TITLE: Fedora update for php SECUNIA ADVISORY ID: SA17490 VERIFY ADVISORY: http://secunia.com/advisories/17490/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: Fedora Core 4 http://secunia.com/product/5251/ Fedora Core 3 http://secunia.com/product/4222/ DESCRIPTION: Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. For more information: SA17371 SOLUTION: Apply updated packages. Fedora Core 3: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ 68724665fc23eb17fd5f6ab53a7a8578 SRPMS/php-4.3.11-2.8.src.rpm 6fe3ca959bf1ac54195cb1a0ece80161 x86_64/php-4.3.11-2.8.x86_64.rpm 52b086b6ae3b62b6b39850694306544f x86_64/php-devel-4.3.11-2.8.x86_64.rpm c6a89e2a4974fa966adf9f1e1d19b1e3 x86_64/php-pear-4.3.11-2.8.x86_64.rpm 495ad7cec5eead31eaf655ecda78ffc4 x86_64/php-imap-4.3.11-2.8.x86_64.rpm 26e0c1d33f77040d732c16f01ecc469c x86_64/php-ldap-4.3.11-2.8.x86_64.rpm 5d99c02f4e8c71762421368f94be7cb6 x86_64/php-mysql-4.3.11-2.8.x86_64.rpm ac907f06ae9ecaa185fdeba117d7a5f4 x86_64/php-pgsql-4.3.11-2.8.x86_64.rpm 4e8d7ee61c64683f5eb90a02fac4c71d x86_64/php-odbc-4.3.11-2.8.x86_64.rpm 2b59cd899b7640ff67918c02f0b83c9b x86_64/php-snmp-4.3.11-2.8.x86_64.rpm 50c12c4604d7fa6ed6d423732dad41cd x86_64/php-domxml-4.3.11-2.8.x86_64.rpm ed79ef8a38f3112fb90b5087730a2372 x86_64/php-xmlrpc-4.3.11-2.8.x86_64.rpm ed7b9255c03b60c57c64ec065b7bcb82 x86_64/php-mbstring-4.3.11-2.8.x86_64.rpm cac58fd700a3e3f5493e37b062407968 x86_64/php-ncurses-4.3.11-2.8.x86_64.rpm 3aefa8e720ef35c0a4a18de7f1dc8736 x86_64/php-gd-4.3.11-2.8.x86_64.rpm 4bd7ffa3c678ae086c9a688bbdedaf67 x86_64/debug/php-debuginfo-4.3.11-2.8.x86_64.rpm b03e664e7299012091046f8c6d4113e5 i386/php-4.3.11-2.8.i386.rpm 7a2f5d835948e35cdd0dd3689b27ffef i386/php-devel-4.3.11-2.8.i386.rpm 0263c49fdf67f20293b70f97536f3343 i386/php-pear-4.3.11-2.8.i386.rpm ebdd6d6529c4348fe2ed7ae3df166acc i386/php-imap-4.3.11-2.8.i386.rpm 3a98ee4ea5066f91dc4d2a19a040f949 i386/php-ldap-4.3.11-2.8.i386.rpm 0f30bca149e3e13a01255b66843bc1e6 i386/php-mysql-4.3.11-2.8.i386.rpm 9193d56cae5d3b292de0b53a33559c2a i386/php-pgsql-4.3.11-2.8.i386.rpm e69f716a3e0115e7143ed79bcc6c93fe i386/php-odbc-4.3.11-2.8.i386.rpm b291a190a62bafa094d193be6f5a16aa i386/php-snmp-4.3.11-2.8.i386.rpm c0422acefee1c4de9ab681c4e23e1233 i386/php-domxml-4.3.11-2.8.i386.rpm 5fafa898dd4512197186ac552566b83b i386/php-xmlrpc-4.3.11-2.8.i386.rpm 746dbb670f222d4b4618ea6d62f1489c i386/php-mbstring-4.3.11-2.8.i386.rpm e28a918dd7533591e376db828b840878 i386/php-ncurses-4.3.11-2.8.i386.rpm f4bb825f723c15f0c86ab87c25483ee1 i386/php-gd-4.3.11-2.8.i386.rpm c68cdde6bf01755485d6e33f1e3c4243 i386/debug/php-debuginfo-4.3.11-2.8.i386.rpm Fedora Core 4: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ 4335290d44b2e5a9e0bae18c6a083b60 SRPMS/php-5.0.4-10.5.src.rpm 33c196f4c005196c1d53764a2ee31ebb ppc/php-5.0.4-10.5.ppc.rpm 129ad57e9524495748107e94ef3919c4 ppc/php-devel-5.0.4-10.5.ppc.rpm 67117718bca8eefd800dcb3bb4f1a78d ppc/php-pear-5.0.4-10.5.ppc.rpm 76137ee5a1e37c435531a8152c0b3aa6 ppc/php-imap-5.0.4-10.5.ppc.rpm 1be58c15e916d164623bb43b8413e593 ppc/php-ldap-5.0.4-10.5.ppc.rpm cf1362b1d3293ebaee2a9b5ac4e55af4 ppc/php-mysql-5.0.4-10.5.ppc.rpm cfe10b007be2a3a53231648fc709955c ppc/php-pgsql-5.0.4-10.5.ppc.rpm 26966ffcaa801ba3af557ca4d909fc6f ppc/php-odbc-5.0.4-10.5.ppc.rpm 