.el4s1.7.i386.rpm
fca2d8725c370539ce45578b4c1b46ec  php-gd-5.1.6-3.el4s1.7.i386.rpm
2b372a600032e9e5f15c85404c6f9bee  php-imap-5.1.6-3.el4s1.7.i386.rpm
5273a2328242f8bffae5d688e4faa4f4  php-ldap-5.1.6-3.el4s1.7.i386.rpm
4fed146b78166396ba55249659e2e9a2  php-mbstring-5.1.6-3.el4s1.7.i386.rpm
e8bda2b233e83b64ac65dd0ee1fbc38a  php-mysql-5.1.6-3.el4s1.7.i386.rpm
da4d850e7d8ab8a483a946fb840e63cd  php-ncurses-5.1.6-3.el4s1.7.i386.rpm
d027f436fe6b4a1ea992d740300ef0c1  php-odbc-5.1.6-3.el4s1.7.i386.rpm
966b8b90d0bdf8ea4a62b943255a768e  php-pdo-5.1.6-3.el4s1.7.i386.rpm
d05bfc8a816b6360f60b861dd935032c  php-pgsql-5.1.6-3.el4s1.7.i386.rpm
a68350514cfd237aec23ae80cc9e16f3  php-snmp-5.1.6-3.el4s1.7.i386.rpm
bd771df1a22fcfacafda52f16f1644d0  php-soap-5.1.6-3.el4s1.7.i386.rpm
5dc95397755aa44c4ef051ec0b8dbc3c  php-xml-5.1.6-3.el4s1.7.i386.rpm
ea58cf29c6254f96ce30cfbcd9c549e6  php-xmlrpc-5.1.6-3.el4s1.7.i386.rpm

x86_64:
742ecefe4b335801ccc2042e8856ac85  php-5.1.6-3.el4s1.7.x86_64.rpm
2660a29ec897fd657793ed4e5e8b0273  php-bcmath-5.1.6-3.el4s1.7.x86_64.rpm
f6da9c8cbb02cd031f98047459edcb30  php-cli-5.1.6-3.el4s1.7.x86_64.rpm
3e4add133b2839049c7c614e6d0493ef  php-common-5.1.6-3.el4s1.7.x86_64.rpm
3f2de3cb8ee513219729e81e9b48aa63  php-dba-5.1.6-3.el4s1.7.x86_64.rpm
af392615f54bca2b9fc6adb2809fe260  php-debuginfo-5.1.6-3.el4s1.7.x86_64.rpm
f0ed56a0318d9ec1365b788998a233ba  php-devel-5.1.6-3.el4s1.7.x86_64.rpm
abc77c1b1784056d72e5ae89eb59fe90  php-gd-5.1.6-3.el4s1.7.x86_64.rpm
06ee2cc7ce2b08416a659eb2a867ce14  php-imap-5.1.6-3.el4s1.7.x86_64.rpm
2c25134eb525881e7a8a39b43a487047  php-ldap-5.1.6-3.el4s1.7.x86_64.rpm
65dd7cbdd1d1b334a68f4cf3d635141d  php-mbstring-5.1.6-3.el4s1.7.x86_64.rpm
3fd0d1043e78812b94cac1f58702b962  php-mysql-5.1.6-3.el4s1.7.x86_64.rpm
053aa31c9b08961941d2caabf0ff60ae  php-ncurses-5.1.6-3.el4s1.7.x86_64.rpm
375b85042b2230e2f31f0f2a2e7bb876  php-odbc-5.1.6-3.el4s1.7.x86_64.rpm
2742c76965610103dd8cc7e205ca6daf  php-pdo-5.1.6-3.el4s1.7.x86_64.rpm
840782025f561ca1f19e52f97d4b0421  php-pgsql-5.1.6-3.el4s1.7.x86_64.rpm
6488e3f6f576291406db6354088b66e7  php-snmp-5.1.6-3.el4s1.7.x86_64.rpm
8b890ca36a773e03a1df121315bd9a82  php-soap-5.1.6-3.el4s1.7.x86_64.rpm
4594ad24bf279518288538dafb76b4c9  php-xml-5.1.6-3.el4s1.7.x86_64.rpm
db7b188cfc13891a2cf58250b4c118a8  php-xmlrpc-5.1.6-3.el4s1.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510
http://www.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFGQwtzXlSAg2UNWIIRAiQPAJsEdJKGqwGnkQQ7FCcopHAi5X2e/wCgxQJa
MvIDP4b2tMn+IrUKPYJOraw=
=ZD6B
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.