php security update

2005-04-28T22:58:33
ID CESA-2005:405
Type centos
Reporter CentOS Project
Modified 2005-04-29T00:43:31

Description

CentOS Errata and Security Advisory CESA-2005:405

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues.

A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue.

A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.

Several bug fixes are also included in this update:

  • The security fixes in RHSA-2004-687 to the "unserializer" code introduced some performance issues.

  • In the gd extension, the "imagecopymerge" function did not correctly handle transparency. The original image was being obscured in the resultant image.

  • In the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392).

Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-April/023651.html http://lists.centos.org/pipermail/centos-announce/2005-April/023652.html http://lists.centos.org/pipermail/centos-announce/2005-April/023653.html http://lists.centos.org/pipermail/centos-announce/2005-April/023654.html

Affected packages: php php-devel php-imap php-ldap php-mysql php-odbc php-pgsql

Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-405.html