(RHSA-2005:406) PHP security update

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A bug was found in the way PHP processes IFF and JPEG images. It is
possible to cause PHP to consume CPU resources for a short period of time
by supplying a carefully crafted IFF or JPEG image. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
names CAN-2005-0524 and CAN-2005-0525 to these issues.

A buffer overflow bug was also found in the way PHP processes EXIF image
headers. It is possible for an attacker to construct an image file in such
a way it could execute arbitrary instructions when processed by PHP. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-1042 to this issue.

A denial of service bug was found in the way PHP processes EXIF image
headers. It is possible for an attacker to cause PHP to enter an infinite
loop for a short period of time by supplying a carefully crafted image file
to PHP for processing. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1043 to this issue.

Several bug fixes are also included in this update:

• some performance issues in the unserialize() function have been fixed

• the behaviour of the interpreter when handling integer overflow during
  conversion of a floating variable to an integer has been reverted to match
  the behaviour used upstream; the integer will now be wrapped rather than
  truncated

• a fix for the virtual() function in the Apache httpd module which would
  flush the response prematurely

• the hard-coded default “safe mode” setting is now “disabled” rather than
  “enabled”; to match the default /etc/php.ini setting

• in the curl extension, safe mode was not enforced for ‘file:///’ URL
  lookups (CAN-2004-1392).

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.