| Description: | Description:
The remote host is missing updates announced in
advisory RHSA-2005:406.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of time
by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CVE-2005-0524 and CVE-2005-0525 to these issues.
A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in such
a way it could execute arbitrary instructions when processed by PHP. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-1042 to this issue.
A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an infinite
loop for a short period of time by supplying a carefully crafted image file
to PHP for processing. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-1043 to this issue.
Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.
Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
http://rhn.redhat.com/errata/RHSA-2005-406.html
Risk factor : High
CVSS Score:
7.5
|
