---

Fedora Core Advisories: php, abiword, subversion


Fedora Update Notification
FEDORA-2004-222
2004-07-23


Product : Fedora Core 1
Name : php
Version : 4.3.8
Release : 1.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and
process the embedded PHP language in Web pages.


Update Information:

This update includes the latest release of PHP 4, including
fixes for security issues in memory limit handling (CVE
CAN-2004-0594), and the strip_tags function (CVE CAN-2004-0595).
CAN-2004-0595 is not known to be exploitable in the default
configuration if using httpd 2.0.50, but can be triggered if the
“register_globals” setting has been enabled. CAN-2004-0595 can
allow a possible cross-site-scripting attack with some
browsers.

The mbstring extension has been moved into the php-mbstring
subpackage in this update to reduce the overall package size.


  • Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.1
    • revert default php.ini change since 4.3.6
    • add three FD_SETSIZE changes to main/network.c (#125258)
  • Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-1.0
    • update to 4.3.8
    • add gmp_powm fix (Oskari Saarenmaa, #124318)
    • split out mbstring extension into php-mbstring subpackage
    • fix rebuild without bison/flex
    • have -devel require php of same release
    • add fixes for memory handling in 2.0 handler SAPI

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

13270796ce376c10185c0b9288650641 SRPMS/php-4.3.8-1.1.src.rpm
1cd156c31e2b369bf720c68ff4813577
x86_64/php-4.3.8-1.1.x86_64.rpm
4a94cdd98c57ccb6d422c6258a88c01c
x86_64/php-devel-4.3.8-1.1.x86_64.rpm
b945776c8e0fab2d752b2f6ac0449884
x86_64/php-imap-4.3.8-1.1.x86_64.rpm
ddc13f90bb07d79cf331492fa0405924
x86_64/php-ldap-4.3.8-1.1.x86_64.rpm
76d3ec1db4632b8326ec53ce0d0b2351
x86_64/php-mysql-4.3.8-1.1.x86_64.rpm
474fb0bea6a77c73a137c9a174f88b09
x86_64/php-pgsql-4.3.8-1.1.x86_64.rpm
5282e7fc9eac5ba97daad437036f5a88
x86_64/php-odbc-4.3.8-1.1.x86_64.rpm
6bb844093e443af67dbf7d922c70743e
x86_64/php-snmp-4.3.8-1.1.x86_64.rpm
47d22c9f1b48dfd4a7b8edc45c352c8d
x86_64/php-domxml-4.3.8-1.1.x86_64.rpm
d69b3c22927b2e7d3f43d584530fcdc0
x86_64/php-xmlrpc-4.3.8-1.1.x86_64.rpm
3121513c6c0b02c04dfd8f1a1551ebc8
x86_64/php-mbstring-4.3.8-1.1.x86_64.rpm
746ec0a2c9f4e6624b9e187c99a36c17
x86_64/debug/php-debuginfo-4.3.8-1.1.x86_64.rpm
416d885c0a0c38f62c6160729dfaddca i386/php-4.3.8-1.1.i386.rpm
5e16fd3ed5e269c5dcc08f78f978ff29
i386/php-devel-4.3.8-1.1.i386.rpm
ba5c16182ef769ba51ac1eeb8c661e0a
i386/php-imap-4.3.8-1.1.i386.rpm
91c7ec599d536e8cffd998eaf1a9ccb2
i386/php-ldap-4.3.8-1.1.i386.rpm
760b1d2e855030f5c2fbb9302a3e444a
i386/php-mysql-4.3.8-1.1.i386.rpm
4a6639e2bd64da1d1ecac5db68ec26cb
i386/php-pgsql-4.3.8-1.1.i386.rpm
ee450e16caaaf71e86ec322ff6e87034
i386/php-odbc-4.3.8-1.1.i386.rpm
717964e60fd8f9a0035dfb42a649000e
i386/php-snmp-4.3.8-1.1.i386.rpm
703cc32c7b7a78e05b411d473e2efc7f
i386/php-domxml-4.3.8-1.1.i386.rpm
8c278827e58988eb9db98bfb03f4d77a
i386/php-xmlrpc-4.3.8-1.1.i386.rpm
6d4238cea2f80e11b084bb47342a5a9c
i386/php-mbstring-4.3.8-1.1.i386.rpm
2b9af26a3f62c7657586e25f47e2b381
i386/debug/php-debuginfo-4.3.8-1.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-223
2004-07-23


Product : Fedora Core 2
Name : php
Version : 4.3.8
Release : 2.1
Summary : The PHP HTML-embedded scripting language. (PHP: Hypertext
Preprocessor)
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and
process the embedded PHP language in Web pages.


Update Information:

This update includes the latest release of PHP 4, including
fixes for security issues in memory limit handling (CVE
CAN-2004-0594), and the strip_tags function (CVE CAN-2004-0595).
CAN-2004-0595 is not known to be exploitable in the default
configuration if using httpd 2.0.50, but can be triggered if the
“register_globals” setting has been enabled. CAN-2004-0595 can
allow a possible cross-site-scripting attack with some
browsers.

The mbstring extension has been moved into the php-mbstring
subpackage in this update to reduce the overall package size.


  • Fri Jul 16 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.1
    • revert upstream default php.ini change since 4.3.6
    • add three FD_SETSIZE changes to main/network.c (#125258)
  • Wed Jul 14 2004 Joe Orton <jorton@redhat.com> 4.3.8-2.0
    • update to 4.3.8
    • add gmp_powm fix (Oskari Saarenmaa, #124318)
    • split out mbstring extension into php-mbstring subpackage
    • fix rebuild without bison/flex
    • have -devel require php of same release
    • add fixes for memory handling in 2.0 handler SAPI

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

13c752c5f7f5a6564f2f6bd5bc8e7b0e SRPMS/php-4.3.8-2.1.src.rpm
65095fc26ad128d360997f903561b7d5
x86_64/php-4.3.8-2.1.x86_64.rpm
3b15e51fc58965ce96756a71f1c5b5de
x86_64/php-devel-4.3.8-2.1.x86_64.rpm
231d87f5d179c2b3b05f5c32414d14cd
x86_64/php-pear-4.3.8-2.1.x86_64.rpm
f9c27929bf99768ce5b59b26f73bccb2
x86_64/php-imap-4.3.8-2.1.x86_64.rpm
7ff188fe29a3d35239e22b5e0ceaa8f7
x86_64/php-ldap-4.3.8-2.1.x86_64.rpm
31df367d75e1983a35cb72fd3b139868
x86_64/php-mysql-4.3.8-2.1.x86_64.rpm
203e65f95c421e7349a1ab756cf82bde
x86_64/php-pgsql-4.3.8-2.1.x86_64.rpm
dd98e42d71494638ac839a16636e1550
x86_64/php-odbc-4.3.8-2.1.x86_64.rpm
8d901500f5d1f5ff28b33d7970e22c99
x86_64/php-snmp-4.3.8-2.1.x86_64.rpm
1f497d638c34ae5712261fdf3553148c
x86_64/php-domxml-4.3.8-2.1.x86_64.rpm
76ecadb87e33d92c75c3f87d0cea0453
x86_64/php-xmlrpc-4.3.8-2.1.x86_64.rpm
8901decbda81636ac02176440ccd3172
x86_64/php-mbstring-4.3.8-2.1.x86_64.rpm
6124e792f031f33d967c703d3d00e5e1
x86_64/debug/php-debuginfo-4.3.8-2.1.x86_64.rpm
3c614e351ee3bf2edd4bcccdaac730ae i386/php-4.3.8-2.1.i386.rpm
5b2dd8c438bdbee268f1ee895c60fda1
i386/php-devel-4.3.8-2.1.i386.rpm
6f08f5d2b259835ad514ea55c4c6f87c
i386/php-pear-4.3.8-2.1.i386.rpm
e0fbef311d2b603e6a95e4bcf10ed57d
i386/php-imap-4.3.8-2.1.i386.rpm
71211809dc9bfe8671d6c41f4ff33d46
i386/php-ldap-4.3.8-2.1.i386.rpm
22425aa3497a0b208475dc0a0c8b8cfe
i386/php-mysql-4.3.8-2.1.i386.rpm
1e086cc08143bb9380bfa5a2d659cdcb
i386/php-pgsql-4.3.8-2.1.i386.rpm
fbd12ada7afe1ff85e308d157151528c
i386/php-odbc-4.3.8-2.1.i386.rpm
503d75c815dd91a743e837ed5ab25f47
i386/php-snmp-4.3.8-2.1.i386.rpm
aeb98c24a1d782c9341526cdc9a58c92
i386/php-domxml-4.3.8-2.1.i386.rpm
0ba0a4d9676be8ca3589b3498ef83323
i386/php-xmlrpc-4.3.8-2.1.i386.rpm
c1f7cf35bfe5091d720d65d4515ea9ae
i386/php-mbstring-4.3.8-2.1.i386.rpm
fb4e286644c2b5b4bc6f3c833fb60312
i386/debug/php-debuginfo-4.3.8-2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-224
2004-07-23


