[SECURITY] Fedora Core 2 Update: php-4.3.10-2.4

Joe Orton jorton at redhat.com
Tue Dec 21 21:20:34 UTC 2004 

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-567
2004-12-21
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : php
Version     : 4.3.10                      
Release     : 2.4                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4.3, including fixes
for security issues in the unserializer (CVE CAN-2004-1019), exif
image parsing (CVE CAN-2004-1065), and form upload parsing (CVE
CAN-2004-0958 and CAN-2004-0959).

---------------------------------------------------------------------
* Tue Dec 21 2004 Joe Orton <jorton at redhat.com> 4.3.10-2.4

- update to 4.3.10 (#134973, #134976, #135631):
 * security fixes for CAN-2004-0958, CAN-2004-0959
 * unserializer integer overflows, CAN-2004-1019
 * exif image parsing overflow, CAN-2004-1065
- revert use of RTLD_GLOBAL in dlopen() calls (#127518)
- add another FD_SETSIZE workaround (#125258)
- revert upstream default php.ini changes since 4.3.8
- add libgd namespace fixes (#124530)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

38edfb5c4e7d80e48cad36edf9e913eb  SRPMS/php-4.3.10-2.4.src.rpm
a22bafc119a7797734e229822b06547e  x86_64/php-4.3.10-2.4.x86_64.rpm
27783eff866e3bfdc21c7fd55f1ee074  x86_64/php-devel-4.3.10-2.4.x86_64.rpm
3a39de1daf5968d95fd448c9a8e828ac  x86_64/php-pear-4.3.10-2.4.x86_64.rpm
57d065191d398e2bf5e7f120edb16b1a  x86_64/php-imap-4.3.10-2.4.x86_64.rpm
455727fdab0cc5e663e17e49798390d7  x86_64/php-ldap-4.3.10-2.4.x86_64.rpm
92058f2eb9e69e7bcea782bd192b62d2  x86_64/php-mysql-4.3.10-2.4.x86_64.rpm
b51a9e94030e181f818a9ffa13f9750e  x86_64/php-pgsql-4.3.10-2.4.x86_64.rpm
fe0955c89ccde1a7ea7262f63b1e19d1  x86_64/php-odbc-4.3.10-2.4.x86_64.rpm
534bee14e259752b34205f69fe1154fe  x86_64/php-snmp-4.3.10-2.4.x86_64.rpm
2c8ce07785064953a6601ab87250db6a  x86_64/php-domxml-4.3.10-2.4.x86_64.rpm
da393f75760e8ffbf6112bfb71927c9f  x86_64/php-xmlrpc-4.3.10-2.4.x86_64.rpm
66a25b26811a0283501bec4dda66025b  x86_64/php-mbstring-4.3.10-2.4.x86_64.rpm
2d5a82279db93b080afef08cce548af8  x86_64/debug/php-debuginfo-4.3.10-2.4.x86_64.rpm
1b3ceb6fb4bb0bbd05c92aec1efad13a  i386/php-4.3.10-2.4.i386.rpm
8f9685a4e87435eae2543ab0e70ae956  i386/php-devel-4.3.10-2.4.i386.rpm
56893f09067be4bab725e8b8de72f6b5  i386/php-pear-4.3.10-2.4.i386.rpm
bed7a3018a037c024c35fc448ff426b9  i386/php-imap-4.3.10-2.4.i386.rpm
8ccab4ad5130bcb5718d8e449e712524  i386/php-ldap-4.3.10-2.4.i386.rpm
9a9b97820a029f693a6a14a83e017116  i386/php-mysql-4.3.10-2.4.i386.rpm
071e96181e24fca3a38b2a680cf1d5c0  i386/php-pgsql-4.3.10-2.4.i386.rpm
47d4beeb30cd032904341bbad9e9158f  i386/php-odbc-4.3.10-2.4.i386.rpm
39cedd45d34ad1b2d85902169bed5b29  i386/php-snmp-4.3.10-2.4.i386.rpm
79f5b45c4176d46004c9118d459c83ae  i386/php-domxml-4.3.10-2.4.i386.rpm
f53752308cc7058ec829a21ebb9ea7d3  i386/php-xmlrpc-4.3.10-2.4.i386.rpm
e151913faeecbeaf4e6549e03151e644  i386/php-mbstring-4.3.10-2.4.i386.rpm
63020b5ede3e55d1aeaf48365e2be374  i386/debug/php-debuginfo-4.3.10-2.4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/announce/attachments/20041221/8d44edb0/attachment.bin

More information about the announce mailing list