--------------------------------------------------------------------- Fedora Test Update Notification FEDORA-2006-1024 2006-10-16 --------------------------------------------------------------------- Product : Fedora Core 5 Name : php Version : 5.1.6 Release : 1.1 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: This update includes the latest upstream release of PHP 5.1, version 5.1.6, fixing a number of security vulnerabilities, and other bugs. An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020) An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482) A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484) A buffer overread was discovered in the PHP stripos() function. If a script used the stripos() function with untrusted user data, PHP may read past the end of a buffer, which could allow a denial of service attack by a remote user. (CVE-2006-4485) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486) --------------------------------------------------------------------- * Fri Oct 6 2006 Joe Orton <jorton@xxxxxxxxxx> 5.1.6-1.1 - update to 5.1.6 (#201767, #204995) - add fix for upstream #38801 - add security fix for CVE-2006-4812 - drop Obsoletes for mod_php (#194590) - add php-pdo-abi versioning (#193202) - move php{-config,ize} man pages to -devel (#199382) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/ 4eca3bc8983541fafbc79359a5b3fd49bcdec4dc SRPMS/php-5.1.6-1.1.src.rpm 4eca3bc8983541fafbc79359a5b3fd49bcdec4dc noarch/php-5.1.6-1.1.src.rpm 2d7f66434878b0fb93e19bae954c5e7117073453 ppc/php-snmp-5.1.6-1.1.ppc.rpm 3b2a372f06140058082ea81de82ce3dbfef10416 ppc/php-dba-5.1.6-1.1.ppc.rpm 5044c7f18fc37cc5bbb635d500870c728ab8b308 ppc/php-mbstring-5.1.6-1.1.ppc.rpm de536f26c94a82260abfa1c33e70a957f02c0430 ppc/debug/php-debuginfo-5.1.6-1.1.ppc.rpm eccf15a035963392e128299ef21d1669ec091146 ppc/php-imap-5.1.6-1.1.ppc.rpm 963bd985876406fcbe7604b51ad17b386a4afa15 ppc/php-soap-5.1.6-1.1.ppc.rpm b1646b59af9b2607798ed133c4c8931d6af3bbfe ppc/php-ldap-5.1.6-1.1.ppc.rpm 2f4cda7f4fb0466ab9ddc7c2da1aee656d320f93 ppc/php-bcmath-5.1.6-1.1.ppc.rpm d517d98de259ff837dec00679651f2dfb62d447b ppc/php-pdo-5.1.6-1.1.ppc.rpm 060dc9f9e3a25480a5206df804542a80aa1a2def ppc/php-xml-5.1.6-1.1.ppc.rpm 92fc80410fdb33a4b7256794ba9eaca0baaccf5c ppc/php-mysql-5.1.6-1.1.ppc.rpm e49b318a848afb9b5dfe9a98736b6da66db8c288 ppc/php-pgsql-5.1.6-1.1.ppc.rpm ec4b1deb8d94d7211cccbe0ee707ddfc7d241418 ppc/php-5.1.6-1.1.ppc.rpm f940e3d06c820150b6b8093758e00d4596dc1e2f ppc/php-odbc-5.1.6-1.1.ppc.rpm 1f3cef4cfdc52b1134626a23a28cc337be014afd ppc/php-devel-5.1.6-1.1.ppc.rpm ea6d1dc7bd055dfc571717eb34f6dd9096bf3902 ppc/php-xmlrpc-5.1.6-1.1.ppc.rpm fb493da5f89a534ed7bbcc5b38fbf3963d8f1b8f ppc/php-gd-5.1.6-1.1.ppc.rpm bde09ad5abb28c94cf28e68804a9c473f9d1e6c8 ppc/php-ncurses-5.1.6-1.1.ppc.rpm 