Synopsis: Updated php packages fix security issues
Advisory ID: RHSA-2004:392-01
Issue date: 2004-07-19
Updated on: 2004-07-19
Product: Red Hat Enterprise Linux
Cross references: RHSA-2004:342
Obsoletes: RHBA-2004:169
CVE Names:
CAN-2004-0594 CAN-2004-0595
- ---------------------------------------------------------------------
1. Summary:
Updated php packages that fix various security issues are now available.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
3. Problem description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.
Stefan Esser discovered a flaw when memory_limit is enabled in versions of
PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to
allocate more memory than the memory_limit setting before script execution
begins, then the attacker may be able to supply the contents of a PHP hash
table remotely. This hash table could then be used to execute arbitrary
code as the 'apache' user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name
CAN-2004-0594 to this issue.
This issue has a higher risk when PHP is running on an instance of Apache
which is vulnerable to
CAN-2004-0493. For Red Hat Enterprise Linux 3, this
Apache memory exhaustion issue was fixed by a previous update,
RHSA-2004:342. It may also be possible to exploit this issue if using a
non-default PHP configuration with the "register_defaults" setting is
changed to "On". Red Hat does not believe that this flaw is exploitable in
the default configuration of Red Hat Enterprise Linux 3.
Stefan Esser discovered a flaw in the strip_tags function in versions of
PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts
to prevent Cross-Site-Scripting attacks by removing HTML tags from
user-supplied form data. By embedding NUL bytes into form data, HTML tags
can in some cases be passed intact through the strip_tags function, which
may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0595 to
this issue.
All users of PHP are advised to upgrade to these updated packages, which
contain backported patches that address these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (
http://bugzilla.redhat.com/ for more info):
127642 -
CAN-2004-0594 PHP memory_limit issue
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm
i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm
ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm
ppc:
8e7b70ca51bc2df2b9bdc17ac450623a php-4.3.2-11.1.ent.ppc.rpm
5f605263b276896aafae4bd6b4b7239a php-imap-4.3.2-11.1.ent.ppc.rpm
da531c43274864cfb175acb3b66bf8b7 php-ldap-4.3.2-11.1.ent.ppc.rpm
cdf935d9e13f4a2f23b615944cd497aa php-mysql-4.3.2-11.1.ent.ppc.rpm
68fdff925a0b72a85fa5e9602cf6f8ad php-odbc-4.3.2-11.1.ent.ppc.rpm
6dc8cc2c54551934cb16285040e88cbe php-pgsql-4.3.2-11.1.ent.ppc.rpm
s390:
1241e110e8859029b024343d22aa2df6 php-4.3.2-11.1.ent.s390.rpm
21f3ed14d13ad75e007b5e356efed8de php-imap-4.3.2-11.1.ent.s390.rpm
268e9bde022de276849ba140a4235c37 php-ldap-4.3.2-11.1.ent.s390.rpm
93f23ab49be6bac55a67011ce9da49be php-mysql-4.3.2-11.1.ent.s390.rpm
cf87e5a94c29d28bf1d7149a8e3757ac php-odbc-4.3.2-11.1.ent.s390.rpm
c17462518752ea728180c1974461d269 php-pgsql-4.3.2-11.1.ent.s390.rpm
s390x:
09bd14ec01d446d287f83db8507b3d19 php-4.3.2-11.1.ent.s390x.rpm
b635ebd91ae1aa07563e5aeda9938361 php-imap-4.3.2-11.1.ent.s390x.rpm
98ef889f18f31d40c5c70314ed997c50 php-ldap-4.3.2-11.1.ent.s390x.rpm
d0cece953f1e1f64f154dbb84b4387d5 php-mysql-4.3.2-11.1.ent.s390x.rpm
9664d26f87dc23fe662884807f480e22 php-odbc-4.3.2-11.1.ent.s390x.rpm
b2ec7feef3091c1c1bc8503b86e02ad4 php-pgsql-4.3.2-11.1.ent.s390x.rpm
x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm
i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm
x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm
i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm
ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm
x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm
9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm
i386:
6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm
42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm
912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm
4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm
c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm
cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm
ia64:
ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm
d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm
819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm
654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm
d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm
6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm
x86_64:
a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm
fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm
36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm
580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm
0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm
117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key.html#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0595
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact.html
Copyright 2004 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFA/DLjXlSAg2UNWIIRAobrAJ9XKXb7Od9lRDg/MyFT6TRF8n/kpACfakqv
k6vmMxlcQ9aIAOwtH2onUeY=
=my6U
-----END PGP SIGNATURE-----
