--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-163559 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163559 2005-07-27 --------------------------------------------------------------------- Name : php Versions : fc1: php-4.3.11-1.fc1.2.legacy Versions : fc2: php-4.3.11-1.fc2.3.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated PHP packages that fix two security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was discovered in the PEAR XML-RPC Server package included in PHP. If a PHP script is used which implements an XML-RPC Server using the PEAR XML-RPC package, then it is possible for a remote attacker to construct an XML-RPC request which can cause PHP to execute arbitrary PHP commands as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1921 to this issue. A race condition in temporary file handling was discovered in the shtool script installed by PHP. If a third-party PHP module which uses shtool was compiled as root, a local user may be able to modify arbitrary files. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1751 to this issue. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. --------------------------------------------------------------------- fc1 changelog: * Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc1.2.legacy - add security fixes: * shtool temp file handling (CAN-2005-1751) * XML_RPC command injection (Stefan Esser, CAN-2005-1921) fc2 changelog: * Tue Jul 26 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc2.3.legacy - add security fixes: * shtool temp file handling (CAN-2005-1751) * XML_RPC command injection (Stefan Esser, CAN-2005-1921) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 171656872d0f5824fcb30fcef4309d7fa012d9c5 fedora/1/updates-testing/i386/php-4.3.11-1.fc1.2.legacy.i386.rpm 04f3e47079d7a5240806b4fb26a5d5f1786e838e fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.2.legacy.i386.rpm b53f067e610d6f312403a30c8ba702d377bad46a fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.2.legacy.i386.rpm 45a976dde09647657d1db340598ca25403f3875c fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.2.legacy.i386.rpm cabf9c604343977f0ff2db609e8ed9a85828dce1 fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.2.legacy.i386.rpm 0c31e1138c74bd508c298b547372a7cdf621e8ec fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.2.legacy.i386.rpm 17f9d2c41ae2762eb9d6f4910cfd86f992b96871 fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.2.legacy.i386.rpm 2452bc637bf072d2906e9267a86fae65de4b580e fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.2.legacy.i386.rpm 483e46c97dce391ec770b7095ce26eb929179b3a fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.2.legacy.i386.rpm f30e91737a2003f853ef783464a735718a3396bf fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.2.legacy.i386.rpm e36b3e123516ad54651eb32cfd91af219769f19a fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.2.legacy.i386.rpm 56e68f7e47d59ba10dfef0f6b34ac203b88e80ae fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.2.legacy.src.rpm cf09a945e599887705e6b3cd0ff31bd6ae5c016c fedora/2/updates-testing/i386/php-4.3.11-1.fc2.3.legacy.i386.rpm 42d388c0b0245b68809e9d26f38ba45c42065d7c fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.3.legacy.i386.rpm 9a8c40612bc6ae96b8aace4763b3302bfe88f4ac fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.3.legacy.i386.rpm 0bf81586c0794af8baba6dc407df1894ce5143a5 fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.3.legacy.i386.rpm acf5d4c20689f1de12ca3c00758fd7b9fb10be45 fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.3.legacy.i386.rpm 28698222a4268b9748e2ec22418f030ce8ad68d4 fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.3.legacy.i386.rpm fd9a5a444b8170277bbb94edf2c5cbb2d0b0a0e1 fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.3.legacy.i386.rpm fcdb53ff36392e98eb8695e3a3a6d7aef382ad18 fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.3.legacy.i386.rpm 778c9b93507a5977ab00f479d6a55ef62e360f0b fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.3.legacy.i386.rpm 29cf0cad08a2735ac26226a2012b8b91f63ca7ba fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.3.legacy.i386.rpm 81fca59193d5d2ee72f6960ee8887f82c036f02d fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.3.legacy.i386.rpm ef0ab724d7228333d416effbc5f1da250db68fe8 fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.3.legacy.i386.rpm 761cd56c659e8c8fa83cdde3a695a1113bf8c2b5 fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.3.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
