copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

ESB-2005.0649 -- RHSA-2005:748-01 -- Important: php security update

Date: 22 August 2005
References: AL-2005.0026  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2005.0649 -- RHSA-2005:748-01
                      Important: php security update
                              22 August 2005

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           PHP
Publisher:         Red Hat
Operating System:  Red Hat Enterprise Linux AS/ES/WS 4
                   Red Hat Enterprise Linux Desktop 4
                   Red Hat Enterprise Linux AS/ES/WS 3
                   Red Hat Desktop 3
Impact:            Execute Arbitrary Code/Commands
Access:            Remote/Unauthenticated
CVE Names:         CAN-2005-2498

Ref:               AL-2005.0026

Original Bulletin: https://rhn.redhat.com/errata/RHSA-2005-748.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Important: php security update
Advisory ID:       RHSA-2005:748-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-748.html
Issue date:        2005-08-19
Updated on:        2005-08-19
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-2498
- - ---------------------------------------------------------------------

1. Summary:

Updated PHP packages that fix a security issue are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.

A bug was discovered in the PEAR XML-RPC Server package included in PHP. If
a PHP script is used which implements an XML-RPC Server using the PEAR
XML-RPC package, then it is possible for a remote attacker to construct an
XML-RPC request which can cause PHP to execute arbitrary PHP commands as
the 'apache' user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-2498 to this issue.

When using the default SELinux "targeted" policy on Red Hat Enterprise
Linux 4, the impact of this issue is reduced since the scripts executed by
PHP are constrained within the httpd_sys_script_t security context.

Users of PHP should upgrade to these updated packages, which contain
backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

165846 - CAN-2005-2498 PHP PEAR:XMLRPC eval code injection


6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

ppc:
7eca26595c589909d14f1304ba2ee375  php-4.3.2-25.ent.ppc.rpm
580e11d514426001888b1330cb1e1cce  php-devel-4.3.2-25.ent.ppc.rpm
8bd6ff8a589e48582b1ad2ab3d0b3d55  php-imap-4.3.2-25.ent.ppc.rpm
447160dea22d85fd27e7a58fcf3958b9  php-ldap-4.3.2-25.ent.ppc.rpm
c3690c46988ded0628a05b970efbbe74  php-mysql-4.3.2-25.ent.ppc.rpm
1c993e2d91f8885b747fada9911d43f2  php-odbc-4.3.2-25.ent.ppc.rpm
9d90e82de707dda53eaab3ce775da349  php-pgsql-4.3.2-25.ent.ppc.rpm

s390:
a5689c1761a08e33c0c28e0aec878d69  php-4.3.2-25.ent.s390.rpm
a8762e56d83756f462b13f5d5a2303e7  php-devel-4.3.2-25.ent.s390.rpm
546936bc35e28275086aa5461e7fe8fe  php-imap-4.3.2-25.ent.s390.rpm
4b7239fe911530391679eb68e5348ceb  php-ldap-4.3.2-25.ent.s390.rpm
e6e9819c2421ac68fb27a33de1a9ea4a  php-mysql-4.3.2-25.ent.s390.rpm
c06f394b3c9410342623ef004658d923  php-odbc-4.3.2-25.ent.s390.rpm
a49b311fd89c0c92d85e87ba064d24cb  php-pgsql-4.3.2-25.ent.s390.rpm

s390x:
f249944850b28f3c11318e8c19d1ace9  php-4.3.2-25.ent.s390x.rpm
60f7b03fe3e933319a24b0670a56b1bc  php-devel-4.3.2-25.ent.s390x.rpm
c7036910984bd31a3d60c51427e39747  php-imap-4.3.2-25.ent.s390x.rpm
6dad978fbd65a0b008401d8a0e421f7d  php-ldap-4.3.2-25.ent.s390x.rpm
930d2e0c4aa0d09c2756a3e6760e00d3  php-mysql-4.3.2-25.ent.s390x.rpm
5f231e51c0de5c41419d49723ad3e46f  php-odbc-4.3.2-25.ent.s390x.rpm
b3750b470d85481353c41428b83277d2  php-pgsql-4.3.2-25.ent.s390x.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/php-4.3.2-25.ent.src.rpm
04d580976153ca074a872fc0f4e46b0c  php-4.3.2-25.ent.src.rpm

