-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2004-1868 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=1868 2004-09-29 - --------------------------------------------------------------------- Name : php Versions : 7.3: 4.1.2-7.3.9.legacy, 9: 4.2.2-17.5.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. - --------------------------------------------------------------------- Update Information: Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue. This issue has a higher risk when PHP is running on an instance of Apache which is vulnerable to CAN-2004-0493. It may also be possible to exploit this issue if using a non-default PHP configuration with the "register_defaults" setting is changed to "On". Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. - --------------------------------------------------------------------- 7.3 changelog: * Sun Aug 01 2004 John Dalbec <jpdalbec@xxxxxxx> 4.1.2-7.3.9.legacy - - Added missing BuildRequires: flex mm-devel libtool * Mon Jul 26 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.2-7.3.8.legacy - - Added better security fix for CAN-2004-0594 - - Added fixes for various compiler warnings * Thu Jul 15 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.2-7.3.7.legacy - - Added security fix for CAN-2004-0594 - - Added security fix for CAN-2004-0595 - - Added a few more fixes - - Added imap-devel BuildRequires 9 changelog: * Tue Sep 28 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.5.legacy - - Added flex and libtool to BuildRequires * Mon Jul 26 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.4.legacy - - Added better security fix for CAN-2004-0594 * Thu Jul 15 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.3.legacy - - Added security fix for CAN-2004-0594 - - Added security fix for CAN-2004-0595 - - Added a few more fixes - --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/redhat/ (sha1sums) 384ee0d9afcac322cc2fd0597af0a8a9b8fa700c 7.3/updates-testing/i386/php-4.1.2-7.3.9.legacy.i386.rpm d47cd648c2b969b425af28654c5b6e1acc9161ed 7.3/updates-testing/i386/php-devel-4.1.2-7.3.9.legacy.i386.rpm 637b17298eafb570399bd3128db0c1e222f93f18 7.3/updates-testing/i386/php-imap-4.1.2-7.3.9.legacy.i386.rpm 26bff2604c3899cfcc3d34e119e5f293878ba50f 7.3/updates-testing/i386/php-ldap-4.1.2-7.3.9.legacy.i386.rpm ea9c70f1970de5ca0b379b21ce28c0dbc4f048c0 7.3/updates-testing/i386/php-manual-4.1.2-7.3.9.legacy.i386.rpm 1179a9c43339097cd0c3f7dbfee4995e2853a105 7.3/updates-testing/i386/php-mysql-4.1.2-7.3.9.legacy.i386.rpm efd4323aff5c81817be4fc0a0a32a1e9c05c50c7 7.3/updates-testing/i386/php-odbc-4.1.2-7.3.9.legacy.i386.rpm f0cc7d94a1ea5422d3950975f8b75476ddb3ed70 7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.9.legacy.i386.rpm 666175913adda7b584821fe9fef7bfd20bf36e3d 7.3/updates-testing/i386/php-snmp-4.1.2-7.3.9.legacy.i386.rpm 73eb5523a60a920cca612021eb7cc73bd487e319 7.3/updates-testing/SRPMS/php-4.1.2-7.3.9.legacy.src.rpm 36beb0117341d9dae1d195195620a02f1802ab52 9/updates-testing/i386/php-4.2.2-17.5.legacy.i386.rpm d251cb7331596c4d634f1594a39feb688278847a 9/updates-testing/i386/php-devel-4.2.2-17.5.legacy.i386.rpm 34bcc424439e2e8d260bb50c27d2dea26e664ef6 9/updates-testing/i386/php-imap-4.2.2-17.5.legacy.i386.rpm c1f15969980ac1911bb84d6744c2cfcdad296746 9/updates-testing/i386/php-ldap-4.2.2-17.5.legacy.i386.rpm ca252f411e06436c9578a3357cb8b6630a9cc85e 9/updates-testing/i386/php-manual-4.2.2-17.5.legacy.i386.rpm af4fea6f8e5321dc176061e7dbf32280f83a02d5 9/updates-testing/i386/php-mysql-4.2.2-17.5.legacy.i386.rpm 81e8b1e2b55906710eb64413a17b5b9a5d3e9be7 9/updates-testing/i386/php-odbc-4.2.2-17.5.legacy.i386.rpm 83546545b3af70aee72ba0da9196ad37cb872ead 9/updates-testing/i386/php-pgsql-4.2.2-17.5.legacy.i386.rpm d39845815418f09ff9b842dcb7e193a7cdd1736c 9/updates-testing/i386/php-snmp-4.2.2-17.5.legacy.i386.rpm fb8475b2292b5b84785b322773c723b5dc9a9eed 9/updates-testing/SRPMS/php-4.2.2-17.5.legacy.src.rpm - --------------------------------------------------------------------- Please test and comment in bugzilla. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBWovvLMAs/0C4zNoRAvRLAJ929em8OuLde4sIAGH9oG24QfqAcwCfQJ7J e+vAJSWmo4Q5z2/SELxnVTI= =hR+G -----END PGP SIGNATURE----- -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
