RHSA-2013:1826 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: php security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated php packages that fix one security issue are now available for Red
Hat Enterprise Linux 3 and 4 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A memory corruption flaw was found in the way the openssl_x509_parse()
function of the PHP openssl extension parsed X.509 certificates. A remote
attacker could use this flaw to provide a malicious self-signed certificate
or a certificate signed by a trusted authority to a PHP application using
the aforementioned function, causing the application to crash or, possibly,
allow the attacker to execute arbitrary code with the privileges of the
user running the PHP interpreter. (CVE-2013-6420)

Red Hat would like to thank the PHP project for reporting this issue.
Upstream acknowledges Stefan Esser as the original reporter of this issue.

All php users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Affected Products

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386
Red Hat Enterprise Linux Server - Extended Life Cycle Support 3 i386

Fixes

BZ - 1036830 - CVE-2013-6420 php: memory corruption in openssl_x509_parse()

CVEs

CVE-2013-6420

References

https://access.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
php-4.3.9-3.37.el4.1.src.rpm	SHA-256: 7680fc2b8f4181184d4f4346903cf1f6b6a7352a975358b1e4fb3d1536c92b9b
x86_64
php-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 430267d5b8bcb6b61236ca63d9225929f78463e522e9c256865f55c14e159b88
php-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 430267d5b8bcb6b61236ca63d9225929f78463e522e9c256865f55c14e159b88
php-devel-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 1bfe6ab96ed9e73cf7f4c651edde2358a53dedf0c67b941dd0c3246fb8cc6820
php-devel-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 1bfe6ab96ed9e73cf7f4c651edde2358a53dedf0c67b941dd0c3246fb8cc6820
php-domxml-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 6ee7316ed34c1b65816846bdb67c7f9162f0047eb0ce423c73168bddf2df0655
php-domxml-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 6ee7316ed34c1b65816846bdb67c7f9162f0047eb0ce423c73168bddf2df0655
php-gd-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: fde04806a8d66632017fbe0adc9f5f8b6f89327a1d4f7dbeb4591d85a0d4c6ee
php-gd-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: fde04806a8d66632017fbe0adc9f5f8b6f89327a1d4f7dbeb4591d85a0d4c6ee
php-imap-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: b8bf7dc8f11583c96080e243818a0ffd98a4857a32eb4a3c752c72747487ee87
php-imap-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: b8bf7dc8f11583c96080e243818a0ffd98a4857a32eb4a3c752c72747487ee87
php-ldap-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 1fbcd4fcd555619e7528dda199228b446e069bda6045073ae8cc595b11d1e879
php-ldap-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 1fbcd4fcd555619e7528dda199228b446e069bda6045073ae8cc595b11d1e879
php-mbstring-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 000cfc9a40f7c5ad3e2af991d3909c0b24ecad9efc05d8d5a8b6c016e9f676a7
php-mbstring-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 000cfc9a40f7c5ad3e2af991d3909c0b24ecad9efc05d8d5a8b6c016e9f676a7
php-mysql-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: ce667f955fb01551fbf3f267c390629a593892dee372762abb5409636137ce3d
php-mysql-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: ce667f955fb01551fbf3f267c390629a593892dee372762abb5409636137ce3d
php-ncurses-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 4e90554f83e3c3e0883857c9b44317c9e193ce9a800de8157c27f9322ccbc7db
php-ncurses-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 4e90554f83e3c3e0883857c9b44317c9e193ce9a800de8157c27f9322ccbc7db
php-odbc-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: a759fa43e3bfad4e3d620a804bb92b7494384c5235a54b2097b8f90e4db81790
php-odbc-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: a759fa43e3bfad4e3d620a804bb92b7494384c5235a54b2097b8f90e4db81790
php-pear-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 18019a4d207367f08560facc960820fa9e55cfc00c47ad5d1b094b6deeb80e76
php-pear-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 18019a4d207367f08560facc960820fa9e55cfc00c47ad5d1b094b6deeb80e76
php-pgsql-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 0e5b03fa400485b49a9c04dac16783ededced5900f43c14d7a4964834e7c193b
php-pgsql-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 0e5b03fa400485b49a9c04dac16783ededced5900f43c14d7a4964834e7c193b
php-snmp-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: f3bd8106c2a0771984cff73f226c0e73f41c6f7f0d0535833de2e49c2f690e11
php-snmp-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: f3bd8106c2a0771984cff73f226c0e73f41c6f7f0d0535833de2e49c2f690e11
php-xmlrpc-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 6abd144c4487e0f3a2d18cdab906de06774bd1c3658d69630dbadffec2e8f5b1
php-xmlrpc-4.3.9-3.37.el4.1.x86_64.rpm	SHA-256: 6abd144c4487e0f3a2d18cdab906de06774bd1c3658d69630dbadffec2e8f5b1
ia64
php-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 74bacf8eddfe43025f5bde8c507b3a00fd6377a8c3e965bc8618a301fbccfe7e
php-devel-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 029a5e9afcedd7427834dcb123fe60ac61cce1ec71b7bb70bd1becc1dec943ad
php-domxml-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 39c1080829ae5b73644c54922f4a381b948e7735240c7ff31b89826b4c11427f
php-gd-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 2fb12965a1273e5ceca7990c09cacec0a2125f5abd92a76a87bbc3687f92987f
php-imap-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 272b7c56dd10b4c8f99074056a81184fca3a0e7a66115f20124ab997e7b112d7
php-ldap-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 1738717f7727ae8dcec211d98842bbc141724111542d7e159b6d485db23de7e5
php-mbstring-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 30468e1611464515fb8d5da191484351c5a219975a23b46128b3b507924e272e
php-mysql-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 5fa594f6b4312844a0ee8859245bd2bb5a2f748b6125c295ccbee55458ebfd46
php-ncurses-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 88b90027623f3d8fdd30ba0df0f585ade07ef5ad7e150272f80d2d4addec95da
php-odbc-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: b447f2be37bf93fea975327f8b3c6a61ac800453c09cd994a5cbcfefa002110c
php-pear-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: b173141a4b1ffbce7a76cb0084a4171493d6c55e423bd7c8babbfad25ae9dca8
php-pgsql-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 6d5057723aaee93a3f9db787ecb2cb2f71175090cd041aa36e81c5c48c2e0687
php-snmp-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: 560a629e58a8deabb5eee8eaa292a6c663c90d1a0a774a7b886ed1bc8724c690
php-xmlrpc-4.3.9-3.37.el4.1.ia64.rpm	SHA-256: f3137b01c62e2694ecb7576c1eabb37ea0c96068f4e03a175787e3f3130e3b65
i386
php-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 40e49f07ab8099882ba50ac07c645e357e2bc2d0f3715eb4b08635550f1d68d9
php-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 40e49f07ab8099882ba50ac07c645e357e2bc2d0f3715eb4b08635550f1d68d9
php-devel-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 563b1bfbf33083cc4f15cfdbd564304d40e881423bfac5cb614630fddd6a088e
php-devel-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 563b1bfbf33083cc4f15cfdbd564304d40e881423bfac5cb614630fddd6a088e
php-domxml-4.3.9-3.37.el4.1.i386.rpm	SHA-256: d2f3d000cd2925fd1093a1b146a687c69b79df392155021b6634de9bb3dac419
php-domxml-4.3.9-3.37.el4.1.i386.rpm	SHA-256: d2f3d000cd2925fd1093a1b146a687c69b79df392155021b6634de9bb3dac419
php-gd-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 708baeead8df5809857c4d61c639d1e6066ae89c408d5d6edbb0570802e10c38
php-gd-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 708baeead8df5809857c4d61c639d1e6066ae89c408d5d6edbb0570802e10c38
php-imap-4.3.9-3.37.el4.1.i386.rpm	SHA-256: a51e39dba7df259242c8e7fcdb49908c545cc5bc4ff3bf3bfdbe96c18cf98b0a
php-imap-4.3.9-3.37.el4.1.i386.rpm	SHA-256: a51e39dba7df259242c8e7fcdb49908c545cc5bc4ff3bf3bfdbe96c18cf98b0a
php-ldap-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 64d24782ed38b7c7a6f8cc4051ee3053fc148b7634a01a2487c1a8a91e9d87c9
php-ldap-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 64d24782ed38b7c7a6f8cc4051ee3053fc148b7634a01a2487c1a8a91e9d87c9
php-mbstring-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 0283957d9887a734f2811615ada194e4c9ce33cef5a78703c4d9c23a3ac9fa00
php-mbstring-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 0283957d9887a734f2811615ada194e4c9ce33cef5a78703c4d9c23a3ac9fa00
php-mysql-4.3.9-3.37.el4.1.i386.rpm	SHA-256: caffc3980c36df7e64e58456c036f3a3cb438007554576dd8362614cc19a548c
php-mysql-4.3.9-3.37.el4.1.i386.rpm	SHA-256: caffc3980c36df7e64e58456c036f3a3cb438007554576dd8362614cc19a548c
php-ncurses-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 3139ea8e3060e80a7c3326af8e7dca74922876ab7981b3d24883c2a4aa9838e1
php-ncurses-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 3139ea8e3060e80a7c3326af8e7dca74922876ab7981b3d24883c2a4aa9838e1
php-odbc-4.3.9-3.37.el4.1.i386.rpm	SHA-256: bba56cb52a2f96226fc4fcf57867eb9146066937df1e35f29372010d8237065d
php-odbc-4.3.9-3.37.el4.1.i386.rpm	SHA-256: bba56cb52a2f96226fc4fcf57867eb9146066937df1e35f29372010d8237065d
php-pear-4.3.9-3.37.el4.1.i386.rpm	SHA-256: dc92f35313f1a7aefd2cef3be3628e429501fab5195800e1c933ce5150f304bc
php-pear-4.3.9-3.37.el4.1.i386.rpm	SHA-256: dc92f35313f1a7aefd2cef3be3628e429501fab5195800e1c933ce5150f304bc
php-pgsql-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 8b6baac75b3bda9b6653c4b1853081d33238e1baff810d7ea3e6bc922bfcd00c
php-pgsql-4.3.9-3.37.el4.1.i386.rpm	SHA-256: 8b6baac75b3bda9b6653c4b1853081d33238e1baff810d7ea3e6bc922bfcd00c
php-snmp-4.3.9-3.37.el4.1.i386.rpm	SHA-256: ee4d327313108ad4b26c69c78e308adfd92778cfb37bea148e52847cb1b597b9
php-snmp-4.3.9-3.37.el4.1.i386.rpm	SHA-256: ee4d327313108ad4b26c69c78e308adfd92778cfb37bea148e52847cb1b597b9
php-xmlrpc-4.3.9-3.37.el4.1.i386.rpm	SHA-256: bcd41e29c3e824e3d8f82cf8efaffc4e89a45487f67e7d19fee72514387732e9
php-xmlrpc-4.3.9-3.37.el4.1.i386.rpm	SHA-256: bcd41e29c3e824e3d8f82cf8efaffc4e89a45487f67e7d19fee72514387732e9

Red Hat Enterprise Linux Server - Extended Life Cycle Support 3

SRPM
i386

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation