-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

##
## Patch description of patch d6325fe0853bd6af9be769dd3ffc68fc
##

Kind: security

Shortdescription.english:  Security update for PHP4

Longdescription.english:

   Applies to

   Package: mod_php4,mod_php4-core,mod_php4-servlet
   Product(s):

   Release: 20050113
   Obsoletes:
   05bfd193c8e6d2c1b9f98a77a8df73d8,08271feb8c2c0fa45b0c323829a
   d32ec,d3e37376de7633350c988390d2ed9528

  Indications

   Everyone using PHP4 should update

  Contraindications

   None.

  Problem description

   This update fixes the following security issues:
     * A bug that can be exploited by remote attackers to
       bypass HTML tag filtering (cross-site-scripting
       prevention) by supplying special tags. These kind of
       tags should be ignored because they are not valid but
       they get accepted by some commercial web browsers.
     * A bug that can be exploited by remote attackers by
       triggering the memory_limit in unsafe states of a PHP
       execution path to execute arbitrary code.
     * Bugs caused by bad array parsing of the user input via
       GET, POST and COOKIE. One could lead to overwriting
       variable $_FILES, while the other could expose some
       pieces of the php memory to the attacker.
     * A bug that could disclose php sourcecode in some
       circumstances.
     * Various bugs in the unserializer (CAN-2004-1019)
     * A buffer overflow in the exif parser (CAN-2004-1065)

   This update also fixes the following non-security issues:
     * Wrong type usage caused two errors within PHP4's session
       handling:
          + Session variables where not read from /tmp/sess_*
            files, thus rendering session management useless in
            most cases.
          + The functions print() and echo() did not produce
            any output whenever a session was started with
            session_start().

  Solution

   Please install the updates provided at the location noted
   below.

  Installation notes

   This update is provided as an RPM package that can easily be
   installed onto a running system by using this command:
rpm -Fvh mod_php4.rpm mod_php4-core.rpm mod_php4-servlet.rpm
Hsilgne.noitpircsedgnol:

