Red Hat 製品エラータ RHSA-2013:1063 - Security Advisory
発行日:
2013-07-15
更新日:
2013-07-15

RHSA-2013:1063 - Security Advisory

概要

Critical: php security update

タイプ/重大度

Security Advisory: Critical

Red Hat Lightspeed パッチ分析

このアドバイザリーの影響を受けるシステムを特定し、修正します。

影響を受けるシステムの表示

トピック

Updated php packages that fix one security issue are now available for
Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

説明

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the way PHP parsed deeply nested XML
documents. If a PHP application used the xml_parse_into_struct() function
to parse untrusted XML content, an attacker able to supply
specially-crafted XML could use this flaw to crash the application or,
possibly, execute arbitrary code with the privileges of the user running
the PHP interpreter. (CVE-2013-4113)

All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

解決策

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

影響を受ける製品

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 3 i386

修正

  • BZ - 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
php-4.3.9-3.37.el4.src.rpm SHA-256: 03d5ca5ab78d089f78fd3bf7f50b48aa851edb122d0224c43d3472204214e8f1
x86_64
php-4.3.9-3.37.el4.x86_64.rpm SHA-256: 42dc6726722d396e0b09d1ec36618c607a2840788ffe4f6f8aaf967c05841955
php-4.3.9-3.37.el4.x86_64.rpm SHA-256: 42dc6726722d396e0b09d1ec36618c607a2840788ffe4f6f8aaf967c05841955
php-devel-4.3.9-3.37.el4.x86_64.rpm SHA-256: 0e604b14368f33dab77fac77a2454348be36093968f31f45296b848625a0ff81
php-devel-4.3.9-3.37.el4.x86_64.rpm SHA-256: 0e604b14368f33dab77fac77a2454348be36093968f31f45296b848625a0ff81
php-domxml-4.3.9-3.37.el4.x86_64.rpm SHA-256: 3ed14279845a8335d34b01d2b0e62fba00373e47c6ef02053847dc6f77632f0d
php-domxml-4.3.9-3.37.el4.x86_64.rpm SHA-256: 3ed14279845a8335d34b01d2b0e62fba00373e47c6ef02053847dc6f77632f0d
php-gd-4.3.9-3.37.el4.x86_64.rpm SHA-256: 5c24bf9115662686a918efee1dfbdd3cf82d37824718f1d887f2fc88dc29c018
php-gd-4.3.9-3.37.el4.x86_64.rpm SHA-256: 5c24bf9115662686a918efee1dfbdd3cf82d37824718f1d887f2fc88dc29c018
php-imap-4.3.9-3.37.el4.x86_64.rpm SHA-256: cb832d8278bf9b46810a7d7907debed90afb2b63b035c22e1375659af4870b2b
php-imap-4.3.9-3.37.el4.x86_64.rpm SHA-256: cb832d8278bf9b46810a7d7907debed90afb2b63b035c22e1375659af4870b2b
php-ldap-4.3.9-3.37.el4.x86_64.rpm SHA-256: aadebc6b8f8b6a70eb1fabf8ce2be976474113d5dc96e877dc884651e88c59d9
php-ldap-4.3.9-3.37.el4.x86_64.rpm SHA-256: aadebc6b8f8b6a70eb1fabf8ce2be976474113d5dc96e877dc884651e88c59d9
php-mbstring-4.3.9-3.37.el4.x86_64.rpm SHA-256: 934779598f893934860d2165170aac99daa502e7e3ffa120e91e2baca97d9511
php-mbstring-4.3.9-3.37.el4.x86_64.rpm SHA-256: 934779598f893934860d2165170aac99daa502e7e3ffa120e91e2baca97d9511
php-mysql-4.3.9-3.37.el4.x86_64.rpm SHA-256: 45c691178c5c976cd80dad260847c5b5784984739f76694c4a88418352692c6d
php-mysql-4.3.9-3.37.el4.x86_64.rpm SHA-256: 45c691178c5c976cd80dad260847c5b5784984739f76694c4a88418352692c6d
php-ncurses-4.3.9-3.37.el4.x86_64.rpm SHA-256: bc49ca31984dcd0560962c13293f35d840cb06c7e68a733592e14d24ecbaf6e4
php-ncurses-4.3.9-3.37.el4.x86_64.rpm SHA-256: bc49ca31984dcd0560962c13293f35d840cb06c7e68a733592e14d24ecbaf6e4
php-odbc-4.3.9-3.37.el4.x86_64.rpm SHA-256: de08982a0a6f8c014e030edd7e16c899f3a1d1608a5a95418dfdc8ecd0777530
php-odbc-4.3.9-3.37.el4.x86_64.rpm SHA-256: de08982a0a6f8c014e030edd7e16c899f3a1d1608a5a95418dfdc8ecd0777530
php-pear-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4d825de107c0720a16d8c57f3ed54b5264d5bc255d1b0415ad5e514039873d04
php-pear-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4d825de107c0720a16d8c57f3ed54b5264d5bc255d1b0415ad5e514039873d04
php-pgsql-4.3.9-3.37.el4.x86_64.rpm SHA-256: c34cd7586c377f2c3caf289ce2bca5b62e0f0c2d2b48623bb28a21b0525c1580
php-pgsql-4.3.9-3.37.el4.x86_64.rpm SHA-256: c34cd7586c377f2c3caf289ce2bca5b62e0f0c2d2b48623bb28a21b0525c1580
php-snmp-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4dc7b99bdd5b5424fb912ebceb77b517a95171fc117db62e68b94f68fd198233
php-snmp-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4dc7b99bdd5b5424fb912ebceb77b517a95171fc117db62e68b94f68fd198233
php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm SHA-256: a5de1af3b1f2f89fc8b5ca6c3afd8871e44b3224b7850f546f8ec7a7217b909c
php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm SHA-256: a5de1af3b1f2f89fc8b5ca6c3afd8871e44b3224b7850f546f8ec7a7217b909c
ia64
php-4.3.9-3.37.el4.ia64.rpm SHA-256: d6bc4150bb6abf559067900c8a65305223bc7936327dc4793ddd7dcee192aed8
php-devel-4.3.9-3.37.el4.ia64.rpm SHA-256: 637d50421f635ac73244215162f28ddc2d62d6efa7fa16803581cb199ce49245
php-domxml-4.3.9-3.37.el4.ia64.rpm SHA-256: 2912a3a8b160951b3c74209235d6acee256810aeca6818eeec867c6a996a0103
php-gd-4.3.9-3.37.el4.ia64.rpm SHA-256: 26d71de09aa83920a61cce77c3f505a726bd8718586cefaf70d3114c71647e04
php-imap-4.3.9-3.37.el4.ia64.rpm SHA-256: 100afdd6d5d18387c225e560e4dc3d2deebb23ccfdde1658e4a3c4ec0e6e7ea0
php-ldap-4.3.9-3.37.el4.ia64.rpm SHA-256: a015a8acbab967152c8686c60ae9d93142957faabe0df85f92ffcede869d57c0
php-mbstring-4.3.9-3.37.el4.ia64.rpm SHA-256: 04f97449117834ba73455a0405c93b696713785cec3fce96a67776d7595b5895
php-mysql-4.3.9-3.37.el4.ia64.rpm SHA-256: c173490fd8b767a0502d088ba18fe8bc7aa099a5162112a98c6b24132a5cf76c
php-ncurses-4.3.9-3.37.el4.ia64.rpm SHA-256: 28104bf2d2ff84c4f1d2b111aa37606e7c4d9f03a058119a3f8a016d714c0e72
php-odbc-4.3.9-3.37.el4.ia64.rpm SHA-256: 01ea7439dd340d8f0e5b734de4d9ec1c31d043c8233eddfe68d21d49e982e1e7
php-pear-4.3.9-3.37.el4.ia64.rpm SHA-256: af201361836d6a6218d93a5d3222372afa979ab80d68c31b7ec552efea21f250
php-pgsql-4.3.9-3.37.el4.ia64.rpm SHA-256: 8a8db505353823f6d3e2e0f9803f1c9a942167d6a44100c09b430e5671c82a22
php-snmp-4.3.9-3.37.el4.ia64.rpm SHA-256: 825b48a7196e718f97785b2e54028ef9530bb231fa98d63106940ce1690161c2
php-xmlrpc-4.3.9-3.37.el4.ia64.rpm SHA-256: 65d9a854e28d431b3a5815e8d8e0630bf90849507a82fbc46d3b81cb9d0f370f
i386
php-4.3.9-3.37.el4.i386.rpm SHA-256: 366fb836b4673035daab9ff885682ae50a4d6a79075986b12108ff26870ea701
php-4.3.9-3.37.el4.i386.rpm SHA-256: 366fb836b4673035daab9ff885682ae50a4d6a79075986b12108ff26870ea701
