php security update

2006-05-24T01:13:50
ID CESA-2006:0501-02
Type centos
Reporter CentOS Project
Modified 2006-05-24T01:13:50

Description

CentOS Errata and Security Advisory CESA-2006:0501-02

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996)

The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208)

A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. (CVE-2005-2933)

The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow. (CVE-2006-1990)

Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-May/012917.html

Affected packages: php php-devel php-imap php-ldap php-manual php-mysql php-odbc php-pgsql

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html