Size: 2988


MinYaST1Version:
MinYaST2Version:
UpdateOnlyInstalled: true

Packages:
##
## -----> mod_php4 <-----
##
Filename: mod_php4.rpm
Label: Latest version of the HTML embedded scripting language
Series: i586
Size: 2026588 827806
PatchRpmBasedOn: 4.2.2-124 4.2.2-165 4.2.2-219 4.2.2-231 4.2.2-234 4.2.2-255 4.2.2-309 4.2.2-311 4.2.2-313 4.2.2-479 4.2.2-481
PatchRpmSize: 2026588 828161
Buildtime: 1105545267
DepAND:
DepOR:
DepExcl:
Flag:
Category:
RpmGroup: Productivity/Networking/Web/Servers
Copyright: GPL
AuthorName: Andrei Zmievski <andrei@ispi.net>
Danny Heijl <Danny.Heijl@cevi.be>
Frank M. Kromann <fmk@swwwing.com>
Rasmus Lerdorf <rasmus@php.net>
Sam Ruby <rubys@us.ibm.com>
Sascha Schumann <sascha@schumann.cx>
Stefan Roehrich <sr@linux.de>
Thies C. Arntzen <thies@digicol.de>
Uwe Steinmann <steinm@php.net>
AuthorAddress:
Version: 4.2.2-485
StartCommand:
Obsoletes:
Requires: mod_php4-core = 4.2.2 apache apache_mmn_19990320_13 fillup fileutils /bin/sh ld-linux.so.2 libX11.so.6 libXpm.so.4 libasn1.so.5 libbz2.so.1 libc-client.so libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libcom_err.so.1 libcrypt.so.1 libcrypt.so.1(GLIBC_2.0) libcrypto.so.0.9.6 libcurl.so.2 libdb-4.0.so libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libexpat.so.0 libfreetype.so.6 libgd.so.4 libgdbm.so.2 libgmp.so.3 libgssapi.so.1 libiodbc.so.2 libjpeg.so.62 libkrb5.so.17 liblber.so.2 libldap.so.2 libltdl.so.3 libm.so.6 libm.so.6(GLIBC_2.0) libmcal.so libmcrypt.so.4 libmm.so.12 libmysqlclient.so.10 libncurses.so.5 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0 libpng12.so.0 libpq.so.2 libresolv.so.2 libresolv.so.2(GLIBC_2.0) libresolv.so.2(GLIBC_2.2) libroken.so.9 libsablot.so.0 libsasl.so.7 libsnmp-0.4.2.5.so libssl.so.0.9.6 libt1.so.1 libxml2.so.2 libz.so.1 rpmlib(PayloadIsBzip2) <= 3.0.5-1
Provides: php   php4   mod_php4   zend   mod_php   libphp4.so
##
## -----> mod_php4-core <-----
##
Filename: mod_php4-core.rpm
Label: core files of PHP4
Series: i586
Size: 4155372 1402309
PatchRpmBasedOn: 4.2.2-124 4.2.2-165 4.2.2-219 4.2.2-231 4.2.2-234 4.2.2-255 4.2.2-309 4.2.2-311 4.2.2-313 4.2.2-479 4.2.2-481
PatchRpmSize: 4155372 1209036
Buildtime: 1105545267
DepAND:
DepOR:
DepExcl:
Flag:
Category:
RpmGroup: Productivity/Networking/Web/Servers
Copyright: GPL
AuthorName: Andrei Zmievski <andrei@ispi.net>
Danny Heijl <Danny.Heijl@cevi.be>
Frank M. Kromann <fmk@swwwing.com>
Rasmus Lerdorf <rasmus@php.net>
Sam Ruby <rubys@us.ibm.com>
Sascha Schumann <sascha@schumann.cx>
Stefan Roehrich <sr@linux.de>
Thies C. Arntzen <thies@digicol.de>
Uwe Steinmann <steinm@php.net>
AuthorAddress:
Version: 4.2.2-485
StartCommand:
Obsoletes:
Requires: /bin/sh /usr/bin/php ld-linux.so.2 libX11.so.6 libXext.so.6 libXi.so.6 libXpm.so.4 libasn1.so.5 libbz2.so.1 libc-client.so libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.2) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.2.3) libcom_err.so.1 libcrypt.so.1 libcrypt.so.1(GLIBC_2.0) libcrypto.so.0.9.6 libcurl.so.2 libdb-4.0.so libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libexpat.so.0 libfreetype.so.6 libgcc_s.so.1 libgd.so.4 libgdbm.so.2 libgmp.so.3 libgssapi.so.1 libiodbc.so.2 libjpeg.so.62 libkrb5.so.17 liblber.so.2 libldap.so.2 libltdl.so.3 libm.so.6 libm.so.6(GLIBC_2.0) libmcal.so libmcrypt.so.4 libmm.so.12 libmysqlclient.so.10 libncurses.so.5 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0 libpng12.so.0 libpq.so.2 libresolv.so.2 libresolv.so.2(GLIBC_2.0) libresolv.so.2(GLIBC_2.2) libroken.so.9 libsablot.so.0 libsasl.so.7 libsnmp-0.4.2.5.so libssl.so.0.9.6 libt1.so.1 libxml2.so.2 libz.so.1 rpmlib(PayloadIsBzip2) <= 3.0.5-1
Provides: gd.so
##
## -----> mod_php4-servlet <-----
##
Filename: mod_php4-servlet.rpm
Label: PHP4 as a Jakarta servlet
Series: i586
Size: 2100790 830013
PatchRpmBasedOn: 4.2.2-124 4.2.2-165 4.2.2-219 4.2.2-231 4.2.2-234 4.2.2-255 4.2.2-309 4.2.2-311 4.2.2-313 4.2.2-479 4.2.2-481
PatchRpmSize: 2100790 828627
Buildtime: 1105545267
DepAND:
DepOR:
DepExcl:
Flag:
Category:
RpmGroup: Productivity/Networking/Web/Servers
Copyright: GPL
AuthorName: 
AuthorAddress:
Version: 4.2.2-485
StartCommand:
Obsoletes:
Requires: jakarta mod_php4-core = 4.2.2 ld-linux.so.2 libX11.so.6 libXpm.so.4 libasn1.so.5 libbz2.so.1 libc-client.so libc.so.6 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.2) libcom_err.so.1 libcrypt.so.1 libcrypt.so.1(GLIBC_2.0) libcrypto.so.0.9.6 libcurl.so.2 libdb-4.0.so libdl.so.2 libdl.so.2(GLIBC_2.0) libdl.so.2(GLIBC_2.1) libexpat.so.0 libfreetype.so.6 libgd.so.4 libgdbm.so.2 libgmp.so.3 libgssapi.so.1 libiodbc.so.2 libjpeg.so.62 libkrb5.so.17 liblber.so.2 libldap.so.2 libltdl.so.3 libm.so.6 libm.so.6(GLIBC_2.0) libmcal.so libmcrypt.so.4 libmysqlclient.so.10 libncurses.so.5 libnsl.so.1 libnsl.so.1(GLIBC_2.0) libpam.so.0 libpng12.so.0 libpq.so.2 libresolv.so.2 libresolv.so.2(GLIBC_2.0) libresolv.so.2(GLIBC_2.2) libroken.so.9 libsablot.so.0 libsasl.so.7 libsnmp-0.4.2.5.so libssl.so.0.9.6 libt1.so.1 libxml2.so.2 libz.so.1 rpmlib(PayloadIsBzip2) <= 3.0.5-1
Provides: libphp4.so
Segakcap:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB5mzaqE7a6JyACsoRAucnAKCRgX+v9AVC9XjxLccX6e/7lvZSxgCe
JSqi1DtFM4orv9vQqM6Em/edcWw=
=TOvg
-----END PGP SIGNATURE-----