[SECURITY] Fedora Core 5 Test Update: php-5.1.4-1

Joseph Orton jorton at redhat.com
Mon May 8 18:33:47 UTC 2006 

---------------------------------------------------------------------
Fedora Test Update Notification
FEDORA-2006-289
2006-05-08
---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : php
Version     : 5.1.4                      
Release     : 1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 5, version
5.1.4.  This release includes fixes for several security
issues and many bug fixes.

The phpinfo() PHP function did not properly sanitize long
strings. An attacker could use this to perform cross-site
scripting attacks against sites that have publicly-available
PHP scripts that call phpinfo(). (CVE-2006-0996)

The html_entity_decode() PHP function was found to not be
binary safe. An attacker could use this flaw to disclose a
certain part of the memory. In order for this issue to be
exploitable the target site would need to have a PHP script
which called the "html_entity_decode()" function with
untrusted input from the user and displayed the result.
(CVE-2006-1490)

---------------------------------------------------------------------
* Mon May  8 2006 Joe Orton <jorton at redhat.com> 5.1.4-1
- update to 5.1.4
* Thu May  4 2006 Joe Orton <jorton at redhat.com> 5.1.3-1
- update to 5.1.3
- provide mod_php = V-R (#187891)
- mark php.ini noreplace (#174251)
* Wed Apr 19 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.3
- add security fixes from upstream:
 * phpinfo() XSS with long input (CVE-2006-0996)
 * binary safeness in html_decode (CVE-2006-1490)
* Fri Apr  7 2006 Joe Orton <jorton at redhat.com> 5.1.2-5.1
- fix use of LDAP on 64-bit platforms (#181518)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/testing/5/

