rPath Security Advisory: 2007-0221-1 Published: 2007-10-24 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=conary.rpath.com@rpl:1/4.3.11-15.15-1 php-mysql=conary.rpath.com@rpl:1/4.3.11-15.15-1 php-pgsql=conary.rpath.com@rpl:1/4.3.11-15.15-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-1693 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3997 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3998 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4658 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4659 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4662 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4663 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4670 Description: Previous versions of the php package are vulnerable to many attacks, the worst of which enable various remote attackers to run arbitrary code as the "apache" user. These vulnerabilities are exposed by a wide variety of applications written in the PHP language. http://wiki.rpath.com/Advisories:rPSA-2007-0221 Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html