[SECURITY] Fedora Core 2 Update: php-4.3.8-2.1

Joe Orton jorton at redhat.com
Fri Jul 23 20:32:33 UTC 2004


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-223
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 2
Name        : php
Version     : 4.3.8                      
Release     : 2.1                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------
* Fri Jul 16 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.1

- revert upstream default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton <jorton at redhat.com> 4.3.8-2.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

13c752c5f7f5a6564f2f6bd5bc8e7b0e  SRPMS/php-4.3.8-2.1.src.rpm
65095fc26ad128d360997f903561b7d5  x86_64/php-4.3.8-2.1.x86_64.rpm
3b15e51fc58965ce96756a71f1c5b5de  x86_64/php-devel-4.3.8-2.1.x86_64.rpm
231d87f5d179c2b3b05f5c32414d14cd  x86_64/php-pear-4.3.8-2.1.x86_64.rpm
f9c27929bf99768ce5b59b26f73bccb2  x86_64/php-imap-4.3.8-2.1.x86_64.rpm
7ff188fe29a3d35239e22b5e0ceaa8f7  x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
31df367d75e1983a35cb72fd3b139868  x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
203e65f95c421e7349a1ab756cf82bde  x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
dd98e42d71494638ac839a16636e1550  x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
8d901500f5d1f5ff28b33d7970e22c99  x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
1f497d638c34ae5712261fdf3553148c  x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
76ecadb87e33d92c75c3f87d0cea0453  x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
8901decbda81636ac02176440ccd3172  x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
6124e792f031f33d967c703d3d00e5e1  x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
3c614e351ee3bf2edd4bcccdaac730ae  i386/php-4.3.8-2.1.i386.rpm
5b2dd8c438bdbee268f1ee895c60fda1  i386/php-devel-4.3.8-2.1.i386.rpm
6f08f5d2b259835ad514ea55c4c6f87c  i386/php-pear-4.3.8-2.1.i386.rpm
e0fbef311d2b603e6a95e4bcf10ed57d  i386/php-imap-4.3.8-2.1.i386.rpm
71211809dc9bfe8671d6c41f4ff33d46  i386/php-ldap-4.3.8-2.1.i386.rpm
22425aa3497a0b208475dc0a0c8b8cfe  i386/php-mysql-4.3.8-2.1.i386.rpm
1e086cc08143bb9380bfa5a2d659cdcb  i386/php-pgsql-4.3.8-2.1.i386.rpm
fbd12ada7afe1ff85e308d157151528c  i386/php-odbc-4.3.8-2.1.i386.rpm
503d75c815dd91a743e837ed5ab25f47  i386/php-snmp-4.3.8-2.1.i386.rpm
aeb98c24a1d782c9341526cdc9a58c92  i386/php-domxml-4.3.8-2.1.i386.rpm
0ba0a4d9676be8ca3589b3498ef83323  i386/php-xmlrpc-4.3.8-2.1.i386.rpm
c1f7cf35bfe5091d720d65d4515ea9ae  i386/php-mbstring-4.3.8-2.1.i386.rpm
fb4e286644c2b5b4bc6f3c833fb60312  i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/announce/attachments/20040723/95663c48/attachment.bin 


More information about the announce mailing list