RedHatRHSA-2006:0567(RHSA-2006:0567) php security update
0.054 Low
EPSS
Percentile
93.2%
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
A flaw was found in the zend_hash_del() PHP function. For PHP scripts that
rely on the use of the unset() function, a remote attacker could force
variable initialization to be bypassed. This would be a security issue
particularly for installations that enable the “register_globals” setting.
“register_globals” is disabled by default in Red Hat Enterprise Linux.
(CVE-2006-3017)
A directory traversal vulnerability was found in PHP. Local users could
bypass open_basedir restrictions allowing remote attackers to create files
in arbitrary directories via the tempnam() function. (CVE-2006-1494)
A flaw was found in the PHP IMAP MIME header decoding function. An
attacker could craft a message with an overly long header which caused
PHP to crash. (CVE-2002-2214)
Users of PHP should upgrade to these updated packages, which contain
backported patches that resolve these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ia64 | php-mysql | < 4.1.2-2.8 | php-mysql-4.1.2-2.8.ia64.rpm |
| RedHat | any | i386 | php-devel | < 4.1.2-2.8 | php-devel-4.1.2-2.8.i386.rpm |
| RedHat | any | ia64 | php-imap | < 4.1.2-2.8 | php-imap-4.1.2-2.8.ia64.rpm |
| RedHat | any | ia64 | php-manual | < 4.1.2-2.8 | php-manual-4.1.2-2.8.ia64.rpm |
| RedHat | any | i386 | php-ldap | < 4.1.2-2.8 | php-ldap-4.1.2-2.8.i386.rpm |
| RedHat | any | i386 | php-imap | < 4.1.2-2.8 | php-imap-4.1.2-2.8.i386.rpm |
| RedHat | any | ia64 | php-devel | < 4.1.2-2.8 | php-devel-4.1.2-2.8.ia64.rpm |
| RedHat | any | i386 | php-odbc | < 4.1.2-2.8 | php-odbc-4.1.2-2.8.i386.rpm |
| RedHat | any | i386 | php-manual | < 4.1.2-2.8 | php-manual-4.1.2-2.8.i386.rpm |
| RedHat | any | ia64 | php | < 4.1.2-2.8 | php-4.1.2-2.8.ia64.rpm |
Related
