(RHSA-2006:0688) php security update

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

An integer overflow was discovered in the PHP memory handling routines. If
a script can cause memory allocation based on untrusted user data, a remote
attacker sending a carefully crafted request could execute arbitrary code
as the ‘apache’ user. (CVE-2006-4812)

A buffer overflow was discovered in the PHP sscanf() function. If a script
used the sscanf() function with positional arguments in the format string,
a remote attacker sending a carefully crafted request could execute
arbitrary code as the ‘apache’ user. (CVE-2006-4020)

An integer overflow was discovered in the PHP wordwrap() and str_repeat()
functions. If a script running on a 64-bit server used either of these
functions on untrusted user data, a remote attacker sending a carefully
crafted request might be able to cause a heap overflow. (CVE-2006-4482)

A buffer overflow was discovered in the PHP gd extension. If a script was
set up to process GIF images from untrusted sources using the gd extension,
a remote attacker could cause a heap overflow. (CVE-2006-4484)

A buffer overread was discovered in the PHP stripos() function. If a
script used the stripos() function with untrusted user data, PHP may read
past the end of a buffer, which could allow a denial of service attack by a
remote user. (CVE-2006-4485)

An integer overflow was discovered in the PHP memory allocation handling.
On 64-bit platforms, the “memory_limit” setting was not enforced correctly,
which could allow a denial of service attack by a remote user. (CVE-2006-4486)

These packages also contain a fix for a bug where certain input strings to
the metaphone() function could cause memory corruption.

Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.