[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] PHP updates



Topic
=====
remote denial-of-Service (DOS) and remote information leak in PHP

Problem Description
===================
Clients uploading "multipart/form-data" information with form requests
could cause PHP 3.0.17 to crash.  The php-mysql package was obsoleted by the
previous MySQL errata.  Security holes in versions 4.0.0 through 4.0.4 of the
PHP Apache module have been found. 

Also due to the changes in MySQL the php-mysql module had to be updated.

RedHat 6.x
rpm -Fvh php-3.0.18-1.6.x.i386.rpm \
         php-imap-3.0.18-1.6.x.i386.rpm \
         php-ldap-3.0.18-1.6.x.i386.rpm \
         php-manual-3.0.18-1.6.x.i386.rpm \
         php-pgsql-3.0.18-1.6.x.i386.rpm

RedHat 7.0
rpm -Fvh php-4.0.4pl1-3.i386.rpm \
         php-imap-4.0.4pl1-3.i386.rpm \
         php-ldap-4.0.4pl1-3.i386.rpm \
         php-manual-4.0.4pl1-3.i386.rpm \
         php-mysql-4.0.4pl1-3.i386.rpm \
         php-pgsql-4.0.4pl1-3.i386.rpm

Debian 2.2 (potato)
upgrade to the following packages:
   php4_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-gd_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-imap_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-ldap_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-mhash_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-mysql_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-pgsql_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-snmp_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-xml_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi_4.0.3pl1-0potato1.1_i386.deb
   php4-gd_4.0.3pl1-0potato1.1_i386.deb
   php4-imap_4.0.3pl1-0potato1.1_i386.deb
   php4-ldap_4.0.3pl1-0potato1.1_i386.deb
   php4-mhash_4.0.3pl1-0potato1.1_i386.deb
   php4-mysql_4.0.3pl1-0potato1.1_i386.deb
   php4-pgsql_4.0.3pl1-0potato1.1_i386.deb
   php4-snmp_4.0.3pl1-0potato1.1_i386.deb
   php4-xml_4.0.3pl1-0potato1.1_i386.deb

Mandrake 7.2
rpm -Fvh mod_php-4.0.4pl1-1.2mdk.i586.rpm \
         php-4.0.4pl1-1.2mdk.i586.rpm \
         php-dba_gdbm_db2-4.0.4pl1-1.2mdk.i586.rpm \
         php-devel-4.0.4pl1-1.2mdk.i586.rpm \
         php-gd-4.0.4pl1-1.2mdk.i586.rpm \
         php-imap-4.0.4pl1-1.2mdk.i586.rpm \
         php-ldap-4.0.4pl1-1.2mdk.i586.rpm \
         php-manual-4.0.4pl1-1.2mdk.i586.rpm \
         php-mysql-4.0.4pl1-1.2mdk.i586.rpm \
         php-pgsql-4.0.4pl1-1.2mdk.i586.rpm \
         php-readline-4.0.4pl1-1.2mdk.i586.rpm