The Fedora Legacy Project

2012 年 11 月 14 日6090









---------------------------------------------------------------------



Fedora Legacy Update Advisory







Synopsis: Updated php packages fix security issues



Advisory ID: FLSA:155505



Issue date: 2005-07-10



Product: Red Hat Linux, Fedora Core



Keywords: Bugfix



CVE Names: CAN-2005-0524 CAN-2005-0525 CAN-2005-1042



CAN-2005-1043



---------------------------------------------------------------------











---------------------------------------------------------------------



1. Topic:







Updated php packages that fix various security issues are now available.







PHP is an HTML-embedded scripting language commonly used with 配置 Apache



HTTP Web server.







2. Relevant releases/architectures:







Red Hat Linux 7.3 - i386



Red Hat Linux 9 - i386



Fedora Core 1 - i386



Fedora Core 2 - i386







3. Problem description:







A bug was found in 配置 way PHP processes IFF and JPEG images. It is



possible to cause PHP to consume CPU resources for a short period of



time by supplying a carefully crafted IFF or JPEG image. The Common



Vulnerabilities and Exposures project (cve.mitre.org) has assigned 配置



names CAN-2005-0524 and CAN-2005-0525 to 配置se issues.







A buffer overflow bug was also found in 配置 way PHP processes EXIF image



headers. It is possible for an attacker to construct an image file in



such a way that it could execute arbitrary instructions when processed



by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org)



has assigned 配置 name CAN-2005-1042 to this issue.







A denial of service bug was found in 配置 way PHP processes EXIF image



headers. It is possible for an attacker to cause PHP to enter an



infinite loop for a short period of time by supplying a carefully



crafted image file to PHP for processing. The Common Vulnerabilities and



Exposures project (cve.mitre.org) has assigned 配置 name CAN-2005-1043 to



this issue.







The security fixes to 配置 "unserializer" code in 配置 previous release



introduced some performance issues. A bug fix for that issue is also



included in this update.







Users of PHP should upgrade to 配置se updated packages, which contain



backported fixes for 配置se issues.







4. Solution:







Before applying this update, make sure all previously released errata



relevant to your system have been applied.







To update all RPMs for your particular architecture, run:







rpm -Fvh [filenames]







where [filenames] is a list of 配置 RPMs you wish to upgrade. Only those



RPMs which are currently installed will be updated. Those RPMs which



are not installed but included in 配置 list will not be updated. Note



that you can also use wildcards (*.rpm) if your current directory *only*



contains 配置 desired RPMs.







Please note that this update is also available via yum and apt. Many



people find this an easier way to apply updates. To use yum issue:







yum update







or to use apt:







apt-get update; apt-get upgrade







This will start an interactive process that will result in 配置



appropriate RPMs being upgraded on your system. This assumes that you



have yum or apt-get configured for obtaining Fedora Legacy content.



Please visit http://http://www.zjjv.com///docs for directions on how to



configure yum and apt-get.







5. Bug IDs fixed:







https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505







6. RPMs required:







Red Hat Linux 7.3:







SRPM:



http://http://www.zjjv.com///redhat/7.3/updates/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm







i386:



Red Hat Linux 9:







SRPM:



http://http://www.zjjv.com///redhat/9/updates/SRPMS/php-4.2.2-17.14.legacy.src.rpm







i386:



Fedora Core 1:







SRPM:



http://http://www.zjjv.com///fedora/1/updates/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm







i386:



Fedora Core 2:







SRPM:



http://http://www.zjjv.com///fedora/2/updates/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm







i386:



