RedHat: Moderate: PHP security update RHSA-2005:405-01
Summary
Summary
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. Several bug fixes are also included in this update: - - The security fixes in RHSA-2004-687 to the "unserializer" code introduced some performance issues. - - In the gd extension, the "imagecopymerge" function did not correctly handle transparency. The original image was being obscured in the resultant image. - - In the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392). Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
145436 - PHP pages slow, HTTPD eating cpu
147808 - php curl open_basedir bypass
149873 - make PHP oci8 driver support Oracle Instant Client RPM
149946 - PHP GD ImageCopyMerge broken
153140 - CAN-2005-0524 PHP getimagesize() Multiple Denial of Service Vulnerabilities CAN-2005-0525
154021 - CAN-2005-1042 PHP exif buffer overflow
154025 - CAN-2005-1043 PHP exif infinite stack recursion
6. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm
i386:
90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm
fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm
6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm
ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm
bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm
dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm
28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm
ia64:
ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm
c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm
2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm
0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm
f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm
7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm
0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm
ppc:
1d106837f13833934d36cd40b1656a31 php-4.3.2-23.ent.ppc.rpm
3a490c937d75c426adad35e2a28f308d php-devel-4.3.2-23.ent.ppc.rpm
048861f82d2596f722bd1af0edb43e2c php-imap-4.3.2-23.ent.ppc.rpm
48838c0212c8647f4e13f0a8bd13924b php-ldap-4.3.2-23.ent.ppc.rpm
8d414fd1c5cc0b8f847d2aec8a7c5cdd php-mysql-4.3.2-23.ent.ppc.rpm
de5cccba75b024dc074b0e532cc8da62 php-odbc-4.3.2-23.ent.ppc.rpm
33c39c6dde048b7ee2b86ffd00cca63b php-pgsql-4.3.2-23.ent.ppc.rpm
s390:
de50da7e22ae20bcc603c5a15fd21c61 php-4.3.2-23.ent.s390.rpm
f88a6cd9638f37243f9195474b0a621c php-devel-4.3.2-23.ent.s390.rpm
44908647a1bf7b8699004eab78641d85 php-imap-4.3.2-23.ent.s390.rpm
061712561bf04e2177608f9723d6fd68 php-ldap-4.3.2-23.ent.s390.rpm
2578b30d28ee9248d49d559b05f79a66 php-mysql-4.3.2-23.ent.s390.rpm
0a1073d9e67bd75ad884b0c984789d8f php-odbc-4.3.2-23.ent.s390.rpm
ce8aba6f8f7e5daebffb85f5b3917e47 php-pgsql-4.3.2-23.ent.s390.rpm
s390x:
30126ffe1094416d939a7aff262fc5ce php-4.3.2-23.ent.s390x.rpm
8dcced2d4c6a2a7c0418957852f8468b php-devel-4.3.2-23.ent.s390x.rpm
1306bcf14591153e6cb1063c27fad644 php-imap-4.3.2-23.ent.s390x.rpm
48e652c080759211c0b9365577a3b6b7 php-ldap-4.3.2-23.ent.s390x.rpm
41ddbec77c5d9654544291aeae04658f php-mysql-4.3.2-23.ent.s390x.rpm
56a28dffb575117d3299e5bf3b73a106 php-odbc-4.3.2-23.ent.s390x.rpm
39acc8cd2e58ea675485e6d7c17b54cc php-pgsql-4.3.2-23.ent.s390x.rpm
x86_64:
c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm
c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm
ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm
4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm
4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm
93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm
be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm
Red Hat Desktop version 3:
SRPMS:
58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm
i386:
90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm
fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm
6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm
ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm
bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm
dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm
28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm
x86_64:
c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm
c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm
ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm
4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm
4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm
93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm
be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm
i386:
90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm
fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm
6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm
ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm
bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm
dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm
28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm
ia64:
ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm
c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm
2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm
0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm
f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm
7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm
0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm
x86_64:
c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm
c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm
ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm
4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm
4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm
93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm
be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
58f0cca1256d18f4146f2ec006dc4fd5 php-4.3.2-23.ent.src.rpm
i386:
90b3771b6440bd401c5c33d915806fc4 php-4.3.2-23.ent.i386.rpm
fb284c7c36219ac32f9a8adee7c13d4c php-devel-4.3.2-23.ent.i386.rpm
6ca14b0b08f188e34e833017affe5a2e php-imap-4.3.2-23.ent.i386.rpm
ee3952c56bc244a825035f7e7facda68 php-ldap-4.3.2-23.ent.i386.rpm
bbe31e769f917c47da06b6f864bd4d0f php-mysql-4.3.2-23.ent.i386.rpm
dd9118b190805f299c24a3e3e5154cd4 php-odbc-4.3.2-23.ent.i386.rpm
28b2599fcc44d5cff95670fd29cb49ce php-pgsql-4.3.2-23.ent.i386.rpm
ia64:
ae30b9198b8908dd0e42e54f5cc094e5 php-4.3.2-23.ent.ia64.rpm
c02c359cf20fc772088e9d1df5549d8b php-devel-4.3.2-23.ent.ia64.rpm
2506f030c45ddb1ccc6ddce44e17fc08 php-imap-4.3.2-23.ent.ia64.rpm
0529fd8d9cbc47d16d5f3f81639b985f php-ldap-4.3.2-23.ent.ia64.rpm
f39b5fcc428e67a85d3ea91de36c0f0f php-mysql-4.3.2-23.ent.ia64.rpm
7f72f5cca6c29fa56e71641fa60aa133 php-odbc-4.3.2-23.ent.ia64.rpm
0df7c3e84d8b818565a30a11e5303b6d php-pgsql-4.3.2-23.ent.ia64.rpm
x86_64:
c65c9126a358d58c66caf072cef65ecd php-4.3.2-23.ent.x86_64.rpm
c0a73dfa0b22cec4b3d1ecaaa37fc26d php-devel-4.3.2-23.ent.x86_64.rpm
ec5f608371824dc3306738f6d51c9677 php-imap-4.3.2-23.ent.x86_64.rpm
4f4229af5ccdca0feda092dba5d50ea7 php-ldap-4.3.2-23.ent.x86_64.rpm
4e902c4400e3d472df8d5dbc6c8126d2 php-mysql-4.3.2-23.ent.x86_64.rpm
93a762b570dea3a35a8461a3ad43632c php-odbc-4.3.2-23.ent.x86_64.rpm
be166ccd9909d1eba95d3fadc0aad6a3 php-pgsql-4.3.2-23.ent.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0524 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1042 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1043
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Bugs Fixed