(RHSA-2006:0688) php security update

2006-10-05T04:00:00
ID RHSA-2006:0688
Type redhat
Reporter RedHat
Modified 2019-03-22T23:44:18

Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4812)

A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482)

A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484)

A buffer overread was discovered in the PHP stripos() function. If a script used the stripos() function with untrusted user data, PHP may read past the end of a buffer, which could allow a denial of service attack by a remote user. (CVE-2006-4485)

An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486)

These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption.

Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues.