Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2013:1063 - Security Advisory
Issued:
2013-07-15
Updated:
2013-07-15

RHSA-2013:1063 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Critical: php security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated php packages that fix one security issue are now available for
Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A buffer overflow flaw was found in the way PHP parsed deeply nested XML
documents. If a PHP application used the xml_parse_into_struct() function
to parse untrusted XML content, an attacker able to supply
specially-crafted XML could use this flaw to crash the application or,
possibly, execute arbitrary code with the privileges of the user running
the PHP interpreter. (CVE-2013-4113)

All php users should upgrade to these updated packages, which contain a
backported patch to resolve this issue. After installing the updated
packages, the httpd daemon must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 3 i386

Fixes

  • BZ - 983689 - CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XML

CVEs

  • CVE-2013-4113

References

  • https://access.redhat.com/security/updates/classification/#critical
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
php-4.3.9-3.37.el4.src.rpm SHA-256: 03d5ca5ab78d089f78fd3bf7f50b48aa851edb122d0224c43d3472204214e8f1
x86_64
php-4.3.9-3.37.el4.x86_64.rpm SHA-256: 42dc6726722d396e0b09d1ec36618c607a2840788ffe4f6f8aaf967c05841955
php-4.3.9-3.37.el4.x86_64.rpm SHA-256: 42dc6726722d396e0b09d1ec36618c607a2840788ffe4f6f8aaf967c05841955
php-devel-4.3.9-3.37.el4.x86_64.rpm SHA-256: 0e604b14368f33dab77fac77a2454348be36093968f31f45296b848625a0ff81
php-devel-4.3.9-3.37.el4.x86_64.rpm SHA-256: 0e604b14368f33dab77fac77a2454348be36093968f31f45296b848625a0ff81
php-domxml-4.3.9-3.37.el4.x86_64.rpm SHA-256: 3ed14279845a8335d34b01d2b0e62fba00373e47c6ef02053847dc6f77632f0d
php-domxml-4.3.9-3.37.el4.x86_64.rpm SHA-256: 3ed14279845a8335d34b01d2b0e62fba00373e47c6ef02053847dc6f77632f0d
php-gd-4.3.9-3.37.el4.x86_64.rpm SHA-256: 5c24bf9115662686a918efee1dfbdd3cf82d37824718f1d887f2fc88dc29c018
php-gd-4.3.9-3.37.el4.x86_64.rpm SHA-256: 5c24bf9115662686a918efee1dfbdd3cf82d37824718f1d887f2fc88dc29c018
php-imap-4.3.9-3.37.el4.x86_64.rpm SHA-256: cb832d8278bf9b46810a7d7907debed90afb2b63b035c22e1375659af4870b2b
php-imap-4.3.9-3.37.el4.x86_64.rpm SHA-256: cb832d8278bf9b46810a7d7907debed90afb2b63b035c22e1375659af4870b2b
php-ldap-4.3.9-3.37.el4.x86_64.rpm SHA-256: aadebc6b8f8b6a70eb1fabf8ce2be976474113d5dc96e877dc884651e88c59d9
php-ldap-4.3.9-3.37.el4.x86_64.rpm SHA-256: aadebc6b8f8b6a70eb1fabf8ce2be976474113d5dc96e877dc884651e88c59d9
php-mbstring-4.3.9-3.37.el4.x86_64.rpm SHA-256: 934779598f893934860d2165170aac99daa502e7e3ffa120e91e2baca97d9511
php-mbstring-4.3.9-3.37.el4.x86_64.rpm SHA-256: 934779598f893934860d2165170aac99daa502e7e3ffa120e91e2baca97d9511
php-mysql-4.3.9-3.37.el4.x86_64.rpm SHA-256: 45c691178c5c976cd80dad260847c5b5784984739f76694c4a88418352692c6d
php-mysql-4.3.9-3.37.el4.x86_64.rpm SHA-256: 45c691178c5c976cd80dad260847c5b5784984739f76694c4a88418352692c6d
php-ncurses-4.3.9-3.37.el4.x86_64.rpm SHA-256: bc49ca31984dcd0560962c13293f35d840cb06c7e68a733592e14d24ecbaf6e4
php-ncurses-4.3.9-3.37.el4.x86_64.rpm SHA-256: bc49ca31984dcd0560962c13293f35d840cb06c7e68a733592e14d24ecbaf6e4
php-odbc-4.3.9-3.37.el4.x86_64.rpm SHA-256: de08982a0a6f8c014e030edd7e16c899f3a1d1608a5a95418dfdc8ecd0777530
php-odbc-4.3.9-3.37.el4.x86_64.rpm SHA-256: de08982a0a6f8c014e030edd7e16c899f3a1d1608a5a95418dfdc8ecd0777530
php-pear-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4d825de107c0720a16d8c57f3ed54b5264d5bc255d1b0415ad5e514039873d04
php-pear-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4d825de107c0720a16d8c57f3ed54b5264d5bc255d1b0415ad5e514039873d04
php-pgsql-4.3.9-3.37.el4.x86_64.rpm SHA-256: c34cd7586c377f2c3caf289ce2bca5b62e0f0c2d2b48623bb28a21b0525c1580
php-pgsql-4.3.9-3.37.el4.x86_64.rpm SHA-256: c34cd7586c377f2c3caf289ce2bca5b62e0f0c2d2b48623bb28a21b0525c1580
php-snmp-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4dc7b99bdd5b5424fb912ebceb77b517a95171fc117db62e68b94f68fd198233
php-snmp-4.3.9-3.37.el4.x86_64.rpm SHA-256: 4dc7b99bdd5b5424fb912ebceb77b517a95171fc117db62e68b94f68fd198233
php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm SHA-256: a5de1af3b1f2f89fc8b5ca6c3afd8871e44b3224b7850f546f8ec7a7217b909c
php-xmlrpc-4.3.9-3.37.el4.x86_64.rpm SHA-256: a5de1af3b1f2f89fc8b5ca6c3afd8871e44b3224b7850f546f8ec7a7217b909c
ia64
php-4.3.9-3.37.el4.ia64.rpm SHA-256: d6bc4150bb6abf559067900c8a65305223bc7936327dc4793ddd7dcee192aed8
php-devel-4.3.9-3.37.el4.ia64.rpm SHA-256: 637d50421f635ac73244215162f28ddc2d62d6efa7fa16803581cb199ce49245
php-domxml-4.3.9-3.37.el4.ia64.rpm SHA-256: 2912a3a8b160951b3c74209235d6acee256810aeca6818eeec867c6a996a0103
php-gd-4.3.9-3.37.el4.ia64.rpm SHA-256: 26d71de09aa83920a61cce77c3f505a726bd8718586cefaf70d3114c71647e04
php-imap-4.3.9-3.37.el4.ia64.rpm SHA-256: 100afdd6d5d18387c225e560e4dc3d2deebb23ccfdde1658e4a3c4ec0e6e7ea0
php-ldap-4.3.9-3.37.el4.ia64.rpm SHA-256: a015a8acbab967152c8686c60ae9d93142957faabe0df85f92ffcede869d57c0
php-mbstring-4.3.9-3.37.el4.ia64.rpm SHA-256: 04f97449117834ba73455a0405c93b696713785cec3fce96a67776d7595b5895
php-mysql-4.3.9-3.37.el4.ia64.rpm SHA-256: c173490fd8b767a0502d088ba18fe8bc7aa099a5162112a98c6b24132a5cf76c
php-ncurses-4.3.9-3.37.el4.ia64.rpm SHA-256: 28104bf2d2ff84c4f1d2b111aa37606e7c4d9f03a058119a3f8a016d714c0e72
php-odbc-4.3.9-3.37.el4.ia64.rpm SHA-256: 01ea7439dd340d8f0e5b734de4d9ec1c31d043c8233eddfe68d21d49e982e1e7
php-pear-4.3.9-3.37.el4.ia64.rpm SHA-256: af201361836d6a6218d93a5d3222372afa979ab80d68c31b7ec552efea21f250
php-pgsql-4.3.9-3.37.el4.ia64.rpm SHA-256: 8a8db505353823f6d3e2e0f9803f1c9a942167d6a44100c09b430e5671c82a22
php-snmp-4.3.9-3.37.el4.ia64.rpm SHA-256: 825b48a7196e718f97785b2e54028ef9530bb231fa98d63106940ce1690161c2
php-xmlrpc-4.3.9-3.37.el4.ia64.rpm SHA-256: 65d9a854e28d431b3a5815e8d8e0630bf90849507a82fbc46d3b81cb9d0f370f
i386
php-4.3.9-3.37.el4.i386.rpm SHA-256: 366fb836b4673035daab9ff885682ae50a4d6a79075986b12108ff26870ea701
php-4.3.9-3.37.el4.i386.rpm SHA-256: 366fb836b4673035daab9ff885682ae50a4d6a79075986b12108ff26870ea701
php-devel-4.3.9-3.37.el4.i386.rpm SHA-256: dcaceff34aad105dc8a0c64ecc3ab5368b948843a553635ab64327e33b93185a
php-devel-4.3.9-3.37.el4.i386.rpm SHA-256: dcaceff34aad105dc8a0c64ecc3ab5368b948843a553635ab64327e33b93185a
php-domxml-4.3.9-3.37.el4.i386.rpm SHA-256: ccfcc0937019441b4e2f7efe4a9300c6034ec1440e46fe47823e0b59afb6de90
php-domxml-4.3.9-3.37.el4.i386.rpm SHA-256: ccfcc0937019441b4e2f7efe4a9300c6034ec1440e46fe47823e0b59afb6de90
php-gd-4.3.9-3.37.el4.i386.rpm SHA-256: 713687486542e575e143c73403ab153cdeab4a82e7d90ec191882d9fba1f7d9c
php-gd-4.3.9-3.37.el4.i386.rpm SHA-256: 713687486542e575e143c73403ab153cdeab4a82e7d90ec191882d9fba1f7d9c
php-imap-4.3.9-3.37.el4.i386.rpm SHA-256: b0a4adb76263c1d7e8bd79331fdf6114e0f4fae484a3e231e1579bed2ae41db7
php-imap-4.3.9-3.37.el4.i386.rpm SHA-256: b0a4adb76263c1d7e8bd79331fdf6114e0f4fae484a3e231e1579bed2ae41db7
php-ldap-4.3.9-3.37.el4.i386.rpm SHA-256: 57b23827fbc69d0160dcba03602778f1792128d6865bc199cc65e570b18069b7
php-ldap-4.3.9-3.37.el4.i386.rpm SHA-256: 57b23827fbc69d0160dcba03602778f1792128d6865bc199cc65e570b18069b7
php-mbstring-4.3.9-3.37.el4.i386.rpm SHA-256: 9b2e686f3022873ac232c16d39371bc410aaf9ca49c015e4aa305a6f9896dde0
php-mbstring-4.3.9-3.37.el4.i386.rpm SHA-256: 9b2e686f3022873ac232c16d39371bc410aaf9ca49c015e4aa305a6f9896dde0
php-mysql-4.3.9-3.37.el4.i386.rpm SHA-256: d2b874fed8c26e2cc91a6a13bef06971e6ad31357924e88f20aeb1b4965f5192
php-mysql-4.3.9-3.37.el4.i386.rpm SHA-256: d2b874fed8c26e2cc91a6a13bef06971e6ad31357924e88f20aeb1b4965f5192
php-ncurses-4.3.9-3.37.el4.i386.rpm SHA-256: 4a1916cfbdd79494c9e3f5f96265faedc3f46848a808549e809b814392348ac8
php-ncurses-4.3.9-3.37.el4.i386.rpm SHA-256: 4a1916cfbdd79494c9e3f5f96265faedc3f46848a808549e809b814392348ac8
php-odbc-4.3.9-3.37.el4.i386.rpm SHA-256: 3a0ca88447223b03ad8f63af116757ac1b7b67080951ed8aa985a7ab5a538e16
php-odbc-4.3.9-3.37.el4.i386.rpm SHA-256: 3a0ca88447223b03ad8f63af116757ac1b7b67080951ed8aa985a7ab5a538e16
php-pear-4.3.9-3.37.el4.i386.rpm SHA-256: 622dbdb64f2b89534d526ac7f1a206f57b51d2871b31310fea125aaf099d581d
php-pear-4.3.9-3.37.el4.i386.rpm SHA-256: 622dbdb64f2b89534d526ac7f1a206f57b51d2871b31310fea125aaf099d581d
php-pgsql-4.3.9-3.37.el4.i386.rpm SHA-256: 1e221ceeea181fdd29a03a65528d28454261abb4422b354a0d949f4c079afca8
php-pgsql-4.3.9-3.37.el4.i386.rpm SHA-256: 1e221ceeea181fdd29a03a65528d28454261abb4422b354a0d949f4c079afca8
php-snmp-4.3.9-3.37.el4.i386.rpm SHA-256: d76a2a0aba9acd099c6bcb86d20668078d7df95018f9543357f6fa0d05a1589d
php-snmp-4.3.9-3.37.el4.i386.rpm SHA-256: d76a2a0aba9acd099c6bcb86d20668078d7df95018f9543357f6fa0d05a1589d
php-xmlrpc-4.3.9-3.37.el4.i386.rpm SHA-256: 323a464e0fa2608813e72fc5abff99f0cc7bdb0cc5a2d6b4f145bad9f2109cfd
php-xmlrpc-4.3.9-3.37.el4.i386.rpm SHA-256: 323a464e0fa2608813e72fc5abff99f0cc7bdb0cc5a2d6b4f145bad9f2109cfd

Red Hat Enterprise Linux Server - Extended Life Cycle Support 3

SRPM
i386

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter