Security update for PHP4
(Last modified: 02SEP2005)
solutions Security update for PHP4 SuSE Linux Maintenance Web (981ef108b964d6518c58b160d56e9bcc)
Product(s): SUSE CORE 9 for x86
SUSE CORE 9 for IBM POWER
SUSE CORE 9 for IBM S/390 31bit
SUSE CORE 9 for IBM zSeries 64bit
SUSE CORE 9 for AMD64 and Intel EM64T
Novell Linux POS 9
Open Enterprise Server
apache2-mod_auth_mysqldue to the RTLD_GLOBAL fixes. Please refer to
- A bug that can be exploited by remote attackers to bypass HTML tag filtering (cross-site-scripting prevention) by supplying special tags. These kind of tags should be ignored because they are not valid but they get accepted by some commercial web-browsers.
- A bug that can be exploited by remote attackers by triggering the
memory_limitin unsafe states of a PHP execution path to execute arbitrary code.
- Bugs caused by bad array parsing of the user input via
COOKIE. One could lead to overwriting variable
$_FILES, while the other could expose some pieces of PHP's memory to the attacker.
- A bug that could disclose PHP source code under some circumstances.
- Various bugs in the unserializer (CAN-2004-1019)
- A buffer overflow in the EXIF parser (CAN-2004-1065)
- A bug in
readline()that could lead to denial of service.
- A bug in
getimagesize()which could lead to denial of service (CAN-2005-0524, CAN-2005-0525)
- Bugs in the EXIF parser could allow an attacker to execute arbitrary code (CAN-2005-1042) or cause denial of service (CAN-2005-1043)).
- Bugs in the
PEAR::XML_RPClibrary allowed remote attackers to pass arbitrary PHP code to the
eval()function (CAN-2005-1921, CAN-2005-2498).
- An integer overflow bug was found in the pcre (perl compatible regular expression) library which could be used by an attacker to potentially execute code. (CAN-2005-2491)
dlopen()flag for opening php4 modules has been reverted back to
RTDL_LOCALhad some side effects when extensions like
php4-unixODBCload their own libraries (unixODBC uses
- Pre-Requires tags of some sub-packages have been tweaked to aid computing the uninstall order.
- Performance problems of
unserialize()caused by previous security update.
rpm -Fvh php4.rpm apache-mod_php4.rpm apache2-mod_php4.rpm mod_php4-core.rpm mod_php4-servlet.rpm php4-imap.rpm php4-mysql.rpm php4-servlet.rpm php4-session.rpm php4-fastcgi.rpm php4-devel.rpm php4-sysvshm.rpm php4-exif.rpm php4-pear.rpm
Download Source Packages
Download the source code of the patches for maintained products.