Security update for PHP4
(Last modified: 11APR2005)
solutions Security update for PHP4 SuSE Linux Maintenance Web (ba2325a214aeb9526916f1f3a255babd)
Product(s): SUSE LINUX Retail Solution 8
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
SuSE Linux Enterprise Server 8 for x86
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IBM S/390 and IBM zSeries
SuSE Linux Enterprise Server 8 for IBM zSeries
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Openexchange Server 4
- A bug that can be exploited by remote attackers to bypass HTML tag filtering (cross-site-scripting prevention) by supplying special tags. These kind of tags should be ignored because they are not valid but they get accepted by some commercial web-browsers.
- A bug that can be exploited by remote attackers by triggering the memory_limit in unsafe states of a PHP execution path to execute arbitrary code.
- Bugs caused by bad array parsing of the user input via GET, POST and COOKIE. One could lead to overwriting variable $_FILES, while the other could expose some pieces of the php memory to the attacker.
- A bug that could disclose php sourcecode in some circumstances.
- Various bugs in the unserializer (CAN-2004-1019)
- A buffer overflow in the exif parser (CAN-2004-1065)
- A bug in getimagesize() which could lead to denial of service (CAN-2005-0524, CAN-2005-0525)
- Wrong type usage caused two errors within PHP4's session handling:
- Session variables where not read from /tmp/sess_* files, thus rendering session management useless in most cases.
- The functions print() and echo() did not produce any output whenever a session was started with session_start().
- performance problems of unserialize() caused by previous security update.
rpm -Fvh mod_php4.rpm mod_php4-core.rpm mod_php4-servlet.rpm mod_php4-devel.rpm
Download Source Packages
Download the source code of the patches for maintained products.