__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN php Security Update [RHSA-2005:831-15] November 11, 2005 17:00 GMT Number Q-050 [Revised 29 Mar 2006] ______________________________________________________________________________ PROBLEM: A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. PLATFORM: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux WS (v. 2.1) Mac OS X Red Hat Linux Advanced Workstation2.1 for the Itanium Processor DAMAGE: A remote attacker could execute arbitrary code. SOLUTION: Apply current patches. ______________________________________________________________________________ VULNERABILITY The risk is HIGH. A remote attacker could execute arbitrary ASSESSMENT: code. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/q-050.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2005-831.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2005-838.html US-CERT Vulnerability Note VU#980084 http://www.kb.cert.org/vuls/id/980084 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2005-3388 CVE-2005-3389 CVE-2005-3390 ______________________________________________________________________________ REVISION HISTORY: 03/29/2006 - add a link to US-CERT Vulnerability Note VU#980084 for Mac OS X includes the Mail application (Mail.app) [***** Start RHSA-2005:831-15 *****] Moderate: php security update Advisory: RHSA-2005:831-15 Type: Security Advisory Issued on: 2005-11-10 Last updated on: 2005-11-10 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) CVEs (cve.mitre.org): CVE-2005-3353 CVE-2005-3388 CVE-2005-3389 CVE-2005-3390 Details Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way PHP registers global variables during a file upload request. A remote attacker could submit a carefully crafted multipart/form-data POST request that would overwrite the $GLOBALS array, altering expected script behavior, and possibly leading to the execution of arbitrary PHP commands. Please note that this vulnerability only affects installations which have register_globals enabled in the PHP configuration file, which is not a default or recommended option. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3390 to this issue. A flaw was found in the PHP parse_str() function. If a PHP script passes only one argument to the parse_str() function, and the script can be forced to abort execution during operation (for example due to the memory_limit setting), the register_globals may be enabled even if it is disabled in the PHP configuration file. This vulnerability only affects installations that have PHP scripts using the parse_str function in this way. (CVE-2005-3389) A Cross-Site Scripting flaw was found in the phpinfo() function. If a victim can be tricked into following a malicious URL to a site with a page displaying the phpinfo() output, it may be possible to inject javascript or HTML content into the displayed page or steal data such as cookies. This vulnerability only affects installations which allow users to view the output of the phpinfo() function. As the phpinfo() function outputs a large amount of information about the current state of PHP, it should only be used during debugging or if protected by authentication. (CVE-2005-3388) A denial of service flaw was found in the way PHP processes EXIF image data. It is possible for an attacker to cause PHP to crash by supplying carefully crafted EXIF image data. (CVE-2005-3353) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) SRPMS: php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 IA-32: php-4.3.2-26.ent.i386.rpm d93ec4e3c3f203b201943729c0364ffd php-devel-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-imap-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-ldap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-mysql-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-odbc-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-pgsql-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 x86_64: php-4.3.2-26.ent.x86_64.rpm 1f6ad6872aa68c65fe129ffd0ebae3c7 php-devel-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-imap-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-ldap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-mysql-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-odbc-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-pgsql-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 Red Hat Desktop (v. 4) SRPMS: php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a IA-32: php-4.3.9-3.9.i386.rpm 3a0734832da6be3b2f1e910ceee773f4 