Advisories:rPSA-2007-0221

From rPath Wiki

rPath Security Advisory 2007-0221-2

Published: 2007-10-24

Updated

1. 2007-12-11 removed unnecessary CVE-2007-4659 patch

Products

• rPath Linux 1

Rating

Severe

Exposure Level Classification

Remote System User Deterministic Unauthorized Access

Updated Versions

• php=conary.rpath.com@rpl:1/4.3.11-15.16-1
• php-mysql=conary.rpath.com@rpl:1/4.3.11-15.16-1
• php-pgsql=conary.rpath.com@rpl:1/4.3.11-15.16-1

rPath Issue Tracking System

• RPL-1693
• RPL-1983

References

• CVE-2007-1864
• CVE-2007-2872
• CVE-2007-3378
• CVE-2007-3799
• CVE-2007-3996
• CVE-2007-3997
• CVE-2007-3998
• CVE-2007-4652
• CVE-2007-4657
• CVE-2007-4658
• CVE-2007-4659
• CVE-2007-4662
• CVE-2007-4663
• CVE-2007-4670

Description

Previous versions of the php package are vulnerable to many attacks,

the worst of which enable various remote attackers to run arbitrary

code as the "apache" user. These vulnerabilities are exposed by a

wide variety of applications written in the PHP language.

11 December 2007 Update: The previous version of this fix included

a patch to address CVE-2007-4659 that was unnecessary (CVE-2007-4659

did not affect this version of php) and caused php to terminate with

a segmentation fault in some cases. This patch has been removed,

which resolves the segmentation fault regression.

Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html