Rapid7 Vulnerability & Exploit Database

RHSA-2003:204: Updated PHP packages are now available

Back to Search

RHSA-2003:204: Updated PHP packages are now available

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
07/24/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

Updated PHP packages for Red Hat Linux 8.0 and 9 are available that fix a number of bugs, as well as a minor security problem in the transparent session ID functionality.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. This update contains fixes for a number of bugs discovered in the version of PHP included in Red Hat Linux 8.0 and 9. These bugs include the use of a PHP script as an ErrorDocument and possible POST body corruption in some configurations. Also included is a fix for a minor security problem. In PHP version 4.3.1 and earlier, when transparent session ID support is enabled using the "session.use_trans_sid" option, the session ID is not escaped before use. This allows a Cross Site Scripting attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0442 to this issue. All users of PHP are advised to upgrade to these erratum packages, which contain back-ported patches to correct these issues.

Solution(s)

  • redhat-upgrade-php
  • redhat-upgrade-php-devel
  • redhat-upgrade-php-imap
  • redhat-upgrade-php-ldap
  • redhat-upgrade-php-manual
  • redhat-upgrade-php-mysql
  • redhat-upgrade-php-odbc
  • redhat-upgrade-php-pgsql
  • redhat-upgrade-php-snmp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;