[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 504/05 - Two Fedora Update Notifications:



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 504/05 dated 06.07.05  Time: 13:59  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Two Fedora Update Notifications:
1. FEDORA-2005-518 - php - Fedora 4
2. FEDORA-2005-517 - php - Fedora 3

Detail
====== 

1. PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

2. PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.



1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-518
2005-07-05
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : php
Version     : 5.0.4                      
Release     : 10.3                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

- ---------------------------------------------------------------------
Update Information:

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-1921 to this issue.

The bundled version of shtool is also updated, to fix some temporary
file handling races.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.

Bug fixes for the dom, ldap, and gd extensions are also included in
this update.

- ---------------------------------------------------------------------
* Mon Jul  4 2005 Joe Orton <jorton@xxxxxxxxxx> 5.0.4-10.3

- - pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)
- - update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)

* Tue Jun 21 2005 Joe Orton <jorton@xxxxxxxxxx> 5.0.4-10.2

- - fix imports from dom module (Rob Richards, #161447)
- - fix detection and support for ldap_start_tls (#160527)
- - fix imagettftext et al (upstream, #161001)
- - mark php.ini and php.conf as noreplace again for updates

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

0c6522a88226f54f5e5b7de87fbc0c11  SRPMS/php-5.0.4-10.3.src.rpm
bfaea50f076c4e099c268da5e7620f4b  ppc/php-5.0.4-10.3.ppc.rpm
8a07fa05c8405b8e57d132b6ea1f35b1  ppc/php-devel-5.0.4-10.3.ppc.rpm
565d15f4846387a847f8ec46b5c0b396  ppc/php-pear-5.0.4-10.3.ppc.rpm
dbec56b97f22708db35526087110f421  ppc/php-imap-5.0.4-10.3.ppc.rpm
3ae7074cf4ab82f5c8204f72b126dde0  ppc/php-ldap-5.0.4-10.3.ppc.rpm
51836fcd1e96516e78a4e1d109733674  ppc/php-mysql-5.0.4-10.3.ppc.rpm
ea5e7470d83768e1ac5c68796b5b84f3  ppc/php-pgsql-5.0.4-10.3.ppc.rpm
d56a9554078b3b24840025487aa9dfed  ppc/php-odbc-5.0.4-10.3.ppc.rpm
5c785d8775d0a627ea2ba976245824e4  ppc/php-soap-5.0.4-10.3.ppc.rpm
bffafd1150b30fde9993f928d4a2d7c0  ppc/php-snmp-5.0.4-10.3.ppc.rpm
784f81cc2692689a585c1fc370a2f17d  ppc/php-xml-5.0.4-10.3.ppc.rpm
57bee6798a5722698e33d03132f56583  ppc/php-xmlrpc-5.0.4-10.3.ppc.rpm
b0f76a1c4b916b21f47264f5f87c52bb  ppc/php-mbstring-5.0.4-10.3.ppc.rpm
579b1ed7ce37a414adb620cbae082dd1  ppc/php-ncurses-5.0.4-10.3.ppc.rpm
64bef62199d03684373798f4f9c10e06  ppc/php-gd-5.0.4-10.3.ppc.rpm
f1efef76a385b5a0dd021a893a8bae82  ppc/php-bcmath-5.0.4-10.3.ppc.rpm
478a276f46917bb4d6dcea26d9fa661c  ppc/php-dba-5.0.4-10.3.ppc.rpm
322bc6293f6c8deb9221241c18c93c82  ppc/debug/php-debuginfo-5.0.4-10.3.ppc.rpm
8efec10a38d939add4eb3c3282e15a61  x86_64/php-5.0.4-10.3.x86_64.rpm