php-devel-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-domxml-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-gd-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-imap-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-ldap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-mbstring-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mysql-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-ncurses-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-odbc-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-pear-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pgsql-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-snmp-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-xmlrpc-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb x86_64: php-4.3.9-3.9.x86_64.rpm 90ee43072ba7a774e58abb90e0a24d30 php-devel-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-domxml-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-gd-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-imap-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-ldap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-mbstring-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mysql-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-ncurses-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-odbc-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-pear-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pgsql-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-snmp-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-xmlrpc-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b Red Hat Enterprise Linux AS (v. 3) SRPMS: php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 IA-32: php-4.3.2-26.ent.i386.rpm d93ec4e3c3f203b201943729c0364ffd php-devel-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-imap-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-ldap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-mysql-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-odbc-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-pgsql-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 IA-64: php-4.3.2-26.ent.ia64.rpm bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-devel-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-imap-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-ldap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-mysql-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-odbc-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-pgsql-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f PPC: php-4.3.2-26.ent.ppc.rpm c9cacbe8f9af60a7b8d8b694f66bdd97 php-devel-4.3.2-26.ent.ppc.rpm ab3438a10e9d75c2983716a366b40dad php-imap-4.3.2-26.ent.ppc.rpm 2760b4df66a293054afc9f7c548a9f39 php-ldap-4.3.2-26.ent.ppc.rpm 778f66821c4221ada23408018e851e64 php-mysql-4.3.2-26.ent.ppc.rpm b6d3f51255a5c19c2c21e5db451108cb php-odbc-4.3.2-26.ent.ppc.rpm dd8198ffc35d1c444f2c37cd5b52d7e3 php-pgsql-4.3.2-26.ent.ppc.rpm be3baaa3d577953956ae84e71dbf92fe s390: php-4.3.2-26.ent.s390.rpm 0d8655a2d4ada8b43aa069fc7281a4bb php-devel-4.3.2-26.ent.s390.rpm 1a02dbeb07ed152e80a365d2fea3d543 php-imap-4.3.2-26.ent.s390.rpm d880db28130375e82bc78abde75bcd7e php-ldap-4.3.2-26.ent.s390.rpm dd97855b16bb9db0fd6439bcb699c477 php-mysql-4.3.2-26.ent.s390.rpm e7dbcb83120a51ebba485f4cbbc43f50 php-odbc-4.3.2-26.ent.s390.rpm a84ba06a5053db4074eadbbc6da72361 php-pgsql-4.3.2-26.ent.s390.rpm 42df4a8dfd2ec10ad0081fa541f5ad68 s390x: php-4.3.2-26.ent.s390x.rpm 66f783b90235bad52971f7b6b8325cae php-devel-4.3.2-26.ent.s390x.rpm f88355fae4b772a00ca7c085a819e9c5 php-imap-4.3.2-26.ent.s390x.rpm fc70ce66b38d5e6c46867985cb4588d8 php-ldap-4.3.2-26.ent.s390x.rpm a8b561fd412269831bc44f4db64571ae php-mysql-4.3.2-26.ent.s390x.rpm db71f01094bd949c14b6e8ae55d15f50 php-odbc-4.3.2-26.ent.s390x.rpm 3ad660c7e71845f10bb81dad49a096d1 php-pgsql-4.3.2-26.ent.s390x.rpm 6878954b18c5e8f45e0cded465818a40 x86_64: php-4.3.2-26.ent.x86_64.rpm 1f6ad6872aa68c65fe129ffd0ebae3c7 php-devel-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-imap-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-ldap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-mysql-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-odbc-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-pgsql-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 Red Hat Enterprise Linux AS (v. 4) SRPMS: php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a IA-32: php-4.3.9-3.9.i386.rpm 3a0734832da6be3b2f1e910ceee773f4 php-devel-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-domxml-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-gd-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-imap-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-ldap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-mbstring-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mysql-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-ncurses-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-odbc-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-pear-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pgsql-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-snmp-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-xmlrpc-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb IA-64: php-4.3.9-3.9.ia64.rpm 38c446f563ccade410b70440b8b67677 php-devel-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-domxml-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-gd-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-imap-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-ldap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-mbstring-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mysql-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-ncurses-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-odbc-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-pear-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pgsql-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-snmp-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-xmlrpc-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 PPC: php-4.3.9-3.9.ppc.rpm d4dac54549328cf2ff8bc5ae0d824e61 php-devel-4.3.9-3.9.ppc.rpm 9c620f638a126eb2c8af88ce98c57f7d php-domxml-4.3.9-3.9.ppc.rpm d3225c82fa9620b32f992809d428f914 php-gd-4.3.9-3.9.ppc.rpm d6ed5fdda80868cba05deca4a17b5bd1 php-imap-4.3.9-3.9.ppc.rpm 1ead9724f6db9b85b0557f4bbe325c67 php-ldap-4.3.9-3.9.ppc.rpm 2e5a8fc1abf984fd633790c9262b18de php-mbstring-4.3.9-3.9.ppc.rpm 48099e091ec856cf07e113a42fa86aa5 php-mysql-4.3.9-3.9.ppc.rpm 3c5f6267d377927eab8d8f661dd35f31 php-ncurses-4.3.9-3.9.ppc.rpm 642f49e77bdde84fa27e38c4c2c8ca3a php-odbc-4.3.9-3.9.ppc.rpm 08628cc16fe3d543571e065dfb9ca40a php-pear-4.3.9-3.9.ppc.rpm 538447d84fab27658b72aa86a87904b0 php-pgsql-4.3.9-3.9.ppc.rpm 5ddb04a978ed936b2135445e7c8f29f8 php-snmp-4.3.9-3.9.ppc.rpm 250c8919ecdebbed3681a406ba774584 php-xmlrpc-4.3.9-3.9.ppc.rpm 0b0c0a49a7563d4ce8e53fecf92f54c1 s390: php-4.3.9-3.9.s390.rpm 6c26a422564613c8594fa0e7411c6805 php-devel-4.3.9-3.9.s390.rpm 7e77ba77044e0e61aa7163086ef7868a php-domxml-4.3.9-3.9.s390.rpm 5facdb7246b38e6d4ff6f98100aeade4 php-gd-4.3.9-3.9.s390.rpm a4e5e0a0fa51439242914c23c69e1d21 php-imap-4.3.9-3.9.s390.rpm 271f1b11e28ec5db32107eb507d19114 php-ldap-4.3.9-3.9.s390.rpm 7e8cdf3fa15616356e3a42023ed23316 php-mbstring-4.3.9-3.9.s390.rpm 03359db5632cef53985230794f086ce1 php-mysql-4.3.9-3.9.s390.rpm 5f32c8c3ba6f802bd7d28c2ae962d21b php-ncurses-4.3.9-3.9.s390.rpm 2d174148612c679e9fe3e2f98df1ebe7 php-odbc-4.3.9-3.9.s390.rpm f5116f15e905f8def2ed9a624d360653 php-pear-4.3.9-3.9.s390.rpm daf5cd69c63cc742a208282a28d526e0 php-pgsql-4.3.9-3.9.s390.rpm f3ac3d57b259e887ed590a8414052e7a php-snmp-4.3.9-3.9.s390.rpm 666903bf6b1beedbd70f883caf143c58 php-xmlrpc-4.3.9-3.9.s390.rpm e8e180dacc0d658830d49d2da6419064 s390x: php-4.3.9-3.9.s390x.rpm 8cd00f6b90019e7f29f01d6831485250 php-devel-4.3.9-3.9.s390x.rpm ab838be9e5b90d5577b65937943e43c7 php-domxml-4.3.9-3.9.s390x.rpm 75dde8adeb07fd1567cee1140e45ae15 php-gd-4.3.9-3.9.s390x.rpm ce08a6ccecb56572e9d71f2ec0de396e php-imap-4.3.9-3.9.s390x.rpm 903d2201f39da2474bcba6257552681c php-ldap-4.3.9-3.9.s390x.rpm fe13abbc3b945a287c17ab65f805765a php-mbstring-4.3.9-3.9.s390x.rpm 8d197539a796d266189f986f343b76e0 php-mysql-4.3.9-3.9.s390x.rpm 561417a7e995cec1d2a93da8a9d385d2 php-ncurses-4.3.9-3.9.s390x.rpm 039ccd184163ac72eef384ee9a097aa0 php-odbc-4.3.9-3.9.s390x.rpm 07a86f95ee41f31945e3af392cae3af4 php-pear-4.3.9-3.9.s390x.rpm 968f65375285a0d3673d08a9d4a883d6 php-pgsql-4.3.9-3.9.s390x.rpm 05c4f42f1b464bfae4e79c9e1c8a6e37 php-snmp-4.3.9-3.9.s390x.rpm 995be28f2c93c3dbe67119e2791bbfd0 php-xmlrpc-4.3.9-3.9.s390x.rpm 7729607b5682629acf4e8d4d727bcba7 x86_64: php-4.3.9-3.9.x86_64.rpm 90ee43072ba7a774e58abb90e0a24d30 php-devel-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-domxml-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-gd-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-imap-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-ldap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-mbstring-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mysql-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-ncurses-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-odbc-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-pear-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pgsql-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-snmp-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-xmlrpc-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b Red Hat Enterprise Linux ES (v. 3) SRPMS: php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 IA-32: php-4.3.2-26.ent.i386.rpm d93ec4e3c3f203b201943729c0364ffd php-devel-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-imap-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-ldap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-mysql-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-odbc-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-pgsql-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 IA-64: php-4.3.2-26.ent.ia64.rpm bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-devel-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-imap-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-ldap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-mysql-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-odbc-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-pgsql-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f x86_64: php-4.3.2-26.ent.x86_64.rpm 1f6ad6872aa68c65fe129ffd0ebae3c7 php-devel-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-imap-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-ldap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-mysql-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-odbc-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-pgsql-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 Red Hat Enterprise Linux ES (v. 4) SRPMS: php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a IA-32: php-4.3.9-3.9.i386.rpm 3a0734832da6be3b2f1e910ceee773f4 php-devel-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-domxml-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-gd-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-imap-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-ldap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-mbstring-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mysql-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-ncurses-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-odbc-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-pear-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pgsql-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-snmp-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-xmlrpc-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb IA-64: php-4.3.9-3.9.ia64.rpm 38c446f563ccade410b70440b8b67677 php-devel-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-domxml-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-gd-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-imap-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-ldap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-mbstring-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mysql-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-ncurses-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-odbc-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-pear-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pgsql-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-snmp-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-xmlrpc-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 x86_64: php-4.3.9-3.9.x86_64.rpm 90ee43072ba7a774e58abb90e0a24d30 php-devel-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-domxml-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-gd-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-imap-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-ldap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-mbstring-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mysql-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-ncurses-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-odbc-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-pear-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pgsql-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-snmp-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-xmlrpc-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b Red Hat Enterprise Linux WS (v. 3) SRPMS: php-4.3.2-26.ent.src.rpm d46e8398fdd5b7824c035e1fd1d1da68 IA-32: php-4.3.2-26.ent.i386.rpm d93ec4e3c3f203b201943729c0364ffd php-devel-4.3.2-26.ent.i386.rpm 053003467491195a6e115d51ead1aebd php-imap-4.3.2-26.ent.i386.rpm bf1565d0e0c50902a7d6288ce5bcf579 php-ldap-4.3.2-26.ent.i386.rpm 853b0a5358e6e5b9bd25cb4bfa8a67a2 php-mysql-4.3.2-26.ent.i386.rpm 451bd6cbf36b999d99a27709065b8022 php-odbc-4.3.2-26.ent.i386.rpm 22322bb52f035398d2ce7c99776427e3 php-pgsql-4.3.2-26.ent.i386.rpm 3a0ddf1eee717e81e4536de19a262915 IA-64: php-4.3.2-26.ent.ia64.rpm bceaf10fe0ba0c7c95c1f01c3c2c2c26 php-devel-4.3.2-26.ent.ia64.rpm 33347cbad2ebf3f8ec25c4f39488c3aa php-imap-4.3.2-26.ent.ia64.rpm 0272cc5dc65035ff67d11b191b0eb132 php-ldap-4.3.2-26.ent.ia64.rpm 2c8414b3b43f806065de630e4b24850a php-mysql-4.3.2-26.ent.ia64.rpm 3c82d4485790e149eb89c6692cc11438 php-odbc-4.3.2-26.ent.ia64.rpm 0856e5a1db31cadd22b9afc485fe9f41 php-pgsql-4.3.2-26.ent.ia64.rpm 70cf8e4f495021d8bcd178ef050a380f x86_64: php-4.3.2-26.ent.x86_64.rpm 1f6ad6872aa68c65fe129ffd0ebae3c7 php-devel-4.3.2-26.ent.x86_64.rpm f767a494e0124ff0b4db922acc00d205 php-imap-4.3.2-26.ent.x86_64.rpm 21ef0dfa84983afb4d97031e84e3d331 php-ldap-4.3.2-26.ent.x86_64.rpm 284bcd98fe1b9280c025372f480d0e0c php-mysql-4.3.2-26.ent.x86_64.rpm da7cb0a6caafd4c1b5e0a0ab280c7b68 php-odbc-4.3.2-26.ent.x86_64.rpm a41070197293f10cd69fdc0eca53d8b5 php-pgsql-4.3.2-26.ent.x86_64.rpm 733a7d34cf81a8d36c6677f70798c8f2 Red Hat Enterprise Linux WS (v. 4) SRPMS: php-4.3.9-3.9.src.rpm 7493ae509d6129a32c5ce3bd998fd68a IA-32: php-4.3.9-3.9.i386.rpm 3a0734832da6be3b2f1e910ceee773f4 php-devel-4.3.9-3.9.i386.rpm a256cc6a4dd5ee99ffd683da89beb1ac php-domxml-4.3.9-3.9.i386.rpm 335d54777f27ef02576cc0a7adf5af56 php-gd-4.3.9-3.9.i386.rpm ea53e838519685d493612d0bbf2a67dc php-imap-4.3.9-3.9.i386.rpm bb141447a9e98510ffc25abdf4e9006e php-ldap-4.3.9-3.9.i386.rpm 195e680107e9a1d40abf07fbc80ed865 php-mbstring-4.3.9-3.9.i386.rpm a0c41be5a1bda27540f43a8107fb6939 php-mysql-4.3.9-3.9.i386.rpm 3da385c562d5c3beb8520699d84b198b php-ncurses-4.3.9-3.9.i386.rpm 8ff6dd7a0951d83c43a5fe17e88ec088 php-odbc-4.3.9-3.9.i386.rpm 1c111fb9b5175448b6952a94197631c6 php-pear-4.3.9-3.9.i386.rpm d1c4e5b4030588a941508940d75d41ed php-pgsql-4.3.9-3.9.i386.rpm a5996fcc6334eedb9dc2f77301c7e026 php-snmp-4.3.9-3.9.i386.rpm b1e993a096b30326e5ccf76661f29d08 php-xmlrpc-4.3.9-3.9.i386.rpm c43ee16df0d60804d762a5dbdb5a67eb IA-64: php-4.3.9-3.9.ia64.rpm 38c446f563ccade410b70440b8b67677 php-devel-4.3.9-3.9.ia64.rpm 6aabf55df846c96c72b236f2632dc966 php-domxml-4.3.9-3.9.ia64.rpm c23e8d86007cad9a7823c1dc0e3d155e php-gd-4.3.9-3.9.ia64.rpm 19c46d57b82b105a0c2666508206d375 php-imap-4.3.9-3.9.ia64.rpm ad908e367fcee4cc061043157df6b126 php-ldap-4.3.9-3.9.ia64.rpm a266652f6bbc80d40d16a1356226e325 php-mbstring-4.3.9-3.9.ia64.rpm 195d5c8df90f8f368aa25beb0746f9ee php-mysql-4.3.9-3.9.ia64.rpm 05dddd1f73ad1dd682eed2143d9dfb35 php-ncurses-4.3.9-3.9.ia64.rpm e000540478ca795e05ca1cc4e2087194 php-odbc-4.3.9-3.9.ia64.rpm 8fd55a417536a3068467d6450b02f70e php-pear-4.3.9-3.9.ia64.rpm eb33f45a81e1fbf0470cf52fb11dcd87 php-pgsql-4.3.9-3.9.ia64.rpm 7b7cd7373a87c1eff02e89b3acbe754c php-snmp-4.3.9-3.9.ia64.rpm da5bea293e9d6254998719f12a6c1e7f php-xmlrpc-4.3.9-3.9.ia64.rpm 7440c3dbf7b7850e43efb2f094e87970 x86_64: php-4.3.9-3.9.x86_64.rpm 90ee43072ba7a774e58abb90e0a24d30 php-devel-4.3.9-3.9.x86_64.rpm 2b41833c26f7565b5bcda0d103a33ae3 php-domxml-4.3.9-3.9.x86_64.rpm 31e98b8c2e7f30ec8de06b7d9306d9b3 php-gd-4.3.9-3.9.x86_64.rpm 8aab7ae77993e0149530933138814858 php-imap-4.3.9-3.9.x86_64.rpm fe18be11ce81f6b29f284ec70ab10bef php-ldap-4.3.9-3.9.x86_64.rpm 687498617112998740fad6217c2c380b php-mbstring-4.3.9-3.9.x86_64.rpm 559f653ca43e45b9ffa8f22ea0302b96 php-mysql-4.3.9-3.9.x86_64.rpm 0db17be2a498a79be41d4ac195b090a4 php-ncurses-4.3.9-3.9.x86_64.rpm 928912c4585003aa93b185c84578ab54 php-odbc-4.3.9-3.9.x86_64.rpm e38dd82d8ec5457c0273f81eb7744878 php-pear-4.3.9-3.9.x86_64.rpm 5402c1d977225f0ca154326d08781a3c php-pgsql-4.3.9-3.9.x86_64.rpm b23f844669f5bedfaeca5b36f715bdea php-snmp-4.3.9-3.9.x86_64.rpm 3faae8587aa351f95cf814077650d76c php-xmlrpc-4.3.9-3.9.x86_64.rpm cb1b67f5ba3412b48f447ed610d2612b (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 172207 - CVE-2005-3390 PHP register globals arbitrary code execution 172209 - CVE-2005-3389 PHP parse_str can enable register_globals 172212 - CVE-2005-3388 PHP phpinfo() XSS attack 172589 - CVE-2005-3353 PHP exif data DoS References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390 [***** End RHSA-2005:831-15 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of RedHat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) Q-041: libungif Security Update Q-042: F-Secure AV for MS Exchange and Internet Gatekeeper Vulnerability Q-043: chmlib Q-044: openvpn Q-045: clamav Q-046: Vulnerabilities in Graphics Rendering Engine Q-047: VERITAS Cluster Server for UNIX Q-048: VERITAS NetBackup 5.x Q-049: HP-UX envd Local Execution of Privileged Code