[SECURITY] Fedora Core 1 Update: php-4.3.8-1.1

Joe Orton jorton at redhat.com
Fri Jul 23 20:32:16 UTC 2004 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-222
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : php
Version     : 4.3.8                      
Release     : 1.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------

* Fri Jul 16 2004 Joe Orton <jorton at redhat.com> 4.3.8-1.1

- revert default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton at redhat.com> 4.3.8-1.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

13270796ce376c10185c0b9288650641  SRPMS/php-4.3.8-1.1.src.rpm
1cd156c31e2b369bf720c68ff4813577  x86_64/php-4.3.8-1.1.x86_64.rpm
4a94cdd98c57ccb6d422c6258a88c01c  x86_64/php-devel-4.3.8-1.1.x86_64.rpm
b945776c8e0fab2d752b2f6ac0449884  x86_64/php-imap-4.3.8-1.1.x86_64.rpm
ddc13f90bb07d79cf331492fa0405924  x86_64/php-ldap-4.3.8-1.1.x86_64.rpm
76d3ec1db4632b8326ec53ce0d0b2351  x86_64/php-mysql-4.3.8-1.1.x86_64.rpm
474fb0bea6a77c73a137c9a174f88b09  x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm
5282e7fc9eac5ba97daad437036f5a88  x86_64/php-odbc-4.3.8-1.1.x86_64.rpm
6bb844093e443af67dbf7d922c70743e  x86_64/php-snmp-4.3.8-1.1.x86_64.rpm
47d22c9f1b48dfd4a7b8edc45c352c8d  x86_64/php-domxml-4.3.8-1.1.x86_64.rpm
d69b3c22927b2e7d3f43d584530fcdc0  x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm
3121513c6c0b02c04dfd8f1a1551ebc8  x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm
746ec0a2c9f4e6624b9e187c99a36c17  x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm
416d885c0a0c38f62c6160729dfaddca  i386/php-4.3.8-1.1.i386.rpm
5e16fd3ed5e269c5dcc08f78f978ff29  i386/php-devel-4.3.8-1.1.i386.rpm
ba5c16182ef769ba51ac1eeb8c661e0a  i386/php-imap-4.3.8-1.1.i386.rpm
91c7ec599d536e8cffd998eaf1a9ccb2  i386/php-ldap-4.3.8-1.1.i386.rpm
760b1d2e855030f5c2fbb9302a3e444a  i386/php-mysql-4.3.8-1.1.i386.rpm
4a6639e2bd64da1d1ecac5db68ec26cb  i386/php-pgsql-4.3.8-1.1.i386.rpm
ee450e16caaaf71e86ec322ff6e87034  i386/php-odbc-4.3.8-1.1.i386.rpm
717964e60fd8f9a0035dfb42a649000e  i386/php-snmp-4.3.8-1.1.i386.rpm
703cc32c7b7a78e05b411d473e2efc7f  i386/php-domxml-4.3.8-1.1.i386.rpm
8c278827e58988eb9db98bfb03f4d77a  i386/php-xmlrpc-4.3.8-1.1.i386.rpm
6d4238cea2f80e11b084bb47342a5a9c  i386/php-mbstring-4.3.8-1.1.i386.rpm
2b9af26a3f62c7657586e25f47e2b381  i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/announce/attachments/20040723/a35b8bf5/attachment.bin

More information about the announce mailing list