centos-announce-request at centos.org
2005-Jul-06 12:00 UTC
[CentOS] CentOS-announce Digest, Vol 5, Issue 1
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2005:0705-001 Critical CentOS 4 x86_64 php - security
update (CENTOSPLUS only) (Johnny Hughes)
2. CESA-2005:0705-001 Critical CentOS 4 i386 php - security
update (CENTOSPLUS only) (Johnny Hughes)
----------------------------------------------------------------------
Message: 1
Date: Tue, 05 Jul 2005 18:43:12 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:0705-001 Critical CentOS 4 x86_64
php - security update (CENTOSPLUS only)
To: centos-announce at centos.org
Message-ID: <1120606992.10579.43.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory 2005:0705-001
Critical CentOS 4 x86_64 php - security update
This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
--------------------------
Name : php Relocations: (not relocatable)
Version : 5.0.4 Vendor: CentOS
Release : 2.centos4 Build Date: 05Jul2005 04:15:18PM CDT
Install Date: (not installed) Build Host: x8664-build
Group : Development/Languages
Source RPM : php-5.0.4-2.centos4.src.rpm
Packager : Johnny Hughes <johnny at centos.org>
URL : http://www.php.net/
Summary : The PHP HTML-embedded scripting language.
------------------------
Update Information:
This update is considered critical by the CentOS Development Team, and
exploitation of the vulnerability can lead to remote code execution.
Anyone using php-5 from the centosplus repo is highly encouraged to
upgrade their installation immediately.
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-1921 to this issue.
The bundled version of shtool is also updated, to fix some temporary
file handling races. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.
Bug fixes for the dom, ldap, and gd extensions are also included in
this update.
------------------------
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751
https://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:
x86_64:
php-5.0.4-2.centos4.x86_64.rpm
php-bcmath-5.0.4-2.centos4.x86_64.rpm
php-dba-5.0.4-2.centos4.x86_64.rpm
php-devel-5.0.4-2.centos4.x86_64.rpm
php-gd-5.0.4-2.centos4.x86_64.rpm
php-imap-5.0.4-2.centos4.x86_64.rpm
php-ldap-5.0.4-2.centos4.x86_64.rpm
php-mbstring-5.0.4-2.centos4.x86_64.rpm
php-mysql-5.0.4-2.centos4.x86_64.rpm
php-ncurses-5.0.4-2.centos4.x86_64.rpm
php-odbc-5.0.4-2.centos4.x86_64.rpm
php-pear-5.0.4-2.centos4.x86_64.rpm
php-pgsql-5.0.4-2.centos4.x86_64.rpm
php-snmp-5.0.4-2.centos4.x86_64.rpm
php-soap-5.0.4-2.centos4.x86_64.rpm
php-xml-5.0.4-2.centos4.x86_64.rpm
php-xmlrpc-5.0.4-2.centos4.x86_64.rpm
src:
php-5.0.4-2.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20050705/45d09013/attachment-0001.bin
------------------------------
Message: 2
Date: Tue, 05 Jul 2005 18:43:06 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:0705-001 Critical CentOS 4 i386
php - security update (CENTOSPLUS only)
To: centos-announce at centos.org
Message-ID: <1120606986.10579.42.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"
CentOS Errata and Security Advisory 2005:0705-001
Critical CentOS 4 i386 php - security update
This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
--------------------------
Name : php Relocations: (not relocatable)
Version : 5.0.4 Vendor: CentOS
Release : 2.centos4 Build Date: 05Jul2005 03:46:00PM CDT
Install Date: (not installed) Build Host: i386-build
Group : Development/Languages
Source RPM : php-5.0.4-2.centos4.src.rpm
Packager : Johnny Hughes <johnny at centos.org>
URL : http://www.php.net/
Summary : The PHP HTML-embedded scripting language.
------------------------
Update Information:
This update is considered critical by the CentOS Development Team, and
exploitation of the vulnerability can lead to remote code execution.
Anyone using php-5 from the centosplus repo is highly encouraged to
upgrade their installation immediately.
This update includes the PEAR XML_RPC 1.3.1 package, which fixes a
security issue in the XML_RPC server implementation. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2005-1921 to this issue.
The bundled version of shtool is also updated, to fix some temporary
file handling races. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1751 to this issue.
Bug fixes for the dom, ldap, and gd extensions are also included in
this update.
------------------------
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1751
https://www.redhat.com/archives/fedora-announce-list/2005-July/msg00011.html
------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:
i386:
php-5.0.4-2.centos4.i386.rpm
php-bcmath-5.0.4-2.centos4.i386.rpm
php-dba-5.0.4-2.centos4.i386.rpm
php-devel-5.0.4-2.centos4.i386.rpm
php-gd-5.0.4-2.centos4.i386.rpm
php-imap-5.0.4-2.centos4.i386.rpm
php-ldap-5.0.4-2.centos4.i386.rpm
php-mbstring-5.0.4-2.centos4.i386.rpm
php-mysql-5.0.4-2.centos4.i386.rpm
php-ncurses-5.0.4-2.centos4.i386.rpm
php-odbc-5.0.4-2.centos4.i386.rpm
php-pear-5.0.4-2.centos4.i386.rpm
php-pgsql-5.0.4-2.centos4.i386.rpm
php-snmp-5.0.4-2.centos4.i386.rpm
php-soap-5.0.4-2.centos4.i386.rpm
php-xml-5.0.4-2.centos4.i386.rpm
php-xmlrpc-5.0.4-2.centos4.i386.rpm
src:
php-5.0.4-2.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20050705/27446c33/attachment-0001.bin
------------------------------
_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 5, Issue 1
*********************************************
Apparently Analagous Threads
- CESA-2005:0705-001 Critical CentOS 4 x86_64 php - security update (CENTOSPLUS only)
- CESA-2005:0705-001 Critical CentOS 4 i386 php - security update (CENTOSPLUS only)
- CentOS-announce Digest, Vol 7, Issue 1
- CESA-2005:0831-001 Important CentOS 4 i386 php - security update (CENTOSPLUS only)
- CESA-2005:0831-001 Important CentOS 4 x86_64 php - security update (CENTOSPLUS only)
Wisdom of the Ancients