i386:
fed51b67a5d48a8522bc8d8148a2bfee  php-4.3.2-25.ent.i386.rpm
15cd9ab7e1ef1c95c6ecd8e1f8cbae46  php-devel-4.3.2-25.ent.i386.rpm
6163adee50194e74e37fa24c17e5bfa8  php-imap-4.3.2-25.ent.i386.rpm
7c5d52e3aed50297dbd5d5a75f94ba41  php-ldap-4.3.2-25.ent.i386.rpm
aaa8a6a7d4b023c04073b7cae2bf58f6  php-mysql-4.3.2-25.ent.i386.rpm
1e7de237085d4f881c41de6a98b51157  php-odbc-4.3.2-25.ent.i386.rpm
c044ec476bf4d3b45892da90d62a3f1a  php-pgsql-4.3.2-25.ent.i386.rpm

ia64:
9a4dbeb30cc5405a7a48e1bc02f363ea  php-4.3.2-25.ent.ia64.rpm
853345e24ec67719dc509a8efac7fc1f  php-devel-4.3.2-25.ent.ia64.rpm
55611e3eb2ad4386eaf9f2aeefbae207  php-imap-4.3.2-25.ent.ia64.rpm
0b5e1dfb9ff9299cd0b9d27bfdba8c09  php-ldap-4.3.2-25.ent.ia64.rpm
f734685a65e4224edc92cc64ac5e995e  php-mysql-4.3.2-25.ent.ia64.rpm
21c6e481bcece62c684f5cc7dcddb8f9  php-odbc-4.3.2-25.ent.ia64.rpm
d1cad3dac8d7f922990853ff48478f97  php-pgsql-4.3.2-25.ent.ia64.rpm

x86_64:
b7de30bf4d9789c9e74a7a47a2450591  php-4.3.2-25.ent.x86_64.rpm
e4bfa968ea149b4438ec2c5acf0b7241  php-devel-4.3.2-25.ent.x86_64.rpm
7c5e7a65cb3cad8a0a8c5fb404e96448  php-imap-4.3.2-25.ent.x86_64.rpm
89180e6c640883a91a646891e394b57f  php-ldap-4.3.2-25.ent.x86_64.rpm
f3b6592a91c9dda2e96c8b7f737fb595  php-mysql-4.3.2-25.ent.x86_64.rpm
2aa2463b9ddd90200ecce28cf9509d0a  php-odbc-4.3.2-25.ent.x86_64.rpm
2ad89b967736ac5cb3916216cc448cd6  php-pgsql-4.3.2-25.ent.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

ppc:
bd34db8f23114905bcc56376ce1fd0b7  php-4.3.9-3.8.ppc.rpm
fa58e7518f05706a98b35745c1d4b913  php-devel-4.3.9-3.8.ppc.rpm
48ce6b37b6ad12be24d4f84e9e67452b  php-domxml-4.3.9-3.8.ppc.rpm
5b066afed81a791aace7cdcbb6a90947  php-gd-4.3.9-3.8.ppc.rpm
fd84f47ef66dc4ff55464eae3df2efc4  php-imap-4.3.9-3.8.ppc.rpm
b48ca33c593124d6c8c59008041b79cb  php-ldap-4.3.9-3.8.ppc.rpm
82e4b5e99580c7d308b4ecea56df6738  php-mbstring-4.3.9-3.8.ppc.rpm
552a51dbe98d0f4ae22228ae1f13e19a  php-mysql-4.3.9-3.8.ppc.rpm
550ebfa0b4d3d9684d2523b50603f881  php-ncurses-4.3.9-3.8.ppc.rpm
1196dc21d9ee440787f679876ed440b2  php-odbc-4.3.9-3.8.ppc.rpm
ba14e117c2754801a06870022468d207  php-pear-4.3.9-3.8.ppc.rpm
2183466fbf6bc9fcf5b5e7725fc5cb5a  php-pgsql-4.3.9-3.8.ppc.rpm
dbab2c19b448606ac1ef87af64c8dd35  php-snmp-4.3.9-3.8.ppc.rpm
77dac822b135a91c931390e365a3a3c0  php-xmlrpc-4.3.9-3.8.ppc.rpm

s390:
d180410bf180e90c8a40be0fdc80ff29  php-4.3.9-3.8.s390.rpm
cfb3f3e2546aa13a9623a6012a08995e  php-devel-4.3.9-3.8.s390.rpm
71abbaefd50c44f73f0df6881fe69e5e  php-domxml-4.3.9-3.8.s390.rpm
37fc36bd054c106e5303873c326401ef  php-gd-4.3.9-3.8.s390.rpm
1c630c18aff48f8219c9e0f4f096df3c  php-imap-4.3.9-3.8.s390.rpm
1c8bf3ba6fce68d3983a0ac3565f6023  php-ldap-4.3.9-3.8.s390.rpm
cc5051676df9580ed8a861aad3c8c8d8  php-mbstring-4.3.9-3.8.s390.rpm
b7314f018786de79b4399646b54b5403  php-mysql-4.3.9-3.8.s390.rpm
387f8205ec3cb69519d5d4de63446c90  php-ncurses-4.3.9-3.8.s390.rpm
e0ac0c167353567c5cca3b036f343064  php-odbc-4.3.9-3.8.s390.rpm
90a71adefa907cb35419d4cf923868e0  php-pear-4.3.9-3.8.s390.rpm
d35ddfb3cd210c006f3d1df6d5d61c02  php-pgsql-4.3.9-3.8.s390.rpm
01757c42045de567d808402c7d8f737c  php-snmp-4.3.9-3.8.s390.rpm
c94551d25c1934782cdd7ed662ab1fea  php-xmlrpc-4.3.9-3.8.s390.rpm

s390x:
61f9ac19c4ba7716404b48de56373521  php-4.3.9-3.8.s390x.rpm
deb89d9fb54a82fb915ca021a54e2e68  php-devel-4.3.9-3.8.s390x.rpm
a28bbddd28f97d0da1580df4d374d447  php-domxml-4.3.9-3.8.s390x.rpm
fc4bc891dfb91e5082c4cbb0dda02314  php-gd-4.3.9-3.8.s390x.rpm
887c4678d7966f6035e90737fda4afd1  php-imap-4.3.9-3.8.s390x.rpm
003e92e07d789c19d902f8301b628178  php-ldap-4.3.9-3.8.s390x.rpm
fd0ee023262407e6e1cd629e74217e63  php-mbstring-4.3.9-3.8.s390x.rpm
9859ebd83766c0a6c7b1d9d6177c410a  php-mysql-4.3.9-3.8.s390x.rpm
bdcd50dafb2b4ca148072ee1695fd1bb  php-ncurses-4.3.9-3.8.s390x.rpm
fba112c1ea14563d92343c2f2bb86d14  php-odbc-4.3.9-3.8.s390x.rpm
c1279024b71f8bbaac74a3950447699d  php-pear-4.3.9-3.8.s390x.rpm
fc44cb66d82b6d8c81caa37eb2cb1ea5  php-pgsql-4.3.9-3.8.s390x.rpm
d5ed53874ff1be6a2d84d8cd1a14876a  php-snmp-4.3.9-3.8.s390x.rpm
25f1527864ffeee21dc3f665c5576f2e  php-xmlrpc-4.3.9-3.8.s390x.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/php-4.3.9-3.8.src.rpm
c42be2ce45b0347e36124fe7a4fb5924  php-4.3.9-3.8.src.rpm

i386:
26900c293a14aec11b98f5470c339275  php-4.3.9-3.8.i386.rpm
f6327a1bcee45695f1615a48f4dd3608  php-devel-4.3.9-3.8.i386.rpm
5fb7b2579224bddee01be068ea34d64f  php-domxml-4.3.9-3.8.i386.rpm
fe7ed9022e75667cf57d7e8863b5e05b  php-gd-4.3.9-3.8.i386.rpm
a3cbdfcbf5f2dbba9f60ff6d61ac58c8  php-imap-4.3.9-3.8.i386.rpm
167a9f3d83dd454a6abbb3132ccbff53  php-ldap-4.3.9-3.8.i386.rpm
01c11bd52d1d51d1f6550a9464c76fd5  php-mbstring-4.3.9-3.8.i386.rpm
991eb09293d6100356d4bc3f3c54976d  php-mysql-4.3.9-3.8.i386.rpm
207176609633419e6b3964adc5bfd620  php-ncurses-4.3.9-3.8.i386.rpm
875a5d7dd417e01453c9d66a45a06e8e  php-odbc-4.3.9-3.8.i386.rpm
b1c9a565e056e223c6f00e13bac9df68  php-pear-4.3.9-3.8.i386.rpm
dd7a8b3ba60dc7a720f1d48c5471a6b3  php-pgsql-4.3.9-3.8.i386.rpm
1db2702320f71c20c7ecfebaec1277b5  php-snmp-4.3.9-3.8.i386.rpm
207cd0c9311cf50db0360f31821cf019  php-xmlrpc-4.3.9-3.8.i386.rpm

