__________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                                   php Update
                               [RHSA-2006:0501-6]

May 24, 2006 21:00 GMT                                            Number Q-208
[REVISED 14 July 2006]
______________________________________________________________________________
PROBLEM:       Updated PHP packages that fix multiple security issues. 
PLATFORM:      Red Hat Enterprise Linux AS (v. 2.1) 
               Red Hat Enterprise Linux ES (v. 2.1) 
	       Red Hat Enterprise Linux WS (v. 2.1) 
	       Red Hat Linux Advanced Workstation 2.1 for the Itanium 
	       Processor 
DAMAGE:        An attacker could perform cross-site scripting attacks or could 
               cause a heap overflow. 
SOLUTION:      Apply current patches. 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. An attacker could perform cross-site 
ASSESSMENT:    scripting attacks or could cause a heap overflow. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/q-208.shtml 
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2006-0501.html 
 ADDITIONAL LINKS:   RHSA-2006:0568-8
                     https://rhn.redhat.com/errata/RHSA-2006-0568.html
 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208, 
                     http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996, 
                     http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 
______________________________________________________________________________
REVISION HISTORY:

07/14/2006 - added link to RHSA-2006:0568-8


[***** Start RHSA-2006:0501-6 *****]

Moderate: php security update
Advisory: RHSA-2006:0501-6 
Type: Security Advisory 
Issued on: 2006-05-23 
Last updated on: 2006-05-23 
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 
CVEs (cve.mitre.org): CVE-2005-2933
CVE-2006-0208
CVE-2006-0996
CVE-2006-1990
 


Details
Updated PHP packages that fix multiple security issues are now available 
for Red Hat Enterprise Linux 2.1. 

This update has been rated as having moderate security impact by the Red 
Hat Security Response Team.

PHP is an HTML-embedded scripting language commonly used with the Apache 
HTTP Web server. 

The phpinfo() PHP function did not properly sanitize long strings. An 
attacker could use this to perform cross-site scripting attacks against 
sites that have publicly-available PHP scripts that call phpinfo(). 
(CVE-2006-0996) 

The error handling output was found to not properly escape HTML output in 
certain cases. An attacker could use this flaw to perform cross-site 
scripting attacks against sites where both display_errors and html_errors 
are enabled. (CVE-2006-0208) 

A buffer overflow flaw was discovered in uw-imap, the University of 
Washington's IMAP Server. php-imap is compiled against the static c-client 
libraries from imap and therefore needed to be recompiled against the fixed 
version. (CVE-2005-2933) 

The wordwrap() PHP function did not properly check for integer overflow in 
the handling of the "break" parameter. An attacker who could control the 
string passed to the "break" parameter could cause a heap overflow. 
(CVE-2006-1990) 

Users of PHP should upgrade to these updated packages, which contain 
backported patches that resolve these issues.



Solution
Before applying this update, make sure all previously released errata 
relevant to your system have been applied. 

This update is available via Red Hat Network. To use Red Hat Network, 
launch the Red Hat Update Agent with the following command: 

up2date 

This will start an interactive process that will result in the appropriate 
RPMs being upgraded on your system.


Updated packages
Red Hat Enterprise Linux AS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
php-4.1.2-2.6.src.rpm     45a9fe88de571c85e3081199bed74270 
  
IA-32: 
php-4.1.2-2.6.i386.rpm     14f4090b987d3a53ebd5278f88aba75e 
php-devel-4.1.2-2.6.i386.rpm     bd0c6ce444d08bf6002fd26afefa1bc6 
php-imap-4.1.2-2.6.i386.rpm     c391602eaa50cd5e8901930cf818ac3f 
php-ldap-4.1.2-2.6.i386.rpm     e15c85a1b5e27a040517e05c1c34b6d9 
php-manual-4.1.2-2.6.i386.rpm     87d7b10bc154c5621a361e07aa18a4e7 
php-mysql-4.1.2-2.6.i386.rpm     897ddcd4b93844382675a755758b58b3 
php-odbc-4.1.2-2.6.i386.rpm     0d51b96ef16708abdfe404131de8efd5 
php-pgsql-4.1.2-2.6.i386.rpm     4516d7c5ed4925fe7c83456954bee094 
  
IA-64: 
php-4.1.2-2.6.ia64.rpm     e01b0e9ee6b70a1b4abe4232b7744b5e 
php-devel-4.1.2-2.6.ia64.rpm     33b846c0a0b290eacab2020211d409c7 
php-imap-4.1.2-2.6.ia64.rpm     743bd48d892450eaabc2b33b73d1ff05 
php-ldap-4.1.2-2.6.ia64.rpm     3d9e92ff7fbcb55430ce028b3b445d9a 
php-manual-4.1.2-2.6.ia64.rpm     165923a244da4768d11b4135dc405c7d 
php-mysql-4.1.2-2.6.ia64.rpm     9af447bf493c788ebc77e2cd6748e9ca 
php-odbc-4.1.2-2.6.ia64.rpm     dc3a195e812eff951c380ba68d62c81e 
php-pgsql-4.1.2-2.6.ia64.rpm     e3e9126c718e3595278a9d435f2081d7 
  
Red Hat Enterprise Linux ES (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
php-4.1.2-2.6.src.rpm     45a9fe88de571c85e3081199bed74270 
  
IA-32: 
php-4.1.2-2.6.i386.rpm     14f4090b987d3a53ebd5278f88aba75e 
php-devel-4.1.2-2.6.i386.rpm     bd0c6ce444d08bf6002fd26afefa1bc6 
php-imap-4.1.2-2.6.i386.rpm     c391602eaa50cd5e8901930cf818ac3f 
php-ldap-4.1.2-2.6.i386.rpm     e15c85a1b5e27a040517e05c1c34b6d9 
php-manual-4.1.2-2.6.i386.rpm     87d7b10bc154c5621a361e07aa18a4e7 
php-mysql-4.1.2-2.6.i386.rpm     897ddcd4b93844382675a755758b58b3 
php-odbc-4.1.2-2.6.i386.rpm     0d51b96ef16708abdfe404131de8efd5 
php-pgsql-4.1.2-2.6.i386.rpm     4516d7c5ed4925fe7c83456954bee094 
  
Red Hat Enterprise Linux WS (v. 2.1) 

--------------------------------------------------------------------------------
 
SRPMS: 
php-4.1.2-2.6.src.rpm     45a9fe88de571c85e3081199bed74270 
  
IA-32: 
php-4.1.2-2.6.i386.rpm     14f4090b987d3a53ebd5278f88aba75e 
php-devel-4.1.2-2.6.i386.rpm     bd0c6ce444d08bf6002fd26afefa1bc6 
php-imap-4.1.2-2.6.i386.rpm     c391602eaa50cd5e8901930cf818ac3f 
php-ldap-4.1.2-2.6.i386.rpm     e15c85a1b5e27a040517e05c1c34b6d9 
php-manual-4.1.2-2.6.i386.rpm     87d7b10bc154c5621a361e07aa18a4e7 
php-mysql-4.1.2-2.6.i386.rpm     897ddcd4b93844382675a755758b58b3 
php-odbc-4.1.2-2.6.i386.rpm     0d51b96ef16708abdfe404131de8efd5 
php-pgsql-4.1.2-2.6.i386.rpm     4516d7c5ed4925fe7c83456954bee094 
  
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor 

--------------------------------------------------------------------------------
 
SRPMS: 
php-4.1.2-2.6.src.rpm     45a9fe88de571c85e3081199bed74270 
  
IA-64: 
php-4.1.2-2.6.ia64.rpm     e01b0e9ee6b70a1b4abe4232b7744b5e 
php-devel-4.1.2-2.6.ia64.rpm     33b846c0a0b290eacab2020211d409c7 
php-imap-4.1.2-2.6.ia64.rpm     743bd48d892450eaabc2b33b73d1ff05 
php-ldap-4.1.2-2.6.ia64.rpm     3d9e92ff7fbcb55430ce028b3b445d9a 
php-manual-4.1.2-2.6.ia64.rpm     165923a244da4768d11b4135dc405c7d 
php-mysql-4.1.2-2.6.ia64.rpm     9af447bf493c788ebc77e2cd6748e9ca 
php-odbc-4.1.2-2.6.ia64.rpm     dc3a195e812eff951c380ba68d62c81e 
php-pgsql-4.1.2-2.6.ia64.rpm     e3e9126c718e3595278a9d435f2081d7 
  
(The unlinked packages above are only available from the Red Hat Network)
 


Bugs fixed (see bugzilla for more information)
104249 - php SRPM has silent IMAP dependency
190519 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw
190524 - CVE-2005-2933 imap buffer overflow
190526 - CVE-2006-0996 phpinfo() XSS issue
191474 - CVE-2006-1990 php wordwrap integer overflow



References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.redhat.com/security/updates/classification/#moderate 


--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on 
how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package 
The Red Hat security contact is secalert@redhat.com. More contact details at 
http://www.redhat.com/security/team/contact/
 
 

Copyright © 2002-05 Red Hat, Inc. All rights reserved. Legal statement : 
Privacy statement : redhat.com 
Red Hat Network release 4.0.6 

 

[***** End RHSA-2006:0501-6 *****]
_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Red Hat for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

Q-198: Vulnerability in phpldapadmin 
Q-199: Security Vulnerability in Sun Java System Directory 
Q-200: Sun N1 Vulnerability
Q-201: awstats
Q-202: Microsoft Word Vulnerability
Q-203: MySQL
Q-204: Linux Kernel Vulnerabilties
Q-205: HP Tru64 UNIX
Q-206: kernel Update
Q-207: postgresql Update