7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.108 Low
EPSS
Percentile
95.0%
CentOS Errata and Security Advisory CESA-2005:406
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of time
by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2005-0524 and CAN-2005-0525 to these issues.
A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in such
a way it could execute arbitrary instructions when processed by PHP. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1042 to this issue.
A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an infinite
loop for a short period of time by supplying a carefully crafted image file
to PHP for processing. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.
Several bug fixes are also included in this update:
some performance issues in the unserialize() function have been fixed
the behaviour of the interpreter when handling integer overflow during
conversion of a floating variable to an integer has been reverted to match
the behaviour used upstream; the integer will now be wrapped rather than
truncated
a fix for the virtual() function in the Apache httpd module which would
flush the response prematurely
the hard-coded default “safe mode” setting is now “disabled” rather than
“enabled”; to match the default /etc/php.ini setting
in the curl extension, safe mode was not enforced for ‘file:///’ URL
lookups (CAN-2004-1392).
Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-May/073791.html
https://lists.centos.org/pipermail/centos-announce/2005-May/073795.html
Affected packages:
php
php-devel
php-domxml
php-gd
php-imap
php-ldap
php-mbstring
php-mysql
php-ncurses
php-odbc
php-pear
php-pgsql
php-snmp
php-xmlrpc
Upstream details at:
https://access.redhat.com/errata/RHSA-2005:406
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | ia64 | php | < 4.3.9-3.6 | php-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-devel | < 4.3.9-3.6 | php-devel-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-domxml | < 4.3.9-3.6 | php-domxml-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-gd | < 4.3.9-3.6 | php-gd-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-imap | < 4.3.9-3.6 | php-imap-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-ldap | < 4.3.9-3.6 | php-ldap-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-mbstring | < 4.3.9-3.6 | php-mbstring-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-mysql | < 4.3.9-3.6 | php-mysql-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-ncurses | < 4.3.9-3.6 | php-ncurses-4.3.9-3.6.ia64.rpm |
CentOS | 4 | ia64 | php-odbc | < 4.3.9-3.6 | php-odbc-4.3.9-3.6.ia64.rpm |