Red Hat Product Errata RHSA-2014:1825 - Security Advisory
Issued:
2014-11-06
Updated:
2014-11-06

RHSA-2014:1825 - Security Advisory

Synopsis

Critical: php security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated php packages that fix one security issue are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support.

Red Hat Product Security has rated this update as having Critical security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.

A stack-based buffer overflow flaw was found in the way the xmlrpc
extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC
request or response could possibly cause a PHP application to crash or
execute arbitrary code with the privileges of the user running that PHP
application. (CVE-2014-8626)

All php users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 ia64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 4 i386

Fixes

  • BZ - 1155607 - CVE-2014-8626 php: xmlrpc ISO8601 date format parsing buffer overflow

Red Hat Enterprise Linux Server - Extended Life Cycle Support 4

SRPM
php-4.3.9-3.38.el4.src.rpm SHA-256: 9ed2e8a8877dbf364bd72b2071471454c76aec55575b0be9ba3d9c934657ece3
x86_64
php-4.3.9-3.38.el4.x86_64.rpm SHA-256: c9bbc6810e5cff0f0a06fe9987f4c19421330797e0849a30b179e8dc7473bbf3
php-4.3.9-3.38.el4.x86_64.rpm SHA-256: c9bbc6810e5cff0f0a06fe9987f4c19421330797e0849a30b179e8dc7473bbf3
php-devel-4.3.9-3.38.el4.x86_64.rpm SHA-256: 28beea4d7ab2414806625df6548ff788e530b62bf7208422ef88cf8013ea3e2e
php-devel-4.3.9-3.38.el4.x86_64.rpm SHA-256: 28beea4d7ab2414806625df6548ff788e530b62bf7208422ef88cf8013ea3e2e
php-domxml-4.3.9-3.38.el4.x86_64.rpm SHA-256: 8341e779d30b391eaf17cc3d93d97a3e189519cff1a0cfd27f28904677793f54
php-domxml-4.3.9-3.38.el4.x86_64.rpm SHA-256: 8341e779d30b391eaf17cc3d93d97a3e189519cff1a0cfd27f28904677793f54
php-gd-4.3.9-3.38.el4.x86_64.rpm SHA-256: e3e79f1d019cb39e947d1cd5fbe75e29e82a7294f12bfaa3e06bf46c5fa69e8a
php-gd-4.3.9-3.38.el4.x86_64.rpm SHA-256: e3e79f1d019cb39e947d1cd5fbe75e29e82a7294f12bfaa3e06bf46c5fa69e8a
php-imap-4.3.9-3.38.el4.x86_64.rpm SHA-256: 4b7bbc2dc12b864687380d9e8d85782cbc7d11a2b6acbecce53520d6b5abbad3
php-imap-4.3.9-3.38.el4.x86_64.rpm SHA-256: 4b7bbc2dc12b864687380d9e8d85782cbc7d11a2b6acbecce53520d6b5abbad3
php-ldap-4.3.9-3.38.el4.x86_64.rpm SHA-256: 08ce26b8c124bf5ee01a1e34768f33b8963785872bf00f9de8af2b9ab966197e
php-ldap-4.3.9-3.38.el4.x86_64.rpm SHA-256: 08ce26b8c124bf5ee01a1e34768f33b8963785872bf00f9de8af2b9ab966197e
php-mbstring-4.3.9-3.38.el4.x86_64.rpm SHA-256: 755107e87f10ab42bd04dc7c57b6c6111df88e06d76b7b533a84726c14d5563d
php-mbstring-4.3.9-3.38.el4.x86_64.rpm SHA-256: 755107e87f10ab42bd04dc7c57b6c6111df88e06d76b7b533a84726c14d5563d
php-mysql-4.3.9-3.38.el4.x86_64.rpm SHA-256: 5761e1a40918ba8041695c3e6f8b9b1afbe95bed11fa27b7d9dd1cb932005198
php-mysql-4.3.9-3.38.el4.x86_64.rpm SHA-256: 5761e1a40918ba8041695c3e6f8b9b1afbe95bed11fa27b7d9dd1cb932005198