d673f5d0bbed054802b976c7f64325f2  x86_64/php-devel-5.0.4-10.3.x86_64.rpm
5d45dc58614ff16f725e975e20d9405e  x86_64/php-pear-5.0.4-10.3.x86_64.rpm
aada20087705846a32f51eb479a340e4  x86_64/php-imap-5.0.4-10.3.x86_64.rpm
9c38732c237643b6ab15d9eb8ac38690  x86_64/php-ldap-5.0.4-10.3.x86_64.rpm
2509b955a13e7d4dc5b601b4378eb73e  x86_64/php-mysql-5.0.4-10.3.x86_64.rpm
7733267f9c4aee9145b1150ad066c15b  x86_64/php-pgsql-5.0.4-10.3.x86_64.rpm
69e34aadb84a83984f4f1e5f8f0351f1  x86_64/php-odbc-5.0.4-10.3.x86_64.rpm
421f3f0e308ac094dfdd3e9e33f5a2ab  x86_64/php-soap-5.0.4-10.3.x86_64.rpm
c392b1c9377612dfacbb739b091e802d  x86_64/php-snmp-5.0.4-10.3.x86_64.rpm
7ff88a5d7a91e4d5038257deadae3b0f  x86_64/php-xml-5.0.4-10.3.x86_64.rpm
f9d2c7f91395ab69be20f1872fc97842  x86_64/php-xmlrpc-5.0.4-10.3.x86_64.rpm
16a3f115bfaa44ac7d5ff92e9146253b  x86_64/php-mbstring-5.0.4-10.3.x86_64.rpm
44826fa9acef498c42eb49f1e51f87d7  x86_64/php-ncurses-5.0.4-10.3.x86_64.rpm
5c2556e825a490c2db2f555dc4d016b9  x86_64/php-gd-5.0.4-10.3.x86_64.rpm
21568c6ad605a84b1a240f414b7166be  x86_64/php-bcmath-5.0.4-10.3.x86_64.rpm
cdc560b1d7c7237dc918764c1370f08e  x86_64/php-dba-5.0.4-10.3.x86_64.rpm
233dc431c4fccc4adbb0797007b1a78a  x86_64/debug/php-debuginfo-5.0.4-10.3.x86_64.rpm
8e745631a8ac72c8beb28707dda1b407  i386/php-5.0.4-10.3.i386.rpm
fdfd59d4504f9ac5c52a251dad404a8b  i386/php-devel-5.0.4-10.3.i386.rpm
90bddaf9f48d94e584c35a82c7fe89fe  i386/php-pear-5.0.4-10.3.i386.rpm
4fcbed04dfe357a9b2c4a5fb85058304  i386/php-imap-5.0.4-10.3.i386.rpm
dea52cc729d8f224e0ea17bf219f320b  i386/php-ldap-5.0.4-10.3.i386.rpm
e6ee42402a1cbd8a01a58b84e790efb3  i386/php-mysql-5.0.4-10.3.i386.rpm
8d562d334790734b3a7fda48d43c3cb9  i386/php-pgsql-5.0.4-10.3.i386.rpm
24a01a9e32073783a56cf487228ab9be  i386/php-odbc-5.0.4-10.3.i386.rpm
7308e2120909b36d3d7e98bcc0ee0400  i386/php-soap-5.0.4-10.3.i386.rpm
438b9b67b75e0ff9a3d797d091be3670  i386/php-snmp-5.0.4-10.3.i386.rpm
483af673a9d33df179dcfca20eb94e73  i386/php-xml-5.0.4-10.3.i386.rpm
2ee878c5bca760a4f3ed01549657ec74  i386/php-xmlrpc-5.0.4-10.3.i386.rpm
a7b3d134abda5a134de5fb8b86558086  i386/php-mbstring-5.0.4-10.3.i386.rpm
4ccd1e7dd776cc5a13f9b4071755a36c  i386/php-ncurses-5.0.4-10.3.i386.rpm
c447d59cec28198b72e63de1d34416d0  i386/php-gd-5.0.4-10.3.i386.rpm
d411c4ed89ada9f064fe43e793df09f7  i386/php-bcmath-5.0.4-10.3.i386.rpm
50c8efd1eba45c3cdecf6f94429816f1  i386/php-dba-5.0.4-10.3.i386.rpm
6cc243c39853ec33401b5fb772378c98  i386/debug/php-debuginfo-5.0.4-10.3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------


2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-517
2005-07-05
- ---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : php
Version     : 4.3.11                      
Release     : 2.6                  
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

- ---------------------------------------------------------------------
Update Information:

This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-1921 to this issue.

The bundled version of shtool is also updated, to fix some temporary
file handling races.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.