php-devel-4.3.9-3.37.el4.i386.rpm SHA-256: dcaceff34aad105dc8a0c64ecc3ab5368b948843a553635ab64327e33b93185a
php-devel-4.3.9-3.37.el4.i386.rpm SHA-256: dcaceff34aad105dc8a0c64ecc3ab5368b948843a553635ab64327e33b93185a
php-domxml-4.3.9-3.37.el4.i386.rpm SHA-256: ccfcc0937019441b4e2f7efe4a9300c6034ec1440e46fe47823e0b59afb6de90
php-domxml-4.3.9-3.37.el4.i386.rpm SHA-256: ccfcc0937019441b4e2f7efe4a9300c6034ec1440e46fe47823e0b59afb6de90
php-gd-4.3.9-3.37.el4.i386.rpm SHA-256: 713687486542e575e143c73403ab153cdeab4a82e7d90ec191882d9fba1f7d9c
php-gd-4.3.9-3.37.el4.i386.rpm SHA-256: 713687486542e575e143c73403ab153cdeab4a82e7d90ec191882d9fba1f7d9c
php-imap-4.3.9-3.37.el4.i386.rpm SHA-256: b0a4adb76263c1d7e8bd79331fdf6114e0f4fae484a3e231e1579bed2ae41db7
php-imap-4.3.9-3.37.el4.i386.rpm SHA-256: b0a4adb76263c1d7e8bd79331fdf6114e0f4fae484a3e231e1579bed2ae41db7
php-ldap-4.3.9-3.37.el4.i386.rpm SHA-256: 57b23827fbc69d0160dcba03602778f1792128d6865bc199cc65e570b18069b7
php-ldap-4.3.9-3.37.el4.i386.rpm SHA-256: 57b23827fbc69d0160dcba03602778f1792128d6865bc199cc65e570b18069b7
php-mbstring-4.3.9-3.37.el4.i386.rpm SHA-256: 9b2e686f3022873ac232c16d39371bc410aaf9ca49c015e4aa305a6f9896dde0
php-mbstring-4.3.9-3.37.el4.i386.rpm SHA-256: 9b2e686f3022873ac232c16d39371bc410aaf9ca49c015e4aa305a6f9896dde0
php-mysql-4.3.9-3.37.el4.i386.rpm SHA-256: d2b874fed8c26e2cc91a6a13bef06971e6ad31357924e88f20aeb1b4965f5192
php-mysql-4.3.9-3.37.el4.i386.rpm SHA-256: d2b874fed8c26e2cc91a6a13bef06971e6ad31357924e88f20aeb1b4965f5192
php-ncurses-4.3.9-3.37.el4.i386.rpm SHA-256: 4a1916cfbdd79494c9e3f5f96265faedc3f46848a808549e809b814392348ac8
php-ncurses-4.3.9-3.37.el4.i386.rpm SHA-256: 4a1916cfbdd79494c9e3f5f96265faedc3f46848a808549e809b814392348ac8
php-odbc-4.3.9-3.37.el4.i386.rpm SHA-256: 3a0ca88447223b03ad8f63af116757ac1b7b67080951ed8aa985a7ab5a538e16
php-odbc-4.3.9-3.37.el4.i386.rpm SHA-256: 3a0ca88447223b03ad8f63af116757ac1b7b67080951ed8aa985a7ab5a538e16
php-pear-4.3.9-3.37.el4.i386.rpm SHA-256: 622dbdb64f2b89534d526ac7f1a206f57b51d2871b31310fea125aaf099d581d
php-pear-4.3.9-3.37.el4.i386.rpm SHA-256: 622dbdb64f2b89534d526ac7f1a206f57b51d2871b31310fea125aaf099d581d
php-pgsql-4.3.9-3.37.el4.i386.rpm SHA-256: 1e221ceeea181fdd29a03a65528d28454261abb4422b354a0d949f4c079afca8
php-pgsql-4.3.9-3.37.el4.i386.rpm SHA-256: 1e221ceeea181fdd29a03a65528d28454261abb4422b354a0d949f4c079afca8
php-snmp-4.3.9-3.37.el4.i386.rpm SHA-256: d76a2a0aba9acd099c6bcb86d20668078d7df95018f9543357f6fa0d05a1589d
php-snmp-4.3.9-3.37.el4.i386.rpm SHA-256: d76a2a0aba9acd099c6bcb86d20668078d7df95018f9543357f6fa0d05a1589d
php-xmlrpc-4.3.9-3.37.el4.i386.rpm SHA-256: 323a464e0fa2608813e72fc5abff99f0cc7bdb0cc5a2d6b4f145bad9f2109cfd
php-xmlrpc-4.3.9-3.37.el4.i386.rpm SHA-256: 323a464e0fa2608813e72fc5abff99f0cc7bdb0cc5a2d6b4f145bad9f2109cfd

Red Hat Enterprise Linux Server - Extended Life Cycle Support 3

SRPM
i386

Red Hat のセキュリティーに関する連絡先は secalert@redhat.com です。 連絡先の詳細は https://access.redhat.com/security/team/contact/ をご覧ください。