Product : Fedora Core 1
Name : abiword
Version : 2.0.1
Release : 2
Summary : The AbiWord word processor
Description :
AbiWord is a cross-platform Open Source word processor. The goal is
to make AbiWord full-featured, and remain lean.


Update Information:

security update



This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/

e57b546e8f11d9f363397b68a014369a
SRPMS/abiword-2.0.1-2.src.rpm
044b7b4865d3ec84ae88b51a9782c76b
x86_64/abiword-2.0.1-2.x86_64.rpm
f4521bbad47d5dc290a679ccf9ace04c
x86_64/debug/abiword-debuginfo-2.0.1-2.x86_64.rpm
2d06a7e349ae064125bf9df5b8e0e1ff i386/abiword-2.0.1-2.i386.rpm
38e2456246b235e1698f1a74fa35374b
i386/debug/abiword-debuginfo-2.0.1-2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-225
2004-07-23


Product : Fedora Core 2
Name : abiword
Version : 2.0.5
Release : 2
Summary : The AbiWord word processor
Description :
AbiWord is a cross-platform Open Source word processor. The goal is
to make AbiWord full-featured, and remain lean.


Update Information:

security update


  • Fri Jul 16 2004 Caolan McNamara <caolanm@redhat.com> 1:2.0.5-2
    • 2.0.5 + wv security backport

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

196d7e51349cf2df2de47edff5e55f24
SRPMS/abiword-2.0.5-2.src.rpm
524da0b9e261f7a8b0e6d8e777d9e259
x86_64/abiword-2.0.5-2.x86_64.rpm
badda668a87cb691b68a299c70b33e99
x86_64/debug/abiword-debuginfo-2.0.5-2.x86_64.rpm
4a475310a4b29cbc0401a779e4fcd011 i386/abiword-2.0.5-2.i386.rpm
6b2aec51072118dfb0f036d431cff1a0
i386/debug/abiword-debuginfo-2.0.5-2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-231
2004-07-23


Product : Fedora Core 2
Name : subversion
Version : 1.0.6
Release : 1
Summary : Modern Version Control System designed to replace CVS
Description :
Subversion is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a
hierarchy of files and directories while keeping a history of all
changes. Subversion only stores the differences between versions,
instead of every complete file. Subversion is intended to be a
compelling replacement for CVS.


Update Information:

This update includes the latest release of Subversion, including
a security fix for an issue in the mod_authz_svn Apache
authentication module which could allow a read restriction for a
portion of the repository to be bypassed by a user who has write
access to a different portion of the repository. This issue does
not affect the svnserve daemon.



This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

85ae0a5c09180f9e1b71cb06c737afa8
SRPMS/subversion-1.0.6-1.src.rpm
40bf5bfeb9e980d24486a835432e145c
x86_64/subversion-1.0.6-1.x86_64.rpm
0883ea7ee7310103b1fdc2a56789d10d
x86_64/subversion-devel-1.0.6-1.x86_64.rpm
d7f05d987a77e1c82f99bfbbee533279
x86_64/mod_dav_svn-1.0.6-1.x86_64.rpm
7440cbfcc197892acda8676fbaa88c77
x86_64/subversion-perl-1.0.6-1.x86_64.rpm
85da1461925008507a5cf1fff5360d64
x86_64/debug/subversion-debuginfo-1.0.6-1.x86_64.rpm
b0081c0886c2348ca7d595b2e83580cc
i386/subversion-1.0.6-1.i386.rpm
7b771589cc6ecc08fbb160838aaca3bb
i386/subversion-devel-1.0.6-1.i386.rpm
8e674a1709118d100967b2771509862b
i386/mod_dav_svn-1.0.6-1.i386.rpm
85764d67cd305b55254cc13a82678e9a
i386/subversion-perl-1.0.6-1.i386.rpm
4e6ec1709a88cba540703396b0a65f17
i386/debug/subversion-debuginfo-1.0.6-1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis