CentOS Errata and Security Advisory CESA-2005:406
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.
A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues.
A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue.
A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.
Several bug fixes are also included in this update:
some performance issues in the unserialize() function have been fixed
the behaviour of the interpreter when handling integer overflow during conversion of a floating variable to an integer has been reverted to match the behaviour used upstream; the integer will now be wrapped rather than truncated
a fix for the virtual() function in the Apache httpd module which would flush the response prematurely
the hard-coded default "safe mode" setting is now "disabled" rather than "enabled"; to match the default /etc/php.ini setting
in the curl extension, safe mode was not enforced for 'file:///' URL lookups (CAN-2004-1392).
Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2005-May/011629.html http://lists.centos.org/pipermail/centos-announce/2005-May/011633.html
Affected packages: php php-devel php-domxml php-gd php-imap php-ldap php-mbstring php-mysql php-ncurses php-odbc php-pear php-pgsql php-snmp php-xmlrpc
Upstream details at: https://rhn.redhat.com/errata/RHSA-2005-406.html