rhsa-2007_0163
Vulnerability from csaf_redhat
Published
2007-04-20 11:36
Modified
2024-11-14 10:05
Summary
Red Hat Security Advisory: php security update for Stronghold
Notes
Topic
Updated PHP packages that fix several security issues are now available for
Stronghold 4.0 for Enterprise Linux.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
This update addresses the following issues:
- An input validation bug allowed a remote attacker to trigger a denial of
service attack by submitting an input variable with a deeply-nested-array.
(CVE-2007-1285)
- An input validation bug function may allow a remote attacker to execute
arbitrary code as the "apache" user if a script passes untrusted input data
to the unserialize() function. (CVE-2007-1286)
- A double-free bug in the "session" extension may allow a remote attacker
to execute arbitrary code as the "apache" user, if untrusted input data was
passed to the session_decode() function . (CVE-2007-1711)
Users of PHP should upgrade to these updated packages, which contain
backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated PHP packages that fix several security issues are now available for\nStronghold 4.0 for Enterprise Linux. \n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server. \n\nThis update addresses the following issues:\n\n- An input validation bug allowed a remote attacker to trigger a denial of\nservice attack by submitting an input variable with a deeply-nested-array.\n(CVE-2007-1285)\n\n- An input validation bug function may allow a remote attacker to execute\narbitrary code as the \"apache\" user if a script passes untrusted input data\nto the unserialize() function. (CVE-2007-1286) \n\n- A double-free bug in the \"session\" extension may allow a remote attacker\nto execute arbitrary code as the \"apache\" user, if untrusted input data was\npassed to the session_decode() function . (CVE-2007-1711) \n\nUsers of PHP should upgrade to these updated packages, which contain\nbackported patches to correct these issues.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2007:0163", "url": "https://access.redhat.com/errata/RHSA-2007:0163" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "235359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=235359" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0163.json" } ], "title": "Red Hat Security Advisory: php security update for Stronghold", "tracking": { "current_release_date": "2024-11-14T10:05:08+00:00", "generator": { "date": "2024-11-14T10:05:08+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2007:0163", "initial_release_date": "2007-04-20T11:36:00+00:00", "revision_history": [ { "date": "2007-04-20T11:36:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2007-04-20T07:36:42+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T10:05:08+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product": { "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_stronghold:4.0" } } } ], "category": "product_family", "name": "Stronghold 4.0 for Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "stronghold-php-devel-0:4.1.2-15.i386", "product": { "name": "stronghold-php-devel-0:4.1.2-15.i386", "product_id": "stronghold-php-devel-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-devel@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-0:4.1.2-15.i386", "product": { "name": "stronghold-php-0:4.1.2-15.i386", "product_id": "stronghold-php-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-odbc-0:4.1.2-15.i386", "product": { "name": "stronghold-php-odbc-0:4.1.2-15.i386", "product_id": "stronghold-php-odbc-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-odbc@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-pgsql-0:4.1.2-15.i386", "product": { "name": "stronghold-php-pgsql-0:4.1.2-15.i386", "product_id": "stronghold-php-pgsql-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-pgsql@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-mysql-0:4.1.2-15.i386", "product": { "name": "stronghold-php-mysql-0:4.1.2-15.i386", "product_id": "stronghold-php-mysql-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-mysql@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-manual-0:4.1.2-15.i386", "product": { "name": "stronghold-php-manual-0:4.1.2-15.i386", "product_id": "stronghold-php-manual-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-manual@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-snmp-0:4.1.2-15.i386", "product": { "name": "stronghold-php-snmp-0:4.1.2-15.i386", "product_id": "stronghold-php-snmp-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-snmp@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-imap-0:4.1.2-15.i386", "product": { "name": "stronghold-php-imap-0:4.1.2-15.i386", "product_id": "stronghold-php-imap-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-imap@4.1.2-15?arch=i386" } } }, { "category": "product_version", "name": "stronghold-php-ldap-0:4.1.2-15.i386", "product": { "name": "stronghold-php-ldap-0:4.1.2-15.i386", "product_id": "stronghold-php-ldap-0:4.1.2-15.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php-ldap@4.1.2-15?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "stronghold-php-0:4.1.2-15.src", "product": { "name": "stronghold-php-0:4.1.2-15.src", "product_id": "stronghold-php-0:4.1.2-15.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/stronghold-php@4.1.2-15?arch=src" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-0:4.1.2-15.src as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-0:4.1.2-15.src" }, "product_reference": "stronghold-php-0:4.1.2-15.src", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-devel-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-devel-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-imap-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-imap-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-ldap-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-ldap-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-manual-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-manual-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-mysql-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-mysql-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-odbc-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-odbc-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-pgsql-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-pgsql-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" }, { "category": "default_component_of", "full_product_name": { "name": "stronghold-php-snmp-0:4.1.2-15.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "product_id": "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" }, "product_reference": "stronghold-php-snmp-0:4.1.2-15.i386", "relates_to_product_reference": "SH4-2.1AS" } ] }, "vulnerabilities": [ { "cve": "CVE-2007-1285", "discovery_date": "2007-03-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1618296" } ], "notes": [ { "category": "description", "text": "The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1285" }, { "category": "external", "summary": "RHBZ#1618296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618296" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1285", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1285" } ], "release_date": "2007-03-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-04-20T11:36:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0163" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "security flaw" }, { "cve": "CVE-2007-1286", "discovery_date": "2007-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1618297" } ], "notes": [ { "category": "description", "text": "Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1286" }, { "category": "external", "summary": "RHBZ#1618297", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618297" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1286", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1286", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1286" } ], "release_date": "2007-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-04-20T11:36:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0163" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" }, { "cve": "CVE-2007-1711", "discovery_date": "2007-03-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1618304" } ], "notes": [ { "category": "description", "text": "Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 allows context-dependent attackers to execute arbitrary code by overwriting variables pointing to (1) the GLOBALS array or (2) the session data in _SESSION. NOTE: this issue was introduced when attempting to patch CVE-2007-1701 (MOPB-31-2007).", "title": "Vulnerability description" }, { "category": "summary", "text": "security flaw", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2007-1711" }, { "category": "external", "summary": "RHBZ#1618304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618304" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1711", "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1711", "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1711" } ], "release_date": "2007-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2007-04-20T11:36:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188", "product_ids": [ "SH4-2.1AS:stronghold-php-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-0:4.1.2-15.src", "SH4-2.1AS:stronghold-php-devel-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-imap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-manual-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-15.i386", "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-15.i386" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2007:0163" } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "security flaw" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.