[CentOS-announce] CESA-2005:1110-001 Moderate CentOS 4 i386 php - security update (CENTOSPLUS only)

Fri Nov 11 03:54:29 UTC 2005
Johnny Hughes <johnny at centos.org>

CentOS Errata and Security Advisory 2005:1110-001

Moderate CentOS 4 i386 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
------------------
Name        : php
Version     : 5.0.4                  Vendor: CentOS
Release     : 4.centos4              Build Date: Fri 11 Nov 2005
Install Date: (not installed)        Build Host: build-i386
Group       : Development/Languages  
Source RPM: php-5.0.4-4.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny at centos.org>
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
------------------

Update Information:

This update is considered moderate by the CentOS Development Team.

This update includes several security fixes:

- fixes for prevent malicious requests from overwriting the
GLOBALS array (CVE-2005-3390)

- a fix to stop the parse_str() function from enabling the
register_globals setting (CVE-2005-3389)

- fixes for Cross-Site Scripting flaws in the phpinfo()
output (CVE-2005-3388)

- a fix for a denial of service (process crash) in EXIF
image parsing (CVE-2005-3353)

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

https://www.redhat.com/archives/fedora-announce-list/2005-November/msg00022.html

https://rhn.redhat.com/errata/RHSA-2005-831.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
php-5.0.4-4.centos4.i386.rpm
php-bcmath-5.0.4-4.centos4.i386.rpm
php-dba-5.0.4-4.centos4.i386.rpm
php-devel-5.0.4-4.centos4.i386.rpm
php-gd-5.0.4-4.centos4.i386.rpm
php-imap-5.0.4-4.centos4.i386.rpm
php-ldap-5.0.4-4.centos4.i386.rpm
php-mbstring-5.0.4-4.centos4.i386.rpm
php-mysql-5.0.4-4.centos4.i386.rpm
php-ncurses-5.0.4-4.centos4.i386.rpm
php-odbc-5.0.4-4.centos4.i386.rpm
php-pear-5.0.4-4.centos4.i386.rpm
php-pgsql-5.0.4-4.centos4.i386.rpm
php-snmp-5.0.4-4.centos4.i386.rpm
php-soap-5.0.4-4.centos4.i386.rpm
php-xml-5.0.4-4.centos4.i386.rpm
php-xmlrpc-5.0.4-4.centos4.i386.rpm

src:
php-5.0.4-4.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos-announce/attachments/20051110/0c2f1fd2/attachment-0004.sig>