Hi,

I'm still running FC1 and FC2 servers and am worried about the issues below, I
don't want to be stung by them like I was with the perl exploits earlier (and
fixed through the FL contrib by users).

Will FL be backporting these fixes asap?

Michael.

---------- Forwarded Message -----------
From: "Joseph Orton" <[EMAIL PROTECTED]>
To: fedora-announce-list@redhat.com
Sent: Tue, 8 Nov 2005 13:11:07 -0500
Subject: [SECURITY] Fedora Core 3 Update: php-4.3.11-2.8

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-1061
2005-11-08
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : php
Version     : 4.3.11                      
Release     : 2.8                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)
---------------------------------------------------------------------
* Fri Nov  4 2005 Joe Orton <[EMAIL PROTECTED]> 4.3.11-2.8
- add security fixes from upstream:
 * XSS issues in phpinfo() (CVE-2005-3388, #172212)
 * GLOBALS handling (CVE-2005-3390, #172207)
 * parse_str() enabling register_globals (CVE-2005-3389, #172209)
 * exif: infinite recursion on corrupt JPEG (CVE-2005-3353)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

68724665fc23eb17fd5f6ab53a7a8578  SRPMS/php-4.3.11-2.8.src.rpm
6fe3ca959bf1ac54195cb1a0ece80161  x86_64/php-4.3.11-2.8.x86_64.rpm
52b086b6ae3b62b6b39850694306544f  x86_64/php-devel-4.3.11-2.8.x86_64.rpm
c6a89e2a4974fa966adf9f1e1d19b1e3  x86_64/php-pear-4.3.11-2.8.x86_64.rpm
495ad7cec5eead31eaf655ecda78ffc4  x86_64/php-imap-4.3.11-2.8.x86_64.rpm
26e0c1d33f77040d732c16f01ecc469c  x86_64/php-ldap-4.3.11-2.8.x86_64.rpm
5d99c02f4e8c71762421368f94be7cb6  x86_64/php-mysql-4.3.11-2.8.x86_64.rpm
ac907f06ae9ecaa185fdeba117d7a5f4  x86_64/php-pgsql-4.3.11-2.8.x86_64.rpm
4e8d7ee61c64683f5eb90a02fac4c71d  x86_64/php-odbc-4.3.11-2.8.x86_64.rpm
2b59cd899b7640ff67918c02f0b83c9b  x86_64/php-snmp-4.3.11-2.8.x86_64.rpm
50c12c4604d7fa6ed6d423732dad41cd  x86_64/php-domxml-4.3.11-2.8.x86_64.rpm
ed79ef8a38f3112fb90b5087730a2372  x86_64/php-xmlrpc-4.3.11-2.8.x86_64.rpm
ed7b9255c03b60c57c64ec065b7bcb82  x86_64/php-mbstring-4.3.11-2.8.x86_64.rpm
cac58fd700a3e3f5493e37b062407968  x86_64/php-ncurses-4.3.11-2.8.x86_64.rpm
3aefa8e720ef35c0a4a18de7f1dc8736  x86_64/php-gd-4.3.11-2.8.x86_64.rpm
4bd7ffa3c678ae086c9a688bbdedaf67  
x86_64/debug/php-debuginfo-4.3.11-2.8.x86_64.rpm
b03e664e7299012091046f8c6d4113e5  i386/php-4.3.11-2.8.i386.rpm
7a2f5d835948e35cdd0dd3689b27ffef  i386/php-devel-4.3.11-2.8.i386.rpm
0263c49fdf67f20293b70f97536f3343  i386/php-pear-4.3.11-2.8.i386.rpm
ebdd6d6529c4348fe2ed7ae3df166acc  i386/php-imap-4.3.11-2.8.i386.rpm
3a98ee4ea5066f91dc4d2a19a040f949  i386/php-ldap-4.3.11-2.8.i386.rpm
0f30bca149e3e13a01255b66843bc1e6  i386/php-mysql-4.3.11-2.8.i386.rpm
9193d56cae5d3b292de0b53a33559c2a  i386/php-pgsql-4.3.11-2.8.i386.rpm
e69f716a3e0115e7143ed79bcc6c93fe  i386/php-odbc-4.3.11-2.8.i386.rpm
b291a190a62bafa094d193be6f5a16aa  i386/php-snmp-4.3.11-2.8.i386.rpm
c0422acefee1c4de9ab681c4e23e1233  i386/php-domxml-4.3.11-2.8.i386.rpm
5fafa898dd4512197186ac552566b83b  i386/php-xmlrpc-4.3.11-2.8.i386.rpm
746dbb670f222d4b4618ea6d62f1489c  i386/php-mbstring-4.3.11-2.8.i386.rpm
e28a918dd7533591e376db828b840878  i386/php-ncurses-4.3.11-2.8.i386.rpm
f4bb825f723c15f0c86ab87c25483ee1  i386/php-gd-4.3.11-2.8.i386.rpm
c68cdde6bf01755485d6e33f1e3c4243  i386/debug/php-debuginfo-4.3.11-2.8.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
---------------------------------------------------------------------

-- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list
------- End of Forwarded Message -------

--
fedora-legacy-list mailing list
fedora-legacy-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-legacy-list

Reply via email to