89d5a66d1469746965e2542113519f781e14caba  SRPMS/php-5.1.4-1.src.rpm
0e8d1bb0e8d6b033414c9b727662a56282872033  ppc/php-5.1.4-1.ppc.rpm
71a20009feabb6ab87a05110b770fae0f5dbaa59  ppc/php-devel-5.1.4-1.ppc.rpm
b64ce32b4acb9af734b74dcd71df7b1be8af1abb  ppc/php-imap-5.1.4-1.ppc.rpm
980a4edc61749b2db68b2d326f82a251c51d2762  ppc/php-ldap-5.1.4-1.ppc.rpm
93292110ddeff26846e4f176b2e4d2e5c966728b  ppc/php-pdo-5.1.4-1.ppc.rpm
7c0650cbfccb9d3387065609c4964a46bf1e8c52  ppc/php-mysql-5.1.4-1.ppc.rpm
94adb4a8d48e95d9ea389afdbfaa1044275ccd39  ppc/php-pgsql-5.1.4-1.ppc.rpm
830866ca1328be9550c98b8ed51a230b0b378842  ppc/php-odbc-5.1.4-1.ppc.rpm
1f037a54544051f05d42090e308a5b29dbf76223  ppc/php-soap-5.1.4-1.ppc.rpm
4182291faa5cfe35ed43f54fe3d9060110db535d  ppc/php-snmp-5.1.4-1.ppc.rpm
30754e63fe709fea9b60e91e56a38db3dd4c748e  ppc/php-xml-5.1.4-1.ppc.rpm
dd5979c7e6e76cb0a277cdc772aa7fa1c1b76f72  ppc/php-xmlrpc-5.1.4-1.ppc.rpm
931c4b9e3e9678b1c7ac406b2d82142538f73af0  ppc/php-mbstring-5.1.4-1.ppc.rpm
247a3c4854e4248f0c6b7e361a89854f3f684ba6  ppc/php-ncurses-5.1.4-1.ppc.rpm
9af49c2ab56a42a995e551c73ebc9d53aef2ba7d  ppc/php-gd-5.1.4-1.ppc.rpm
4f17e57faaa41a05b35fba5bcfa9dbb219db7ce8  ppc/php-bcmath-5.1.4-1.ppc.rpm
93c9a676ce0da74d8cce88a62808f094b14e9abe  ppc/php-dba-5.1.4-1.ppc.rpm
c65508cb39f4c5898cca04d3a5ff60e39f697416  ppc/debug/php-debuginfo-5.1.4-1.ppc.rpm
e2d2795fea89406317721caa27eb6bfe356fcd50  x86_64/php-5.1.4-1.x86_64.rpm
efc85cc37f7b9cf41d7b6878bab72add8e07532e  x86_64/php-devel-5.1.4-1.x86_64.rpm
77003d23d253ecdbc30ae81a21af947a00ad1c2e  x86_64/php-imap-5.1.4-1.x86_64.rpm
c58ba01875e6566e888a7badc2de49d534064f9c  x86_64/php-ldap-5.1.4-1.x86_64.rpm
9547d27119bdf2d2d659f3485f1cafb586772caf  x86_64/php-pdo-5.1.4-1.x86_64.rpm
99989062ddf71a75b608ddaa62d7b6a83ef1d1df  x86_64/php-mysql-5.1.4-1.x86_64.rpm
ce9239f74ae0ea0b54409ec0e641beaa5d21d42e  x86_64/php-pgsql-5.1.4-1.x86_64.rpm
1ed4a62f0da5d4a13ba7148b6f97cf0308bf1776  x86_64/php-odbc-5.1.4-1.x86_64.rpm
64b865e8862ff31b55f785c67d38dc3e1008af47  x86_64/php-soap-5.1.4-1.x86_64.rpm
f77649c56a38bcb7497c9e75fc6253ba2fb8b556  x86_64/php-snmp-5.1.4-1.x86_64.rpm
864063f7e83dd5b1a92dff5fab5b1154f36e1b5a  x86_64/php-xml-5.1.4-1.x86_64.rpm
ff20059a8e43b07f39ff389d413b856529785a73  x86_64/php-xmlrpc-5.1.4-1.x86_64.rpm
fdc78e8fdc061e59a34d06fa8fc860bcdf47ff75  x86_64/php-mbstring-5.1.4-1.x86_64.rpm
1f968be611471374cab759d0851a412878c9e22e  x86_64/php-ncurses-5.1.4-1.x86_64.rpm
c8ecb2207e6f51e2b8c2a09faf07e8723f74819b  x86_64/php-gd-5.1.4-1.x86_64.rpm
579aab3e7fee082bb8b2928fad46625b1181a818  x86_64/php-bcmath-5.1.4-1.x86_64.rpm
c140ea5776f32f4f55fbdd03163fc57551ece443  x86_64/php-dba-5.1.4-1.x86_64.rpm
cf561ffbb17f1a24e80a50b642a52f8a6f5b0847  x86_64/debug/php-debuginfo-5.1.4-1.x86_64.rpm
29c88f0a4686d5235329c95e2f4af5fd737a2073  i386/php-5.1.4-1.i386.rpm
f7a9abd9dd4ad500cc55603458279423e7c6dd7f  i386/php-devel-5.1.4-1.i386.rpm
ce125fc7569a2641d15de8d4ee0e57d432f9f008  i386/php-imap-5.1.4-1.i386.rpm
a983d2d05a196a434d69a55125adb1745762dc4d  i386/php-ldap-5.1.4-1.i386.rpm
660efbe01ddd584430ff91f478746fde6320b4cc  i386/php-pdo-5.1.4-1.i386.rpm
5918791356f79f1d122c859043134509597ab763  i386/php-mysql-5.1.4-1.i386.rpm
09c478b7b17cb1b87de671e16705c180b7e48094  i386/php-pgsql-5.1.4-1.i386.rpm
ad841871cd8d01f309b467f1a254f02c7d841de6  i386/php-odbc-5.1.4-1.i386.rpm
22e9ffec636c6b76e5c0ee610697537778f7c2aa  i386/php-soap-5.1.4-1.i386.rpm
335d4e1e25aa61f1698f64b29a2ca870a69569b3  i386/php-snmp-5.1.4-1.i386.rpm
310b3da4790a54b860c7118376de38e6f867f4bf  i386/php-xml-5.1.4-1.i386.rpm
185e3121b5db0000b1b480bbe232ff704dc0ea0e  i386/php-xmlrpc-5.1.4-1.i386.rpm
476341f3f921408707a80f62f7accefe32458f2d  i386/php-mbstring-5.1.4-1.i386.rpm
b3b5ca0af0d4c68d72efc5724f226fb5af2889d4  i386/php-ncurses-5.1.4-1.i386.rpm
50ba6401d44ca65a6d648cb03cd034111049d748  i386/php-gd-5.1.4-1.i386.rpm
d43e18186bb56785ae24ee7810972869cb5bdf21  i386/php-bcmath-5.1.4-1.i386.rpm
f518b01f24632ebf0455aa6b935390efd34b8ed9  i386/php-dba-5.1.4-1.i386.rpm
f54118ff2c606422d73def730d859958647a71c4  i386/debug/php-debuginfo-5.1.4-1.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

More information about the test mailing list