Google Site SearchFN Site Search FN Blog Login FN Blog Login
Site Navigation:
 
 

Fedora Update

This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
This update can be installed with Yum Update Agent; you can type 'yum update' command in the terminal.
This update can also be installed with the Red Hat Update Agent; you can launch the Red Hat Update Agent with the 'up2date' command in the terminal.

[SECURITY] Fedora Core 1 Update: php-4.3.8-1.1

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-222
2004-07-23
---------------------------------------------------------------------

Product     : Fedora Core 1
Name        : php
Version     : 4.3.8                      
Release     : 1.1                  
Summary     : The PHP HTML-embedded scripting language.
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated webpages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache Web server to understand and process
the embedded PHP language in Web pages.

---------------------------------------------------------------------
Update Information:

This update includes the latest release of PHP 4, including fixes for
security issues in memory limit handling (CVE CAN-2004-0594), and the
strip_tags function (CVE CAN-2004-0595).  CAN-2004-0595 is not known
to be exploitable in the default configuration if using httpd 2.0.50,
but can be triggered if the "register_globals" setting has been
enabled.  CAN-2004-0595 can allow a possible cross-site-scripting
attack with some browsers.

The mbstring extension has been moved into the php-mbstring subpackage
in this update to reduce the overall package size.

---------------------------------------------------------------------

* Fri Jul 16 2004 Joe Orton  4.3.8-1.1

- revert default php.ini change since 4.3.6
- add three FD_SETSIZE changes to main/network.c (#125258)

* Wed Jul 14 2004 Joe Orton  4.3.8-1.0

- update to 4.3.8
- add gmp_powm fix (Oskari Saarenmaa, #124318)
- split out mbstring extension into php-mbstring subpackage
- fix rebuild without bison/flex
- have -devel require php of same release
- add fixes for memory handling in 2.0 handler SAPI

---------------------------------------------------------------------