CentOS - Sep 2005 - CentOS-announce Digest, Vol 7, Issue 1

Send CentOS-announce mailing list submissions to
	centos-announce at centos.org

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
	centos-announce-request at centos.org

You can reach the person managing the list at
	centos-announce-owner at centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2005:0831-001 Important CentOS 4 i386 php -	security
      update (CENTOSPLUS only) (Johnny Hughes)
   2. CESA-2005:0831-001 Important CentOS 4 x86_64 php	- security
      update (CENTOSPLUS only) (Johnny Hughes)


----------------------------------------------------------------------

Message: 1
Date: Wed, 31 Aug 2005 16:06:57 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:0831-001 Important CentOS 4 i386
	php -	security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1125522417.10751.37.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory 2005:0831-001

Important CentOS 4 i386 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.
----------------
Name        : php              Relocations: (not relocatable)
Version     : 5.0.4            Vendor: CentOS
Release     : 3.centos4        Build Date: 31 Aug 2005 12:15:26 AM UTC
Install Date: (not installed)  Build Host: C4i386-build
Group       : Development/Languages
Source RPM: php-5.0.4-3.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny at centos.org>
URL         : http://www.php.net/
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
----------------
Update Information:

This update is considered important by the CentOS Development Team.

A bug was discovered in the PEAR XML-RPC Server package included in PHP.
If a PHP script is used which implements an XML-RPC Server using the
PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to
this issue.

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

http://rhn.redhat.com/errata/RHSA-2005-748.html

https://www.redhat.com/archives/fedora-announce-list/2005-August/msg00118.html

------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

i386:
php-5.0.4-3.centos4.i386.rpm
php-bcmath-5.0.4-3.centos4.i386.rpm
php-dba-5.0.4-3.centos4.i386.rpm
php-devel-5.0.4-3.centos4.i386.rpm
php-gd-5.0.4-3.centos4.i386.rpm
php-imap-5.0.4-3.centos4.i386.rpm
php-ldap-5.0.4-3.centos4.i386.rpm
php-mbstring-5.0.4-3.centos4.i386.rpm
php-mysql-5.0.4-3.centos4.i386.rpm
php-ncurses-5.0.4-3.centos4.i386.rpm
php-odbc-5.0.4-3.centos4.i386.rpm
php-pear-5.0.4-3.centos4.i386.rpm
php-pgsql-5.0.4-3.centos4.i386.rpm
php-snmp-5.0.4-3.centos4.i386.rpm
php-soap-5.0.4-3.centos4.i386.rpm
php-xml-5.0.4-3.centos4.i386.rpm
php-xmlrpc-5.0.4-3.centos4.i386.rpm

src:
php-5.0.4-3.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20050831/bc1bedd4/attachment-0001.bin

------------------------------

Message: 2
Date: Wed, 31 Aug 2005 16:07:07 -0500
From: Johnny Hughes <johnny at centos.org>
Subject: [CentOS-announce] CESA-2005:0831-001 Important CentOS 4
	x86_64 php	- security update (CENTOSPLUS only)
To: CentOS-Announce <centos-announce at centos.org>
Message-ID: <1125522427.10751.38.camel at myth.home.local>
Content-Type: text/plain; charset="us-ascii"

CentOS Errata and Security Advisory 2005:0831-001

Important CentOS 4 x86_64 php - security update

This CESA is for the version of php is that is included in the
centosplus repo for CentOS-4 ... this is not an update to the main
CentOS-4 repo.

----------------
Name        : php              Relocations: (not relocatable)
Version     : 5.0.4            Vendor: CentOS
Release     : 3.centos4        Build Date: 31 Aug 2005 12:15:26 AM UTC
Install Date: (not installed)  Build Host: x8664-build
Group       : Development/Languages
Source RPM: php-5.0.4-3.centos4.src.rpm
License: The PHP License
Packager    : Johnny Hughes <johnny at centos.org>
URL         : http://www.php.net/
Summary     : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.
----------------

Update Information:

This update is considered important by the CentOS Development Team.

A bug was discovered in the PEAR XML-RPC Server package included in PHP.
If a PHP script is used which implements an XML-RPC Server using the
PEAR XML-RPC package, then it is possible for a remote attacker to
construct an XML-RPC request which can cause PHP to execute arbitrary
PHP commands as the 'apache' user. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-2498 to
this issue.

All Users of PHP-5 from the CentOSPlus Repo should upgrade to these
updated packages.

More info is available at:

http://rhn.redhat.com/errata/RHSA-2005-748.html

https://www.redhat.com/archives/fedora-announce-list/2005-August/msg00118.html

------------------------
The following updated files have been uploaded and are currently
syncing to the mirrors:

x86_64:
php-5.0.4-3.centos4.x86_64.rpm
php-bcmath-5.0.4-3.centos4.x86_64.rpm
php-dba-5.0.4-3.centos4.x86_64.rpm
php-devel-5.0.4-3.centos4.x86_64.rpm
php-gd-5.0.4-3.centos4.x86_64.rpm
php-imap-5.0.4-3.centos4.x86_64.rpm
php-ldap-5.0.4-3.centos4.x86_64.rpm
php-mbstring-5.0.4-3.centos4.x86_64.rpm
php-mysql-5.0.4-3.centos4.x86_64.rpm
php-ncurses-5.0.4-3.centos4.x86_64.rpm
php-odbc-5.0.4-3.centos4.x86_64.rpm
php-pear-5.0.4-3.centos4.x86_64.rpm
php-pgsql-5.0.4-3.centos4.x86_64.rpm
php-snmp-5.0.4-3.centos4.x86_64.rpm
php-soap-5.0.4-3.centos4.x86_64.rpm
php-xml-5.0.4-3.centos4.x86_64.rpm
php-xmlrpc-5.0.4-3.centos4.x86_64.rpm

src:
php-5.0.4-3.centos4.src.rpm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.centos.org/pipermail/centos-announce/attachments/20050831/f7f588e1/attachment-0001.bin

------------------------------

_______________________________________________
CentOS-announce mailing list
CentOS-announce at centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 7, Issue 1
*********************************************