RHSA-2008:0544: php security update

Description

PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web server.It was discovered that the PHP escapeshellcmd() function did not properlyescape multi-byte characters which are not valid in the locale used by thescript. This could allow an attacker to bypass quoting restrictions imposedby escapeshellcmd() and execute arbitrary commands if the PHP script wasusing certain locales. Scripts using the default UTF-8 locale are notaffected by this issue. (CVE-2008-2051)PHP functions htmlentities() and htmlspecialchars() did not properlyrecognize partial multi-byte sequences. Certain sequences of bytes could bepassed through these functions without being correctly HTML-escaped.Depending on the browser being used, an attacker could use this flaw toconduct cross-site scripting attacks. (CVE-2007-5898)A PHP script which used the transparent session ID configuration option, orwhich used the output_add_rewrite_var() function, could leak sessionidentifiers to external web sites. If a page included an HTML form with anACTION attribute referencing a non-local URL, the user's session ID wouldbe included in the form data passed to that URL. (CVE-2007-5899)It was discovered that PHP fnmatch() function did not restrict the lengthof the string argument. An attacker could use this flaw to crash the PHPinterpreter where a script used fnmatch() on untrusted input data.(CVE-2007-4782)It was discovered that PHP did not properly seed its pseudo-random numbergenerator used by functions such as rand() and mt_rand(), possibly allowingan attacker to easily predict the generated pseudo-random values.(CVE-2008-2107, CVE-2008-2108)Users of PHP should upgrade to these updated packages, which containbackported patches to correct these issues.