===================================================================== CERT-Renater Note d'Information No. 2006/VULN274 _____________________________________________________________________ DATE : 24/05/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Red Hat running PHP. ====================================================================== - - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Moderate: php security update Advisory ID: RHSA-2006:0501-02 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0501.html Issue date: 2006-05-23 Updated on: 2006-05-23 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2933 CVE-2006-0208 CVE-2006-0996 CVE-2006-1990 - - --------------------------------------------------------------------- 1. Summary: Updated PHP packages that fix multiple security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208) A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. (CVE-2005-2933) The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow. (CVE-2006-1990) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 104249 - php SRPM has silent IMAP dependency 190519 - CVE-2006-0208 PHP Cross Site Scripting (XSS) flaw 190524 - CVE-2005-2933 imap buffer overflow 190526 - CVE-2006-0996 phpinfo() XSS issue 191474 - CVE-2006-1990 php wordwrap integer overflow 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/php-4.1.2-2.6.src.rpm 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm ia64: e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm 33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm 743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm 3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm 165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm 9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/php-4.1.2-2.6.src.rpm 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm ia64: e01b0e9ee6b70a1b4abe4232b7744b5e php-4.1.2-2.6.ia64.rpm 33b846c0a0b290eacab2020211d409c7 php-devel-4.1.2-2.6.ia64.rpm 743bd48d892450eaabc2b33b73d1ff05 php-imap-4.1.2-2.6.ia64.rpm 3d9e92ff7fbcb55430ce028b3b445d9a php-ldap-4.1.2-2.6.ia64.rpm 165923a244da4768d11b4135dc405c7d php-manual-4.1.2-2.6.ia64.rpm 9af447bf493c788ebc77e2cd6748e9ca php-mysql-4.1.2-2.6.ia64.rpm dc3a195e812eff951c380ba68d62c81e php-odbc-4.1.2-2.6.ia64.rpm e3e9126c718e3595278a9d435f2081d7 php-pgsql-4.1.2-2.6.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/php-4.1.2-2.6.src.rpm 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/php-4.1.2-2.6.src.rpm 45a9fe88de571c85e3081199bed74270 php-4.1.2-2.6.src.rpm i386: 14f4090b987d3a53ebd5278f88aba75e php-4.1.2-2.6.i386.rpm bd0c6ce444d08bf6002fd26afefa1bc6 php-devel-4.1.2-2.6.i386.rpm c391602eaa50cd5e8901930cf818ac3f php-imap-4.1.2-2.6.i386.rpm e15c85a1b5e27a040517e05c1c34b6d9 php-ldap-4.1.2-2.6.i386.rpm 87d7b10bc154c5621a361e07aa18a4e7 php-manual-4.1.2-2.6.i386.rpm 897ddcd4b93844382675a755758b58b3 php-mysql-4.1.2-2.6.i386.rpm 0d51b96ef16708abdfe404131de8efd5 php-odbc-4.1.2-2.6.i386.rpm 4516d7c5ed4925fe7c83456954bee094 php-pgsql-4.1.2-2.6.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package 7. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2933 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0208 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0996 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 http://www.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://www.redhat.com/security/team/contact/ Copyright 2006 Red Hat, Inc. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================