php security update

CentOS Errata and Security Advisory CESA-2006:0567-01

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the “register_globals” setting.
“register_globals” is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)

A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)

A flaw was found in the PHP IMAP MIME header decoding function. An
attacker could craft a message with an overly long header which caused
PHP to crash. (CVE-2002-2214)

Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-July/075232.html

Affected packages:
php
php-devel
php-imap
php-ldap
php-manual
php-mysql
php-odbc
php-pgsql