Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[RHSA-2009:0350-01] Moderate: php security update

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

=====================================================================

Red Hat Security Advisory

 

Synopsis: Moderate: php security update

Advisory ID: RHSA-2009:0350-01

Product: Red Hat Application Stack

Advisory URL: https://rhn.redhat.com/errata/RHSA-2009-0350.html

Issue date: 2009-04-14

CVE Names: CVE-2008-3658 CVE-2008-3660 CVE-2008-5498

CVE-2008-5557 CVE-2008-5658 CVE-2008-5814

CVE-2009-0754 CVE-2009-1271

=====================================================================

 

1. Summary:

 

Updated php packages that fix several security issues are now available for

Red Hat Application Stack v2.

 

This update has been rated as having moderate security impact by the Red

Hat Security Response Team.

 

2. Relevant releases/architectures:

 

Red Hat Application Stack v2 for Enterprise Linux (v.5) - i386, x86_64

 

3. Description:

 

PHP is an HTML-embedded scripting language commonly used with the Apache

HTTP Web server.

 

A heap-based buffer overflow flaw was found in PHP's mbstring extension. A

remote attacker able to pass arbitrary input to a PHP script using mbstring

conversion functions could cause the PHP interpreter to crash or, possibly,

execute arbitrary code. (CVE-2008-5557)

 

A flaw was found in the handling of the "mbstring.func_overload"

configuration setting. A value set for one virtual host, or in a user's

.htaccess file, was incorrectly applied to other virtual hosts on the same

server, causing the handling of multibyte character strings to not work

correctly. (CVE-2009-0754)

 

A directory traversal flaw was found in PHP's ZipArchive::extractTo

function. If PHP is used to extract a malicious ZIP archive, it could allow

an attacker to write arbitrary files anywhere the PHP process has write

permissions. (CVE-2008-5658)

 

A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP

script allowed a remote attacker to load a carefully crafted font file, it

could cause the PHP interpreter to crash or, possibly, execute arbitrary

code. (CVE-2008-3658)

 

A flaw was found in the way PHP handled certain file extensions when

running in FastCGI mode. If the PHP interpreter was being executed via

FastCGI, a remote attacker could create a request which would cause the PHP

interpreter to crash. (CVE-2008-3660)

 

A memory disclosure flaw was found in the PHP gd extension's imagerotate

function. A remote attacker able to pass arbitrary values as the

"background color" argument of the function could, possibly, view portions

of the PHP interpreter's memory. (CVE-2008-5498)

 

A cross-site scripting flaw was found in a way PHP reported errors for

invalid cookies. If the PHP interpreter had "display_errors" enabled, a

remote attacker able to set a specially-crafted cookie on a victim's system

could possibly inject arbitrary HTML into an error message generated by

PHP. (CVE-2008-5814)

 

A flaw was found in PHP's json_decode function. A remote attacker could use

this flaw to create a specially-crafted string which could cause the PHP

interpreter to crash while being decoded in a PHP script. (CVE-2009-1271)

 

All php users are advised to upgrade to these updated packages, which

contain backported patches to resolve these issues. The httpd web server

must be restarted for the changes to take effect.

 

4. Solution:

 

Before applying this update, make sure that all previously-released errata

relevant to your system have been applied.

 

This update is available via Red Hat Network. Details on how to use the Red

Hat Network to apply this update are available at

http://kbase.redhat.com/faq/docs/DOC-11259

 

5. Bugs fixed (http://bugzilla.redhat.com/):

 

459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension

459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension

474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability

478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure

478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)

479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service

480167 - CVE-2008-5814 php: XSS via PHP error messages

494530 - CVE-2009-1271 php: crash on malformed input in json_decode()

 

6. Package List:

 

Red Hat Application Stack v2 for Enterprise Linux (v.5):

 

Source:

ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/php-5.2.6-4.el5s2.src.rpm

 

i386:

php-5.2.6-4.el5s2.i386.rpm

php-bcmath-5.2.6-4.el5s2.i386.rpm

php-cli-5.2.6-4.el5s2.i386.rpm

php-common-5.2.6-4.el5s2.i386.rpm

php-dba-5.2.6-4.el5s2.i386.rpm

php-debuginfo-5.2.6-4.el5s2.i386.rpm

php-devel-5.2.6-4.el5s2.i386.rpm

php-gd-5.2.6-4.el5s2.i386.rpm

php-imap-5.2.6-4.el5s2.i386.rpm

php-ldap-5.2.6-4.el5s2.i386.rpm

php-mbstring-5.2.6-4.el5s2.i386.rpm

php-mysql-5.2.6-4.el5s2.i386.rpm

php-ncurses-5.2.6-4.el5s2.i386.rpm

php-odbc-5.2.6-4.el5s2.i386.rpm

php-pdo-5.2.6-4.el5s2.i386.rpm

php-pgsql-5.2.6-4.el5s2.i386.rpm

php-snmp-5.2.6-4.el5s2.i386.rpm

php-soap-5.2.6-4.el5s2.i386.rpm

php-xml-5.2.6-4.el5s2.i386.rpm

php-xmlrpc-5.2.6-4.el5s2.i386.rpm

 

x86_64:

php-5.2.6-4.el5s2.x86_64.rpm

php-bcmath-5.2.6-4.el5s2.x86_64.rpm

php-cli-5.2.6-4.el5s2.x86_64.rpm

php-common-5.2.6-4.el5s2.x86_64.rpm

php-dba-5.2.6-4.el5s2.x86_64.rpm

php-debuginfo-5.2.6-4.el5s2.x86_64.rpm

php-devel-5.2.6-4.el5s2.x86_64.rpm

php-gd-5.2.6-4.el5s2.x86_64.rpm

php-imap-5.2.6-4.el5s2.x86_64.rpm

php-ldap-5.2.6-4.el5s2.x86_64.rpm

php-mbstring-5.2.6-4.el5s2.x86_64.rpm

php-mysql-5.2.6-4.el5s2.x86_64.rpm

php-ncurses-5.2.6-4.el5s2.x86_64.rpm

php-odbc-5.2.6-4.el5s2.x86_64.rpm

php-pdo-5.2.6-4.el5s2.x86_64.rpm

php-pgsql-5.2.6-4.el5s2.x86_64.rpm

php-snmp-5.2.6-4.el5s2.x86_64.rpm

php-soap-5.2.6-4.el5s2.x86_64.rpm

php-xml-5.2.6-4.el5s2.x86_64.rpm

php-xmlrpc-5.2.6-4.el5s2.x86_64.rpm

 

These packages are GPG signed by Red Hat for security. Our key and

details on how to verify the signature are available from

https://www.redhat.com/security/team/key/#package

 

7. References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3658

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5557

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5658

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5814

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0754

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1271

http://www.redhat.com/security/updates/classification/#moderate

 

8. Contact:

 

The Red Hat security contact is . More contact

details at https://www.redhat.com/security/team/contact/

 

Copyright 2009 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.4 (GNU/Linux)

 

iD8DBQFJ5NAgXlSAg2UNWIIRAtJhAKCCKdjXCXkz0PeZUk5q0S3rsSf53gCfc/vm

fj9YjQ5kUoICJShHZQfaHY8=

=eevn

-----END PGP SIGNATURE-----

 

 

--

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×