php security update

2006-10-09T01:04:12
ID CESA-2006:0708-01
Type centos
Reporter CentOS Project
Modified 2006-10-09T01:04:12

Description

CentOS Errata and Security Advisory CESA-2006:0708-01

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)

This issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4.

Users of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2006-October/013314.html

Affected packages: php php-devel php-imap php-ldap php-manual php-mysql php-odbc php-pgsql

Upstream details at: https://rhn.redhat.com/errata/rh21as-errata.html