php-ncurses-4.3.9-3.38.el4.x86_64.rpm SHA-256: 9ac7ca5c67867c24714f97b810ab6bde363f135afe097d8ae50c0cf023ed2f94
php-ncurses-4.3.9-3.38.el4.x86_64.rpm SHA-256: 9ac7ca5c67867c24714f97b810ab6bde363f135afe097d8ae50c0cf023ed2f94
php-odbc-4.3.9-3.38.el4.x86_64.rpm SHA-256: 2e83604dbb8fb2b76ae7b44e10bae894e00f11aa0140a7734ee1ba6b19500d36
php-odbc-4.3.9-3.38.el4.x86_64.rpm SHA-256: 2e83604dbb8fb2b76ae7b44e10bae894e00f11aa0140a7734ee1ba6b19500d36
php-pear-4.3.9-3.38.el4.x86_64.rpm SHA-256: 299e8cc8cc5c01a5658150197eb361389ee39d9110d0f24d8c20e79253f08c08
php-pear-4.3.9-3.38.el4.x86_64.rpm SHA-256: 299e8cc8cc5c01a5658150197eb361389ee39d9110d0f24d8c20e79253f08c08
php-pgsql-4.3.9-3.38.el4.x86_64.rpm SHA-256: d3ef2fc88b24a49be3b794ecc257c50b10ea95e413a3b26d45c3b44e0845b6ba
php-pgsql-4.3.9-3.38.el4.x86_64.rpm SHA-256: d3ef2fc88b24a49be3b794ecc257c50b10ea95e413a3b26d45c3b44e0845b6ba
php-snmp-4.3.9-3.38.el4.x86_64.rpm SHA-256: e32b37d532b934b4a8a2c9d52fd7bb32d77335be343092dcda3786f7ba90f488
php-snmp-4.3.9-3.38.el4.x86_64.rpm SHA-256: e32b37d532b934b4a8a2c9d52fd7bb32d77335be343092dcda3786f7ba90f488
php-xmlrpc-4.3.9-3.38.el4.x86_64.rpm SHA-256: 1b2cc14afa482c0f56bf175c53ba379dca3a553c549f761d28f24b5dc191b7cc
php-xmlrpc-4.3.9-3.38.el4.x86_64.rpm SHA-256: 1b2cc14afa482c0f56bf175c53ba379dca3a553c549f761d28f24b5dc191b7cc
ia64
php-4.3.9-3.38.el4.ia64.rpm SHA-256: 53a8fb279d3a1feff69d7ec2af1dcf9a0983669386d426a03b7b9bb0d0e6ac82
php-devel-4.3.9-3.38.el4.ia64.rpm SHA-256: 28d4bf8b3ab2fc6a8d0cca86f0892594ec49abc884c07f5db0d27901a9e83cc2
php-domxml-4.3.9-3.38.el4.ia64.rpm SHA-256: 8f37188ce4928d43c40ac67788d3c2f2945254dc929876b335af86d977ebb98d
php-gd-4.3.9-3.38.el4.ia64.rpm SHA-256: dfd4b5c94fcb92db0fc4573442ba8536b7a6946b847a0e1af1666f173ddd91eb
php-imap-4.3.9-3.38.el4.ia64.rpm SHA-256: db051fc84c9aa9a80a6add452d37f1a2bbdfb80e9c458cca0693e01548825cee
php-ldap-4.3.9-3.38.el4.ia64.rpm SHA-256: d8dc4060db3d0289fd1d09ad716a7787ed4f831de9684be34bcadafe2a090c61
php-mbstring-4.3.9-3.38.el4.ia64.rpm SHA-256: 7e60c7a694dfc293f5caeca5fb4a2563e870ec85a1d54eb699f943fff060da4e
php-mysql-4.3.9-3.38.el4.ia64.rpm SHA-256: af08676a485e5d736c86602edbff35a42d6e16fc263c8f8c8acca11b3ae48bfb
php-ncurses-4.3.9-3.38.el4.ia64.rpm SHA-256: 295bab832092a5bd90a2e77d5e066e7e5f4ec88cf6058c1de8fe4efec5bbd14d
php-odbc-4.3.9-3.38.el4.ia64.rpm SHA-256: 61e9bf82035b865804c5e8ededb05ad6abf601e196163098c60f4682d4a3c4ee
php-pear-4.3.9-3.38.el4.ia64.rpm SHA-256: 6d46c41bab26ef61d4c02f5edda6459f5202c15f907b9340a4cf9b1f2af57889
php-pgsql-4.3.9-3.38.el4.ia64.rpm SHA-256: 0be31f1d6f29b3bb7e11c4433200d69681840320dafd0cdb4d81a69772105912
php-snmp-4.3.9-3.38.el4.ia64.rpm SHA-256: 32bbeb2139d14d14a8ad3476491719afba3177ffa9f41be5831f96ff202853b5
php-xmlrpc-4.3.9-3.38.el4.ia64.rpm SHA-256: a00184cd292fc9d082386596740251d68fd8580ece63636d3f54e31560056070
i386
php-4.3.9-3.38.el4.i386.rpm SHA-256: 0b08a9884d85eec7cb4837d1ce82ca3988c241374576451527f88f6a97a6499f
