CORE 2:

Fedora Update Notification
FEDORA-2004-223
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : php
Version     : 4.3.8                      
Release     : 2.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI


---------------------------------------------------------------------
This update can be downloaded from:
    

13c752c5f7f5a6564f2f6bd5bc8e7b0e  SRPMS/php-4.3.8-2.1.src.rpm
65095fc26ad128d360997f903561b7d5  x86_64/php-4.3.8-2.1.x86_64.rpm
3b15e51fc58965ce96756a71f1c5b5de  x86_64/php-devel-4.3.8-2.1.x86_64.rpm
231d87f5d179c2b3b05f5c32414d14cd  x86_64/php-pear-4.3.8-2.1.x86_64.rpm
f9c27929bf99768ce5b59b26f73bccb2  x86_64/php-imap-4.3.8-2.1.x86_64.rpm
7ff188fe29a3d35239e22b5e0ceaa8f7  x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
31df367d75e1983a35cb72fd3b139868  x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
203e65f95c421e7349a1ab756cf82bde  x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
dd98e42d71494638ac839a16636e1550  x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
8d901500f5d1f5ff28b33d7970e22c99  x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
1f497d638c34ae5712261fdf3553148c  x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
76ecadb87e33d92c75c3f87d0cea0453  x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
8901decbda81636ac02176440ccd3172  x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
6124e792f031f33d967c703d3d00e5e1  x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
3c614e351ee3bf2edd4bcccdaac730ae  i386/php-4.3.8-2.1.i386.rpm
5b2dd8c438bdbee268f1ee895c60fda1  i386/php-devel-4.3.8-2.1.i386.rpm
6f08f5d2b259835ad514ea55c4c6f87c  i386/php-pear-4.3.8-2.1.i386.rpm
e0fbef311d2b603e6a95e4bcf10ed57d  i386/php-imap-4.3.8-2.1.i386.rpm
71211809dc9bfe8671d6c41f4ff33d46  i386/php-ldap-4.3.8-2.1.i386.rpm
22425aa3497a0b208475dc0a0c8b8cfe  i386/php-mysql-4.3.8-2.1.i386.rpm
1e086cc08143bb9380bfa5a2d659cdcb  i386/php-pgsql-4.3.8-2.1.i386.rpm
fbd12ada7afe1ff85e308d157151528c  i386/php-odbc-4.3.8-2.1.i386.rpm
503d75c815dd91a743e837ed5ab25f47  i386/php-snmp-4.3.8-2.1.i386.rpm
aeb98c24a1d782c9341526cdc9a58c92  i386/php-domxml-4.3.8-2.1.i386.rpm
0ba0a4d9676be8ca3589b3498ef83323  i386/php-xmlrpc-4.3.8-2.1.i386.rpm
c1f7cf35bfe5091d720d65d4515ea9ae  i386/php-mbstring-4.3.8-2.1.i386.rpm
fb4e286644c2b5b4bc6f3c833fb60312  i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

CORE 1:

Fedora Update Notification
FEDORA-2004-222
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : php
Version     : 4.3.8                      
Release     : 1.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------

* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.1

- revert default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------
This update can be downloaded from:
    

13270796ce376c10185c0b9288650641  SRPMS/php-4.3.8-1.1.src.rpm
1cd156c31e2b369bf720c68ff4813577  x86_64/php-4.3.8-1.1.x86_64.rpm
4a94cdd98c57ccb6d422c6258a88c01c  x86_64/php-devel-4.3.8-1.1.x86_64.rpm
b945776c8e0fab2d752b2f6ac0449884  x86_64/php-imap-4.3.8-1.1.x86_64.rpm
ddc13f90bb07d79cf331492fa0405924  x86_64/php-ldap-4.3.8-1.1.x86_64.rpm
76d3ec1db4632b8326ec53ce0d0b2351  x86_64/php-mysql-4.3.8-1.1.x86_64.rpm
474fb0bea6a77c73a137c9a174f88b09  x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm
5282e7fc9eac5ba97daad437036f5a88  x86_64/php-odbc-4.3.8-1.1.x86_64.rpm
6bb844093e443af67dbf7d922c70743e  x86_64/php-snmp-4.3.8-1.1.x86_64.rpm
47d22c9f1b48dfd4a7b8edc45c352c8d  x86_64/php-domxml-4.3.8-1.1.x86_64.rpm
d69b3c22927b2e7d3f43d584530fcdc0  x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm
3121513c6c0b02c04dfd8f1a1551ebc8  x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm
746ec0a2c9f4e6624b9e187c99a36c17  x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm
416d885c0a0c38f62c6160729dfaddca  i386/php-4.3.8-1.1.i386.rpm
5e16fd3ed5e269c5dcc08f78f978ff29  i386/php-devel-4.3.8-1.1.i386.rpm
ba5c16182ef769ba51ac1eeb8c661e0a  i386/php-imap-4.3.8-1.1.i386.rpm
91c7ec599d536e8cffd998eaf1a9ccb2  i386/php-ldap-4.3.8-1.1.i386.rpm
760b1d2e855030f5c2fbb9302a3e444a  i386/php-mysql-4.3.8-1.1.i386.rpm
4a6639e2bd64da1d1ecac5db68ec26cb  i386/php-pgsql-4.3.8-1.1.i386.rpm
ee450e16caaaf71e86ec322ff6e87034  i386/php-odbc-4.3.8-1.1.i386.rpm
717964e60fd8f9a0035dfb42a649000e  i386/php-snmp-4.3.8-1.1.i386.rpm
703cc32c7b7a78e05b411d473e2efc7f  i386/php-domxml-4.3.8-1.1.i386.rpm
8c278827e58988eb9db98bfb03f4d77a  i386/php-xmlrpc-4.3.8-1.1.i386.rpm
6d4238cea2f80e11b084bb47342a5a9c  i386/php-mbstring-4.3.8-1.1.i386.rpm
2b9af26a3f62c7657586e25f47e2b381  i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.

Fedora: php Multiple vulnerabilities

July 23, 2004
This patch resolves two different php vulnerabilities, one of which allows arbitrary code execution on the local machine, the other XSS (Cross Site Scripting).

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated webpages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts. The

mod_php module enables the Apache Web server to understand and process

the embedded PHP language in Web pages.

Update Information:

This update includes the latest release of PHP 4, including fixes for security issues in memory limit handling (CVE CAN-2004-0594), and the strip_tags function (CVE CAN-2004-0595). CAN-2004-0595 is not known to be exploitable in the default configuration if using httpd 2.0.50, but can be triggered if the "register_globals" setting has been enabled. CAN-2004-0595 can allow a possible cross-site-scripting attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage in this update to reduce the overall package size.

* Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6 - add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.0

- update to 4.3.8 - add gmp_powm fix (Oskari Saarenmaa, #124318) - split out mbstring extension into php-mbstring subpackage - fix rebuild without bison/flex - have -devel require php of same release...

Read the Full Advisory

Change Log

References

CORE 2: Fedora Update Notification FEDORA-2004-223 2004-07-23 Product : Fedora Core 2 Name : php Version : 4.3.8 Release : 2.1 Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor) Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages.

Update Instructions

Severity
Product : Fedora Core 2
Name : php
Version : 4.3.8
Release : 2.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Product : Fedora Core 1
Name : php
Version : 4.3.8
Release : 1.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved