- Issued:
- 2006-09-21
- Updated:
- 2006-09-21
RHSA-2006:0682 - Security Advisory
Synopsis
php security update
Type/Severity
Security Advisory: Moderate
Topic
Updated PHP packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 2.1.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A response-splitting issue was discovered in the PHP session handling. If
a remote attacker can force a carefully crafted session identifier to be
used, a cross-site-scripting or response-splitting attack could be
possible. (CVE-2006-3016)
A buffer overflow was discovered found in the PHP sscanf() function. If a
script used the sscanf() function with positional arguments in the format
string, a remote attacker sending a carefully crafted request could execute
arbitrary code as the 'apache' user. (CVE-2006-4020)
An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)
An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the "memory_limit" setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)
Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues. These packages also contain a
fix for a bug where certain input strings to the metaphone() function could
cause memory corruption.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
Fixes
- BZ - 206934 - CVE-2006-4482 PHP heap overflow
- BZ - 206935 - metaphone() function causing Apache segfaults
- BZ - 206936 - CVE-2006-4486 PHP integer overflows in Zend
- BZ - 206937 - CVE-2006-4020 PHP buffer overread flaw
- BZ - 206964 - CVE-2006-3016 PHP session ID validation
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
