RHSA-2008:0546: Moderate: php security update
First published: Wed Jul 16 2008(Updated: )
PHP is an HTML-embedded scripting language commonly used with the Apache<br>HTTP Web server.<br>It was discovered that the PHP escapeshellcmd() function did not properly<br>escape multi-byte characters which are not valid in the locale used by the<br>script. This could allow an attacker to bypass quoting restrictions imposed<br>by escapeshellcmd() and execute arbitrary commands if the PHP script was<br>using certain locales. Scripts using the default UTF-8 locale are not<br>affected by this issue. (CVE-2008-2051)<br>The PHP functions htmlentities() and htmlspecialchars() did not properly<br>recognize partial multi-byte sequences. Certain sequences of bytes could be<br>passed through these functions without being correctly HTML-escaped.<br>Depending on the browser being used, an attacker could use this flaw to<br>conduct cross-site scripting attacks. (CVE-2007-5898)<br>A PHP script which used the transparent session ID configuration option, or<br>which used the output_add_rewrite_var() function, could leak session<br>identifiers to external web sites. If a page included an HTML form with an<br>ACTION attribute referencing a non-local URL, the user's session ID would<br>be included in the form data passed to that URL. (CVE-2007-5899)<br>It was discovered that PHP did not properly seed its pseudo-random number<br>generator used by functions such as rand() and mt_rand(), possibly allowing<br>an attacker to easily predict the generated pseudo-random values.<br>(CVE-2008-2107, CVE-2008-2108)<br>Integer overflow and memory requirements miscalculation issues were<br>discovered in the Perl-Compatible Regular Expression (PCRE) library used by<br>PHP to process regular expressions. These issues could cause a crash, or<br>possibly execute an arbitrary code with the privileges of the PHP script<br>that processes regular expressions from untrusted sources. Note: PHP<br>packages shipped with Red Hat Enterprise Linux 2.1 did not use the<br>system-level PCRE library. By default they used an embedded copy of the<br>library included with the PHP package. (CVE-2006-7228, CVE-2007-1660)<br>Users of PHP should upgrade to these updated packages, which contain<br>backported patches to correct these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=382411
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=382431
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=445006
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=445684
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=445685
- https://access.redhat.com/errata/RHSA-2008:0546 (Advisory)
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2008:0546
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness