RHSA-2007:0154 - Security Advisory

Topic

Updated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 2.1.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way PHP's unserialize() function processes data. If
a remote attacker is able to pass arbitrary data to PHP's unserialize()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1286)

A double free flaw was found in PHP's session_decode() function. If a
remote attacker is able to pass arbitrary data to PHP's session_decode()
function, it may be possible for them to execute arbitrary code as the
apache user. (CVE-2007-1711)

Users of PHP should upgrade to these updated packages which contain
backported patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

• BZ - 235225 - CVE-2007-1285 Multiple "Month of PHP Bugs" PHP issues (CVE-2007-1286, CVE-2007-1711)

CVEs

• CVE-2007-1711
• CVE-2007-1286
• CVE-2007-1285

References

(none)