34598eb8ec68d82b18de31845ef0a275be8ffd0f x86_64/php-snmp-5.1.6-1.1.x86_64.rpm 2d4d5a54da429bf5082e2851e0a91282cf0e5e10 x86_64/php-mbstring-5.1.6-1.1.x86_64.rpm 525e112952c1ba9a0b5fddfa3fa1106208c91307 x86_64/php-ncurses-5.1.6-1.1.x86_64.rpm b34b46b0742b0a915bbc92056f909042eac18dd7 x86_64/php-ldap-5.1.6-1.1.x86_64.rpm b5991136d2e2a31823a3eb1b741221757b5f085e x86_64/php-xmlrpc-5.1.6-1.1.x86_64.rpm cf9b90f2b007b23a5dd4a2d6fd6ff4a9bc3ff448 x86_64/php-pdo-5.1.6-1.1.x86_64.rpm 68906f8929d0321d4335a602cb41e6c2ae984133 x86_64/debug/php-debuginfo-5.1.6-1.1.x86_64.rpm c2c4b350fd84d01f995c93db9ebe33670ea24627 x86_64/php-xml-5.1.6-1.1.x86_64.rpm 1d5a7185da399ee17a1d8d6f4afb5962a99a7b52 x86_64/php-soap-5.1.6-1.1.x86_64.rpm f3f83ab4e175afae424223940c2117c1e07d36b1 x86_64/php-devel-5.1.6-1.1.x86_64.rpm d7eacea3e6947ddc507dd93ec6c617719d45cdad x86_64/php-dba-5.1.6-1.1.x86_64.rpm 944997564e56fbda9b382d88cd4b2aa055773ff9 x86_64/php-imap-5.1.6-1.1.x86_64.rpm 8402313961807beaa77fb22bce202e6a1435c647 x86_64/php-mysql-5.1.6-1.1.x86_64.rpm 89f4da4180aa47de52e5743eaec299facefe0d99 x86_64/php-pgsql-5.1.6-1.1.x86_64.rpm d9a30f77f49dd67334f62c72f364ad24763c60b4 x86_64/php-gd-5.1.6-1.1.x86_64.rpm b9a31dab15f69667d8c9e12253df975922af2fd9 x86_64/php-bcmath-5.1.6-1.1.x86_64.rpm ce4cb360f2fe17563ccc4ffc2b5e606161d8412d x86_64/php-5.1.6-1.1.x86_64.rpm 49d9f578a257da0a37115c869e32ff5649409004 x86_64/php-odbc-5.1.6-1.1.x86_64.rpm 3b330370a8b2bf410f4de4c6c99bb2914430267b i386/php-mysql-5.1.6-1.1.i386.rpm 9a955299cfb3cf37b7f1fc58aa28c90a2ff4fcb3 i386/php-imap-5.1.6-1.1.i386.rpm f4c790beabaa2cd5e9d8677157eedd0a168b2f55 i386/php-odbc-5.1.6-1.1.i386.rpm 4785a3ab2e506cd81dff187482bc1cc858265a67 i386/php-snmp-5.1.6-1.1.i386.rpm bff95f6fdc52b1b74391baef2be0f2bdb5e8a2df i386/php-ncurses-5.1.6-1.1.i386.rpm 454bb64aaebf1f2eeccc9a3bd0317f07d8276bb6 i386/debug/php-debuginfo-5.1.6-1.1.i386.rpm 401c724ed2f3bd40feb85853f1240e57d100a521 i386/php-ldap-5.1.6-1.1.i386.rpm 44711c7bf1a43b87d5f331799550eaf004f62649 i386/php-gd-5.1.6-1.1.i386.rpm 368d1a6835e0566d6767fa1197198cf1c3634104 i386/php-xmlrpc-5.1.6-1.1.i386.rpm df677e32acf114296b99d8bafad7ad47cfc6aab0 i386/php-pgsql-5.1.6-1.1.i386.rpm f2b2710a5eea7e445ba8486e37a19b6251f5b1c4 i386/php-devel-5.1.6-1.1.i386.rpm b43f2d6fcf7e923631791d51fd1a36b56d120eae i386/php-dba-5.1.6-1.1.i386.rpm 080b6146f635f13a0e6f0479df5e893c51b0b9cd i386/php-bcmath-5.1.6-1.1.i386.rpm a6748d5ac333a9da3bf36760490441db91078554 i386/php-soap-5.1.6-1.1.i386.rpm 36c0d193bc5fd71cb6a738ff889f5483e732b68b i386/php-mbstring-5.1.6-1.1.i386.rpm 862a5388d05229f6e52035e360490c59fa760305 i386/php-5.1.6-1.1.i386.rpm 882d29ba4d935b8bb32081d8e0329960589a15a8 i386/php-pdo-5.1.6-1.1.i386.rpm 3a78898f30e22c02b88f54938cbcf9921c13d786 i386/php-xml-5.1.6-1.1.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list