- ---------------------------------------------------------------------
* Tue Jul  5 2005 Joe Orton <jorton@xxxxxxxxxx> 4.3.11-2.6

- - pear: update to XML_RPC 1.3.1 (CAN-2005-1921, #162045)
- - update bundled shtool to 2.0.2 (CAN-2005-1751, #158998)
- - require autoconf, automake for -devel package (#159283)

- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a174c30ad5e96498a5e93233ee6385ea  SRPMS/php-4.3.11-2.6.src.rpm
a2984b641de63888c6622e9d5e6c131e  x86_64/php-4.3.11-2.6.x86_64.rpm
43fcc397d921a0830faf56b971ddd31f  x86_64/php-devel-4.3.11-2.6.x86_64.rpm
a98ee7857361a00bb7253af012bcf8ca  x86_64/php-pear-4.3.11-2.6.x86_64.rpm
af006624ac19d143821e8589ea1ab41b  x86_64/php-imap-4.3.11-2.6.x86_64.rpm
e911a6bc8509791fdb3beb6ec57f9a4f  x86_64/php-ldap-4.3.11-2.6.x86_64.rpm
0667770fe1a20ab4377b0f270e86dd24  x86_64/php-mysql-4.3.11-2.6.x86_64.rpm
f9d2a8cf407875991ca3d353bcb7f17c  x86_64/php-pgsql-4.3.11-2.6.x86_64.rpm
2d47fd7f1ba7e2a3932917ee4bf9c39d  x86_64/php-odbc-4.3.11-2.6.x86_64.rpm
dff854303417c33939adf56b2ff52dd6  x86_64/php-snmp-4.3.11-2.6.x86_64.rpm
830d9e2d023bf789774fb610db5c10ea  x86_64/php-domxml-4.3.11-2.6.x86_64.rpm
9c074857fe9a4db0b2cad3e3220a7fa0  x86_64/php-xmlrpc-4.3.11-2.6.x86_64.rpm
8cc21c37e3f46c3091c31d0111043a2f  x86_64/php-mbstring-4.3.11-2.6.x86_64.rpm
387e8fbeb1e0ddaba3ed8c9f6c531509  x86_64/php-ncurses-4.3.11-2.6.x86_64.rpm
887ae796ffa6aa12bbc4e7ef227af209  x86_64/php-gd-4.3.11-2.6.x86_64.rpm
1957e6d2ae92be01f79b395736a6bd73  x86_64/debug/php-debuginfo-4.3.11-2.6.x86_64.rpm
093db5829c89aba8af79bcce88d83e2e  i386/php-4.3.11-2.6.i386.rpm
9314db2476cbd4840286b0092d603621  i386/php-devel-4.3.11-2.6.i386.rpm
259afaa2af03ea7d879c6a448c3ad70a  i386/php-pear-4.3.11-2.6.i386.rpm
aaa0e93451abb3794624520ed7400ace  i386/php-imap-4.3.11-2.6.i386.rpm
490d0f1c9b71176e238faa096793bdd4  i386/php-ldap-4.3.11-2.6.i386.rpm
6b773958ade696a8e9b18a3b519c443b  i386/php-mysql-4.3.11-2.6.i386.rpm
259498bb42fc271c651d72a4871b9b31  i386/php-pgsql-4.3.11-2.6.i386.rpm
ad1c1a842709494b098979c9f2aa33a7  i386/php-odbc-4.3.11-2.6.i386.rpm
5bdd86ed53246118645d599c07e7909c  i386/php-snmp-4.3.11-2.6.i386.rpm
af8af25e3e0319db1c9a325f85112b77  i386/php-domxml-4.3.11-2.6.i386.rpm
bb551acb1b2421ce2d4ac6e7d2cc676b  i386/php-xmlrpc-4.3.11-2.6.i386.rpm
4a7ecf8772101604df11e2276b7c9ae2  i386/php-mbstring-4.3.11-2.6.i386.rpm
81fa3c7e75d7e304f6d6a85ca3059630  i386/php-ncurses-4.3.11-2.6.i386.rpm
c76642b88ae71ae50e805af6dfc2d6fe  i386/php-gd-4.3.11-2.6.i386.rpm
f3f076e25a64669d98d73965acd66181  i386/debug/php-debuginfo-4.3.11-2.6.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQsvSnIpao72zK539AQFNuwQAjISLALx0lr/y+qwz821gsMS4+x5KqgVo
8E/KvYqFer+qjcxDcDOcyJrsOjYInAFgAn/qwuRTXsXe/28XxE7zNzA9bC33b+qy
+fMlzzFLyVs2883Z4u+iMm4sZn7VTWJmcNj0hOwYbvRIc9jZp7UiGF/kikhRxXCH
ZVLI82YuJl4=
=g+2C
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________