Red Hat alert RHSA-2004:392-01 (php)
From: | bugzilla@redhat.com | |
To: | enterprise-watch-list@redhat.com | |
Subject: | [RHSA-2004:392-01] Updated php packages fix security issues | |
Date: | Mon, 19 Jul 2004 16:45 -0400 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated php packages fix security issues Advisory ID: RHSA-2004:392-01 Issue date: 2004-07-19 Updated on: 2004-07-19 Product: Red Hat Enterprise Linux Cross references: RHSA-2004:342 Obsoletes: RHBA-2004:169 CVE Names: CAN-2004-0594 CAN-2004-0595 - --------------------------------------------------------------------- 1. Summary: Updated php packages that fix various security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memory_limit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP interpreter to allocate more memory than the memory_limit setting before script execution begins, then the attacker may be able to supply the contents of a PHP hash table remotely. This hash table could then be used to execute arbitrary code as the 'apache' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0594 to this issue. This issue has a higher risk when PHP is running on an instance of Apache which is vulnerable to CAN-2004-0493. For Red Hat Enterprise Linux 3, this Apache memory exhaustion issue was fixed by a previous update, RHSA-2004:342. It may also be possible to exploit this issue if using a non-default PHP configuration with the "register_defaults" setting is changed to "On". Red Hat does not believe that this flaw is exploitable in the default configuration of Red Hat Enterprise Linux 3. Stefan Esser discovered a flaw in the strip_tags function in versions of PHP before 4.3.8. The strip_tags function is commonly used by PHP scripts to prevent Cross-Site-Scripting attacks by removing HTML tags from user-supplied form data. By embedding NUL bytes into form data, HTML tags can in some cases be passed intact through the strip_tags function, which may allow a Cross-Site-Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0595 to this issue. All users of PHP are advised to upgrade to these updated packages, which contain backported patches that address these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 127642 - CAN-2004-0594 PHP memory_limit issue 6. RPMs required: Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm 9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm i386: 6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm 42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm 912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm 4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm ia64: ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm 819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm 654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm 6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm ppc: 8e7b70ca51bc2df2b9bdc17ac450623a php-4.3.2-11.1.ent.ppc.rpm 5f605263b276896aafae4bd6b4b7239a php-imap-4.3.2-11.1.ent.ppc.rpm da531c43274864cfb175acb3b66bf8b7 php-ldap-4.3.2-11.1.ent.ppc.rpm cdf935d9e13f4a2f23b615944cd497aa php-mysql-4.3.2-11.1.ent.ppc.rpm 68fdff925a0b72a85fa5e9602cf6f8ad php-odbc-4.3.2-11.1.ent.ppc.rpm 6dc8cc2c54551934cb16285040e88cbe php-pgsql-4.3.2-11.1.ent.ppc.rpm s390: 1241e110e8859029b024343d22aa2df6 php-4.3.2-11.1.ent.s390.rpm 21f3ed14d13ad75e007b5e356efed8de php-imap-4.3.2-11.1.ent.s390.rpm 268e9bde022de276849ba140a4235c37 php-ldap-4.3.2-11.1.ent.s390.rpm 93f23ab49be6bac55a67011ce9da49be php-mysql-4.3.2-11.1.ent.s390.rpm cf87e5a94c29d28bf1d7149a8e3757ac php-odbc-4.3.2-11.1.ent.s390.rpm c17462518752ea728180c1974461d269 php-pgsql-4.3.2-11.1.ent.s390.rpm s390x: 09bd14ec01d446d287f83db8507b3d19 php-4.3.2-11.1.ent.s390x.rpm b635ebd91ae1aa07563e5aeda9938361 php-imap-4.3.2-11.1.ent.s390x.rpm 98ef889f18f31d40c5c70314ed997c50 php-ldap-4.3.2-11.1.ent.s390x.rpm d0cece953f1e1f64f154dbb84b4387d5 php-mysql-4.3.2-11.1.ent.s390x.rpm 9664d26f87dc23fe662884807f480e22 php-odbc-4.3.2-11.1.ent.s390x.rpm b2ec7feef3091c1c1bc8503b86e02ad4 php-pgsql-4.3.2-11.1.ent.s390x.rpm x86_64: a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm 36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm 580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm 0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm 117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm 9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm i386: 6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm 42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm 912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm 4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm x86_64: a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm 36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm 580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm 0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm 117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm 9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm i386: 6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm 42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm 912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm 4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm ia64: ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm 819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm 654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm 6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm x86_64: a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm 36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm 580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm 0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm 117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-11.1.ent.src.rpm 9613fe94811e3abc0fcbbf75e3fe33b1 php-4.3.2-11.1.ent.src.rpm i386: 6b71d91abdb066a05ef4ec19f9355485 php-4.3.2-11.1.ent.i386.rpm 42182a3a61a6ffb145fd8871e03ae891 php-imap-4.3.2-11.1.ent.i386.rpm 912582a0321cd1bac6313b90cf33d285 php-ldap-4.3.2-11.1.ent.i386.rpm 4d88b4eafbbd2bc67f372c91d493f8dc php-mysql-4.3.2-11.1.ent.i386.rpm c9bc43377266615084d22544449ad7f9 php-odbc-4.3.2-11.1.ent.i386.rpm cce808facce1f1822f00190f226c27b1 php-pgsql-4.3.2-11.1.ent.i386.rpm ia64: ce5adfb8b69de15418ae87c5e27cd538 php-4.3.2-11.1.ent.ia64.rpm d377ea0c94b05779000a3d874fdbd125 php-imap-4.3.2-11.1.ent.ia64.rpm 819bdf666d70c231f991544fb9752295 php-ldap-4.3.2-11.1.ent.ia64.rpm 654071b05291149c7c7de4352d9e05e6 php-mysql-4.3.2-11.1.ent.ia64.rpm d10d1a5a809d5899af609b5114ac330a php-odbc-4.3.2-11.1.ent.ia64.rpm 6fbda694cefa84f48f4a13cb5b3bba2a php-pgsql-4.3.2-11.1.ent.ia64.rpm x86_64: a49056e941b6bd8ce1b1590bea36ad93 php-4.3.2-11.1.ent.x86_64.rpm fb2117b18a87f4dbe9d99a1c3bff549c php-imap-4.3.2-11.1.ent.x86_64.rpm 36868aa1c842e4b51080b36278b89f6c php-ldap-4.3.2-11.1.ent.x86_64.rpm 580ab1336817233f421aa810f98b01a7 php-mysql-4.3.2-11.1.ent.x86_64.rpm 0d22fa314983cfde41309e3c063386cd php-odbc-4.3.2-11.1.ent.x86_64.rpm 117f5c46073a1828b32c33835c5c7790 php-pgsql-4.3.2-11.1.ent.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0595 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFA/DLjXlSAg2UNWIIRAobrAJ9XKXb7Od9lRDg/MyFT6TRF8n/kpACfakqv k6vmMxlcQ9aIAOwtH2onUeY= =my6U -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list