ia64:
31fb5e5a7900f6d18f92c09f5b53af90  php-4.3.9-3.8.ia64.rpm
13f62dcaeb16dc91b4443c9d4e523b84  php-devel-4.3.9-3.8.ia64.rpm
6756575f3575d16a6f43a07be9909779  php-domxml-4.3.9-3.8.ia64.rpm
950bb064c3c71440f7f90c07ae84889e  php-gd-4.3.9-3.8.ia64.rpm
e720736aa9bbe451e325ed700b84a9a0  php-imap-4.3.9-3.8.ia64.rpm
dfb52afcdceddfeb9ae1e688add1eb8d  php-ldap-4.3.9-3.8.ia64.rpm
ea84d79e2c9f9b5f52238bf5b01fdaf3  php-mbstring-4.3.9-3.8.ia64.rpm
0df8783bc4adb9c3a74f59da40744d41  php-mysql-4.3.9-3.8.ia64.rpm
0a36c7e443e76c389814bb284fbf5ded  php-ncurses-4.3.9-3.8.ia64.rpm
181dda661bd4150366ec8fc5e1315b49  php-odbc-4.3.9-3.8.ia64.rpm
0020e01ff72c0c0f999f962d0bae513b  php-pear-4.3.9-3.8.ia64.rpm
b45d0b44eb5b343d3a4cd600b5754611  php-pgsql-4.3.9-3.8.ia64.rpm
d6d4ccc44ee12736ee65780ddaffdae5  php-snmp-4.3.9-3.8.ia64.rpm
b71a96ce00186e024fb0ead2a8f4e100  php-xmlrpc-4.3.9-3.8.ia64.rpm

x86_64:
745cfb9496358bde45c201dcd0fe4c90  php-4.3.9-3.8.x86_64.rpm
4aa30d7eda48f1c8cdc6ce5afcf966df  php-devel-4.3.9-3.8.x86_64.rpm
319c16cb8d5c49eb22ac35c96c4ca88f  php-domxml-4.3.9-3.8.x86_64.rpm
b6da99b5bd00ccd411a880bfd41eaffe  php-gd-4.3.9-3.8.x86_64.rpm
95597dc53ed20dd035f868d3df3381b3  php-imap-4.3.9-3.8.x86_64.rpm
7542e656c771567c10b01d414e1ad608  php-ldap-4.3.9-3.8.x86_64.rpm
48884af41341ffaaa417298c9bee56b3  php-mbstring-4.3.9-3.8.x86_64.rpm
890e6b5bc9cf6df4d583a3826b68c83a  php-mysql-4.3.9-3.8.x86_64.rpm
2e441ee60fb1abd2797c713de8510326  php-ncurses-4.3.9-3.8.x86_64.rpm
cc2986371ebc3600f1facd5738eef5ca  php-odbc-4.3.9-3.8.x86_64.rpm
10d45ce3202aefec649a89a417b51cda  php-pear-4.3.9-3.8.x86_64.rpm
ef1c012749995b02d39cfe617b55ca7d  php-pgsql-4.3.9-3.8.x86_64.rpm
4bdfd3d0d24ecee14d5635e55a833ca1  php-snmp-4.3.9-3.8.x86_64.rpm
9ba9283f2dc4a2b86c48eb835e54e88f  php-xmlrpc-4.3.9-3.8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFDBhpuXlSAg2UNWIIRAht2AKCKNTyBleqPN0NCBkvfatjXQFCZKwCeO5eG
w3j1/7JddU7Xvn+7aTkVLjs=
=Uqxk
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQwlRdSh9+71yA2DNAQKFLgP/TGzOjtQOLc3AbxcvkpqC9X08T4mBBrXv
Ac/RmXC2sr4PH296jcsoQldu7Dfzzb6Wj9JKJ6f2RWMGqYhhXbAvtEpNoZPbikt+
zLYv7/loUPZvlaVm+wp9TkA/1k5roLjpNnFUWhYAc9IZX/jAkq9sF8sX3IuE2o+C
dnn4k6S9gWs=
=p6xP
-----END PGP SIGNATURE-----