php security update

ID CESA-2006:0708-01
Type centos
Reporter CentOS Project
Modified 2006-10-09T01:04:12


CentOS Errata and Security Advisory CESA-2006:0708-01

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)

This issue did not affect the PHP packages distributed with Red Hat Enterprise Linux 3 or 4.

Users of PHP should upgrade to these updated packages which contain a backported patch that corrects this issue.

Merged security bulletin from advisories:

Affected packages: php php-devel php-imap php-ldap php-manual php-mysql php-odbc php-pgsql

Upstream details at: