--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155505 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505 2005-05-02 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.17.legacy Versions : rh9: php-4.2.2-17.14.legacy Versions : fc1: php-4.3.11-1.fc1.1.legacy Versions : fc2: php-4.3.11-1.fc2.1.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated PHP packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. The security fixes to the "unserializer" code in the previous release introduced some performance issues. A bug fix for that issue is also included in this update. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun Apr 24 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.2-7.3.17.legacy - Added security patch for CAN-2005-0524 and CAN-2005-0525 9 changelog: * Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.14.legacy - Updated CAN-2004-1019 security patch to backported unserializer from 4.3.11 to fix performance regressions * Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.13.legacy - Added security patches for CAN-2005-0524, CAN-2005-0525, CAN-2005-1042 and CAN-2005-1043 fc1 changelog: * Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc1.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) - Removed LDAP patch which is now included in 4.3.11 fc2 changelog: * Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc2.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 422f8a972c62b1aa1d79e9f96cc39446852eb589 redhat/7.3/updates-testing/i386/php-4.1.2-7.3.17.legacy.i386.rpm 7c6d48ebbfb96004baee8515ae9517dcf500f43c redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm 8f1837ee66212ede899189e09edf25d903a7e133 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm 79d4f45a887ce9df8232911f5aab6bf5bd77369d redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm 63edb9b27730ad5c782484cf4757905140ece1c2 redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm 39b40cb4bae1374335cf7f82fbfa02501a4ed630 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm 51d4baf10b3bc132ba9205aa6cd35615041c33bd redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm 42a557e7f68f290a6cf21de4c2ad1f7fe97cf763 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm 5753d915ad5d32c14cbbaea33a7f35a3b5b908d3 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm 576f29104b946e3773d4c7b77de5b80a942a0678 redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm bd793f717cca20745ab9c67cb6a7b4bcebe46d93 redhat/9/updates-testing/i386/php-4.2.2-17.14.legacy.i386.rpm 8df50f63c5d3525a4359a72587c6b902d8a3325f redhat/9/updates-testing/i386/php-devel-4.2.2-17.14.legacy.i386.rpm 665060794635ded7a76eaccb46cd09ffd04900ea redhat/9/updates-testing/i386/php-imap-4.2.2-17.14.legacy.i386.rpm 8b34f184aba7260a8eac2708e12e906c877c10cd redhat/9/updates-testing/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm 1450f499aeac4db7d0d8c258b72d2f4c31747012 redhat/9/updates-testing/i386/php-manual-4.2.2-17.14.legacy.i386.rpm 37cb28e9531af331954903f6b8df8509aa962a5c redhat/9/updates-testing/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm aa0378307ef06cd7f3464e59f4153d11d1d372f5 redhat/9/updates-testing/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm 00b4e55c27460abaa6d02019d7b40a73d5bdd913 redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm 8b9cf1cdafdf8f1afa9587c1f180d685632c1c65 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm 7bf7cf164de61276adf952694ee7c7d2fb86ea2e redhat/9/updates-testing/SRPMS/php-4.2.2-17.14.legacy.src.rpm ca0fa574e713f27e91548a2e3e4dc2e8b087ff47 fedora/1/updates-testing/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm 53c419397f8f3f7625503afd8ab1a8ca0d65a197 fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm 72d65111cbaf7fb56ed879ee4278602e84868540 fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm fe8216746096b3a6070d43659944c158df23d1a9 fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6 fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm d36a8ac545d151a20817a95d441d221c36edcb74 fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03 fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm a2a0944dfd1362ad186ab8b345d7e7ab32911a7a fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm 4d4546fecefc879004ebbfc596cd109f4d144ba7 fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm 5d968e87611c5dce727a492f149b3583e1588e30 fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm 22a069541240a9ab4f9fe62887cd7ea45d961238 fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm 08203f404d05ab58128b8b12c8b5a8e5ac53b34e fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm cf87d547555b25bec6bdbbacaed09bf59116462a fedora/2/updates-testing/i386/php-4.3.11-1.fc2.1.legacy.i386.rpm 8d0e85bb8608c0aaa67c0cd93fad51918504dca1 fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.1.legacy.i386.rpm c34306f2c178aca2d40a2fb02ab92951481d7965 fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.1.legacy.i386.rpm d67efa4111be3ab2c11556981f3e21ef035c6bf2 fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.1.legacy.i386.rpm 6a838167ef82524e12cea8ec4b663bfa463be127 fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.1.legacy.i386.rpm c15e35d8dd28b9092e857146cb971649e1e6e2d3 fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.1.legacy.i386.rpm 8b8efb2dbf87e833c45fd18969eccfd82e6c0af0 fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.1.legacy.i386.rpm 68d579b5386545f37ef5f7ba9ad74b556b952b20 fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.1.legacy.i386.rpm efcf302bcaf1fbddd592140b8ed1401629654df7 fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.1.legacy.i386.rpm 620540f63830340a425943cc2ca6b4ca20853e07 fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.1.legacy.i386.rpm 212356f439acd229b7fd7ba82c9dab2acae06620 fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.1.legacy.i386.rpm a181288b9b5994b9334c3b7204d43f3e0a65e7d4 fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.1.legacy.i386.rpm ae4b48eb0ff02f4577b1d42facd0821279b11510 fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.1.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