688a6289cd74bded8eec8f590e5aa0b2 ppc/php-soap-5.0.4-10.5.ppc.rpm 2cbdf7bf156df0b5cf828e101e73e1fb ppc/php-snmp-5.0.4-10.5.ppc.rpm b2234815d67f6454f01e6b4e2f7d08a3 ppc/php-xml-5.0.4-10.5.ppc.rpm 5396b3f2093ebe5c0d952496cc1e0f53 ppc/php-xmlrpc-5.0.4-10.5.ppc.rpm dd37612bb7325f2bc8b434ace6a88274 ppc/php-mbstring-5.0.4-10.5.ppc.rpm ccff0bf6b530520d58b82b08a8673494 ppc/php-ncurses-5.0.4-10.5.ppc.rpm 88f33ff60368e3d95345054d70e1836b ppc/php-gd-5.0.4-10.5.ppc.rpm 8f108fc28164e457d61e68aab9fc6ac0 ppc/php-bcmath-5.0.4-10.5.ppc.rpm 8d1f816bfb1e25e51dfe934afce98458 ppc/php-dba-5.0.4-10.5.ppc.rpm 9f5d9c6cc90f0d714cb7e7c7213fc5cc ppc/debug/php-debuginfo-5.0.4-10.5.ppc.rpm de90066477ed98470724063ebee6cd6f x86_64/php-5.0.4-10.5.x86_64.rpm a3658629bc9aae101f728fa2e07c553a x86_64/php-devel-5.0.4-10.5.x86_64.rpm 664a5735c6d892e1ca51f6cbb1fd3ba0 x86_64/php-pear-5.0.4-10.5.x86_64.rpm 89f640b39a2a18cbfcfec17ad4ab79c8 x86_64/php-imap-5.0.4-10.5.x86_64.rpm e755c66fc8e01c680758803bc4c9077f x86_64/php-ldap-5.0.4-10.5.x86_64.rpm 8a051d3c467c8bf12e2cb50908613427 x86_64/php-mysql-5.0.4-10.5.x86_64.rpm 2811e927599be9fb668efd5bd2bc52c9 x86_64/php-pgsql-5.0.4-10.5.x86_64.rpm 2525eff98d5aaf242650229feca4d028 x86_64/php-odbc-5.0.4-10.5.x86_64.rpm 2bf0b0f286cbe8b555e3dddce3be9e78 x86_64/php-soap-5.0.4-10.5.x86_64.rpm 5255c6d146a38eb23a0dde0d37c2a72f x86_64/php-snmp-5.0.4-10.5.x86_64.rpm 1e1161abd9f04e8608cf0bdba7e72c02 x86_64/php-xml-5.0.4-10.5.x86_64.rpm dbf2339e1a6db6b20f97f85e90f6522b x86_64/php-xmlrpc-5.0.4-10.5.x86_64.rpm f98c7ab4bcea1307974e2dde86561ef9 x86_64/php-mbstring-5.0.4-10.5.x86_64.rpm 0e96505932ca49e6c631cbb930cc7b30 x86_64/php-ncurses-5.0.4-10.5.x86_64.rpm 4406c22ac3ca985957b086e9abd06a42 x86_64/php-gd-5.0.4-10.5.x86_64.rpm d72bf1a65686f6ae2ae7eee0758c484f x86_64/php-bcmath-5.0.4-10.5.x86_64.rpm 38694809232db581f791be27b21b96a1 x86_64/php-dba-5.0.4-10.5.x86_64.rpm d48c6f1dc89b916c845ba519bb5cfba7 x86_64/debug/php-debuginfo-5.0.4-10.5.x86_64.rpm fb1436e7a723233406d6489cc7cd7d62 i386/php-5.0.4-10.5.i386.rpm e2a4866c6f213990a0e4baa8b8b6a824 i386/php-devel-5.0.4-10.5.i386.rpm 6e6767c83168ec51ddfd7f21912e799c i386/php-pear-5.0.4-10.5.i386.rpm 5957130394b19b2a94175e7f1021dea5 i386/php-imap-5.0.4-10.5.i386.rpm 4c46a432d194756358de7fb571fc7f88 i386/php-ldap-5.0.4-10.5.i386.rpm 9076a327b2d839519360c394237c63c6 i386/php-mysql-5.0.4-10.5.i386.rpm 120c0100bf15d0d4c05f26496a69ddf3 i386/php-pgsql-5.0.4-10.5.i386.rpm 748370888887fabe751b6b9aec05601b i386/php-odbc-5.0.4-10.5.i386.rpm 5a50e3fd65d1f1be5c181dcb56b991a2 i386/php-soap-5.0.4-10.5.i386.rpm ef8fd8955b8eca84a87dd2bb4875b5bc i386/php-snmp-5.0.4-10.5.i386.rpm 08ab3cfc4b59810ea71ea491e5cf5f5b i386/php-xml-5.0.4-10.5.i386.rpm ea658b8be0d1fba6df3828beeee9161c i386/php-xmlrpc-5.0.4-10.5.i386.rpm 539f03c801b1c89e357f54f9626d62e8 i386/php-mbstring-5.0.4-10.5.i386.rpm 76c88d6a6b91d43ae6db7121d680fc03 i386/php-ncurses-5.0.4-10.5.i386.rpm 66362602f804499fefc5d3896257f223 i386/php-gd-5.0.4-10.5.i386.rpm 9fc87cc046b3e63701876459601ad917 i386/php-bcmath-5.0.4-10.5.i386.rpm 139d7077d1bca4c7795d29d649e7d64d i386/php-dba-5.0.4-10.5.i386.rpm e0f4ee2380b7823eede4fe04dd24fc85 i386/debug/php-debuginfo-5.0.4-10.5.i386.rpm OTHER REFERENCES: SA17371: http://secunia.com/advisories/17371/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------