php-4.3.9-3.38.el4.i386.rpm SHA-256: 0b08a9884d85eec7cb4837d1ce82ca3988c241374576451527f88f6a97a6499f
php-devel-4.3.9-3.38.el4.i386.rpm SHA-256: 0ae4e704e874d6c2592f17724149fd7319c491ca152985078cab45669c4412b6
php-devel-4.3.9-3.38.el4.i386.rpm SHA-256: 0ae4e704e874d6c2592f17724149fd7319c491ca152985078cab45669c4412b6
php-domxml-4.3.9-3.38.el4.i386.rpm SHA-256: 714600c127c4e0f8c0c1e09c655a66c6fa84985c3b7eea2851951c37c8e3d8e5
php-domxml-4.3.9-3.38.el4.i386.rpm SHA-256: 714600c127c4e0f8c0c1e09c655a66c6fa84985c3b7eea2851951c37c8e3d8e5
php-gd-4.3.9-3.38.el4.i386.rpm SHA-256: aa50c481f687f662e05ce23c17d7ef3e9fab9cc6cbd0339748f115f74669f55a
php-gd-4.3.9-3.38.el4.i386.rpm SHA-256: aa50c481f687f662e05ce23c17d7ef3e9fab9cc6cbd0339748f115f74669f55a
php-imap-4.3.9-3.38.el4.i386.rpm SHA-256: 9098269ac8960b6176f69458828f37dee97de46cd0d6cac0ca53b1c2220255d2
php-imap-4.3.9-3.38.el4.i386.rpm SHA-256: 9098269ac8960b6176f69458828f37dee97de46cd0d6cac0ca53b1c2220255d2
php-ldap-4.3.9-3.38.el4.i386.rpm SHA-256: 7039048eb9ec21d680e9b1d9b661af04b56d2be1b58617ad4c4f00014030cdd9
php-ldap-4.3.9-3.38.el4.i386.rpm SHA-256: 7039048eb9ec21d680e9b1d9b661af04b56d2be1b58617ad4c4f00014030cdd9
php-mbstring-4.3.9-3.38.el4.i386.rpm SHA-256: 85b8c81711a7939ede99115e673778095ddb72b788353127595a24f35dc2fa80
php-mbstring-4.3.9-3.38.el4.i386.rpm SHA-256: 85b8c81711a7939ede99115e673778095ddb72b788353127595a24f35dc2fa80
php-mysql-4.3.9-3.38.el4.i386.rpm SHA-256: 9feab618311c4202adbf67b57978dd0bd0a176ff7efad5c463dd1630cd5b356e
php-mysql-4.3.9-3.38.el4.i386.rpm SHA-256: 9feab618311c4202adbf67b57978dd0bd0a176ff7efad5c463dd1630cd5b356e
php-ncurses-4.3.9-3.38.el4.i386.rpm SHA-256: 3daee02dab8cee8e1a00e138f15fc1acf7e68e515868b0ac9cb6e5c8776387e4
php-ncurses-4.3.9-3.38.el4.i386.rpm SHA-256: 3daee02dab8cee8e1a00e138f15fc1acf7e68e515868b0ac9cb6e5c8776387e4
php-odbc-4.3.9-3.38.el4.i386.rpm SHA-256: 385255bec7ada0f0a44d49a8b95565c452f5fc7cd69b8ff82f9e2de7d191be76
php-odbc-4.3.9-3.38.el4.i386.rpm SHA-256: 385255bec7ada0f0a44d49a8b95565c452f5fc7cd69b8ff82f9e2de7d191be76
php-pear-4.3.9-3.38.el4.i386.rpm SHA-256: 82d546817a18f2c6c6b2ea3d9ac5f55dd36550c21ee508d68aa4609e942bfb0b
php-pear-4.3.9-3.38.el4.i386.rpm SHA-256: 82d546817a18f2c6c6b2ea3d9ac5f55dd36550c21ee508d68aa4609e942bfb0b
php-pgsql-4.3.9-3.38.el4.i386.rpm SHA-256: e4f0a8397362edb02bb336497ffcf258c3b88324a2d655f75a95e0ab57c2e172
php-pgsql-4.3.9-3.38.el4.i386.rpm SHA-256: e4f0a8397362edb02bb336497ffcf258c3b88324a2d655f75a95e0ab57c2e172
php-snmp-4.3.9-3.38.el4.i386.rpm SHA-256: e032775f8a456d38dfe74bd2c3c5d9a9dcfd8940fc368766937879cc39f2d0d9
php-snmp-4.3.9-3.38.el4.i386.rpm SHA-256: e032775f8a456d38dfe74bd2c3c5d9a9dcfd8940fc368766937879cc39f2d0d9
php-xmlrpc-4.3.9-3.38.el4.i386.rpm SHA-256: 8ca7055523d3e72fa0bba980e319bb6631e988f5fe26e913443d70c9476c2d19
php-xmlrpc-4.3.9-3.38.el4.i386.rpm SHA-256: 8ca7055523d3e72fa0bba980e319bb6631e988f5fe26e913443d70c9476c2d19

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.