[SECURITY] Fedora Core 1 Test Update: php-4.3.8-1.1

Joe Orton jorton at redhat.com
Wed Jul 21 16:38:48 UTC 2004


---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2004-222
2004-07-19
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : php
Version     : 4.3.8                      
Release     : 1.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton at redhat.com> 4.3.8-1.1

- revert default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton at redhat.com> 4.3.8-1.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/1/

0c45a06751cf6c4bcc0fdb710b6c7ef7  SRPMS/php-4.3.8-1.1.src.rpm
0f1143b7f8fc21791647a2d6f3ee6e92  x86_64/php-4.3.8-1.1.x86_64.rpm
1d992aec373651a4cad6dec55c532bb4  x86_64/php-devel-4.3.8-1.1.x86_64.rpm
059b748fc67262e4576e2b0dea18475c  x86_64/php-imap-4.3.8-1.1.x86_64.rpm
35b655611b23069cc1c569920c8f52ec  x86_64/php-ldap-4.3.8-1.1.x86_64.rpm
cfc8842e2c641bfae26662cdc628bd8f  x86_64/php-mysql-4.3.8-1.1.x86_64.rpm
da6cddce4b88482a36a38f1805dc5814  x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm
36ca14ba8a50de914d6df123b28f4928  x86_64/php-odbc-4.3.8-1.1.x86_64.rpm
0363a2c1f63e113d7a9af631cf80e3bf  x86_64/php-snmp-4.3.8-1.1.x86_64.rpm
5da48fc607a77932a157d185fa36e080  x86_64/php-domxml-4.3.8-1.1.x86_64.rpm
3d77dbc80df30b0e6591bef9ae5b1795  x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm
da16785f27cdaf5a77042cdcdc91da3b  x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm
94142826e5cf4db098a27f5eae1f80e3  x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm
637e36f2bbbe389d165854f0f9bd244e  i386/php-4.3.8-1.1.i386.rpm
d93d6dbe3a16b0dd117732cb2c0278f5  i386/php-devel-4.3.8-1.1.i386.rpm
e7e0331dc514ca8e93b47362a131cfd7  i386/php-imap-4.3.8-1.1.i386.rpm
34c9cadbfd570ecadc49cd8b4c3294b3  i386/php-ldap-4.3.8-1.1.i386.rpm
9b780de94861221f8547677b4bacde59  i386/php-mysql-4.3.8-1.1.i386.rpm
3a2bf9ed30876725bbecae29410ca6ee  i386/php-pgsql-4.3.8-1.1.i386.rpm
565848d97d1d8be2cd4270d5de111c57  i386/php-odbc-4.3.8-1.1.i386.rpm
578af80d2ebeb60dc25df0df273b374d  i386/php-snmp-4.3.8-1.1.i386.rpm
3e873e19861b1e3ed0e6fe69d1a56e70  i386/php-domxml-4.3.8-1.1.i386.rpm
104f1e25f6547c6350cab8a7bc05607c  i386/php-xmlrpc-4.3.8-1.1.i386.rpm
aacc7825986260eb2a355bc8d190f3b0  i386/php-mbstring-4.3.8-1.1.i386.rpm
cc9a98da4c866ca5132e12dcd0f4badf  i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  You may 
need to edit your up2date channels configuration.  Within 
/etc/sysconfig/rhn/sources enable the following line: 
yum updates-testing http://fedora.redhat.com/updates/testing/fedora-core-1
---------------------------------------------------------------------





More information about the test mailing list