7. Verification:







SHA1 sum Package Name



---------------------------------------------------------------------







422f8a972c62b1aa1d79e9f96cc39446852eb589



redhat/7.3/updates/i386/php-4.1.2-7.3.17.legacy.i386.rpm



7c6d48ebbfb96004baee8515ae9517dcf500f43c



redhat/7.3/updates/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm



8f1837ee66212ede899189e09edf25d903a7e133



redhat/7.3/updates/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm



79d4f45a887ce9df8232911f5aab6bf5bd77369d



redhat/7.3/updates/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm



63edb9b27730ad5c782484cf4757905140ece1c2



redhat/7.3/updates/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm



39b40cb4bae1374335cf7f82fbfa02501a4ed630



redhat/7.3/updates/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm



51d4baf10b3bc132ba9205aa6cd35615041c33bd



redhat/7.3/updates/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm



42a557e7f68f290a6cf21de4c2ad1f7fe97cf763



redhat/7.3/updates/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm



5753d915ad5d32c14cbbaea33a7f35a3b5b908d3



redhat/7.3/updates/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm



576f29104b946e3773d4c7b77de5b80a942a0678



redhat/7.3/updates/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm



bd793f717cca20745ab9c67cb6a7b4bcebe46d93



redhat/9/updates/i386/php-4.2.2-17.14.legacy.i386.rpm



8df50f63c5d3525a4359a72587c6b902d8a3325f



redhat/9/updates/i386/php-devel-4.2.2-17.14.legacy.i386.rpm



665060794635ded7a76eaccb46cd09ffd04900ea



redhat/9/updates/i386/php-imap-4.2.2-17.14.legacy.i386.rpm



8b34f184aba7260a8eac2708e12e906c877c10cd



redhat/9/updates/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm



1450f499aeac4db7d0d8c258b72d2f4c31747012



redhat/9/updates/i386/php-manual-4.2.2-17.14.legacy.i386.rpm



37cb28e9531af331954903f6b8df8509aa962a5c



redhat/9/updates/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm



aa0378307ef06cd7f3464e59f4153d11d1d372f5



redhat/9/updates/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm



00b4e55c27460abaa6d02019d7b40a73d5bdd913



redhat/9/updates/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm



8b9cf1cdafdf8f1afa9587c1f180d685632c1c65



redhat/9/updates/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm



7bf7cf164de61276adf952694ee7c7d2fb86ea2e



redhat/9/updates/SRPMS/php-4.2.2-17.14.legacy.src.rpm



ca0fa574e713f27e91548a2e3e4dc2e8b087ff47



fedora/1/updates/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm



53c419397f8f3f7625503afd8ab1a8ca0d65a197



fedora/1/updates/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm



72d65111cbaf7fb56ed879ee4278602e84868540



fedora/1/updates/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm



fe8216746096b3a6070d43659944c158df23d1a9



fedora/1/updates/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm



fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6



fedora/1/updates/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm



d36a8ac545d151a20817a95d441d221c36edcb74



fedora/1/updates/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm



f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03



fedora/1/updates/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm



a2a0944dfd1362ad186ab8b345d7e7ab32911a7a



fedora/1/updates/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm



4d4546fecefc879004ebbfc596cd109f4d144ba7



fedora/1/updates/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm



5d968e87611c5dce727a492f149b3583e1588e30



fedora/1/updates/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm



22a069541240a9ab4f9fe62887cd7ea45d961238



fedora/1/updates/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm



08203f404d05ab58128b8b12c8b5a8e5ac53b34e



fedora/1/updates/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm



b9f6accb0cdf84270147e80ec27e262936f5d125



fedora/2/updates/i386/php-4.3.11-1.fc2.2.legacy.i386.rpm



e4cedd230b3727daaa064222e5402a18a89b4aca



fedora/2/updates/i386/php-devel-4.3.11-1.fc2.2.legacy.i386.rpm



fdab268ba8d6eb59309f324a929fae08e1bb12b1



fedora/2/updates/i386/php-domxml-4.3.11-1.fc2.2.legacy.i386.rpm



960e1a97b673978778415aa2f2fcbf9a700b83da



fedora/2/updates/i386/php-imap-4.3.11-1.fc2.2.legacy.i386.rpm



e6a04924bbd016fdb470a8448beda47ee2b75e77



fedora/2/updates/i386/php-ldap-4.3.11-1.fc2.2.legacy.i386.rpm



019161cfaaa180f0fcb98a4d48a296d99ecca5b3



fedora/2/updates/i386/php-mbstring-4.3.11-1.fc2.2.legacy.i386.rpm



9252cfa6c6485a0b803e9483e1f43eb2624b1826



fedora/2/updates/i386/php-mysql-4.3.11-1.fc2.2.legacy.i386.rpm



48c8743b590cc176cc3497f2c9225e402ec03b67



fedora/2/updates/i386/php-odbc-4.3.11-1.fc2.2.legacy.i386.rpm



814fcfe1d33f6eea65b5bcd88ba6e54e2da3062a



fedora/2/updates/i386/php-pear-4.3.11-1.fc2.2.legacy.i386.rpm



d20c34df03bf67028f9ded420310b75a66c1db1d



fedora/2/updates/i386/php-pgsql-4.3.11-1.fc2.2.legacy.i386.rpm



d84ff3766026e802f9a815b8c599c19bfbeaaefa



fedora/2/updates/i386/php-snmp-4.3.11-1.fc2.2.legacy.i386.rpm



7792c85444679beab3a0bdc56e2d4666dcb9c963



fedora/2/updates/i386/php-xmlrpc-4.3.11-1.fc2.2.legacy.i386.rpm



0772ba5bc711edf55fcfe34b368881cc5ec09ed0



fedora/2/updates/SRPMS/php-4.3.11-1.fc2.2.legacy.src.rpm







These packages are GPG signed by Fedora Legacy for security. Our key is



available from http://http://www.zjjv.com///about/security.php







You can verify each package with 配置 following command:







rpm --checksig -v <filename>







If you only wish to verify that each package has not been corrupted or



tampered with, examine only 配置 sha1sum with 配置 following command:







sha1sum <filename>







8. References:



9. Contact:







The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More



project details at http://http://www.zjjv.com//







---------------------------------------------------------------------







0 0