Package name
php
Date
2009-11-21
Advisory ID
MDVSA-2009:302
Affected versions
2010.0 x86_64 , 2010.0 i586

Problem description

Some vulnerabilities were discovered and corrected in php-5.3.1:

- Added max_file_uploads INI directive, which can be set to limit
the number of file uploads per-request to 20 by default, to prevent
possible DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing. (CVE-2009-3292,
Ilia)
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
Johannes, christian at elmerot dot se)

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.

Updated packages

2010.0 x86_64

 af925f045264bd859dfde35c960e934e  2010.0/x86_64/apache-mod_php-5.3.1-0.1mdv2010.0.x86_64.rpm
 ed57ed5d9556e025b203bd9c106ac075  2010.0/x86_64/lib64php5_common5-5.3.1-0.1mdv2010.0.x86_64.rpm
 2c7543ee2a7279a8fb0a78eb91b4870f  2010.0/x86_64/php-apc-3.1.3p1-2.2mdv2010.0.x86_64.rpm
 9410946e6d87d3cdcddeaa7c45970116  2010.0/x86_64/php-apc-admin-3.1.3p1-2.2mdv2010.0.x86_64.rpm
 f2aff3fd00e84afe1ad8efee09b2a469  2010.0/x86_64/php-bcmath-5.3.1-0.1mdv2010.0.x86_64.rpm
 88ea5ac44abcc05598dc21cfbce8e3b5  2010.0/x86_64/php-bz2-5.3.1-0.1mdv2010.0.x86_64.rpm
 662b8c3a4ea0515ab34573c1923d2ead  2010.0/x86_64/php-calendar-5.3.1-0.1mdv2010.0.x86_64.rpm
 4addbdce7a6605c9dacf448f86d05eb8  2010.0/x86_64/php-cgi-5.3.1-0.1mdv2010.0.x86_64.rpm
 e74beef1ad568b3aafa3547d37e65cee  2010.0/x86_64/php-cli-5.3.1-0.1mdv2010.0.x86_64.rpm
 e08d5c29f54a708960e0a952daef3b04  2010.0/x86_64/php-ctype-5.3.1-0.1mdv2010.0.x86_64.rpm
 570a48786390ef0a9e94649c073c2981  2010.0/x86_64/php-curl-5.3.1-0.1mdv2010.0.x86_64.rpm
 c3e3ae5cb74b7143984ed8ae94449f09  2010.0/x86_64/php-dba-5.3.1-0.1mdv2010.0.x86_64.rpm
 b131b9162844e8595f493a81808a1925  2010.0/x86_64/php-devel-5.3.1-0.1mdv2010.0.x86_64.rpm
 8f044f00302c1ea88223e246100a43b9  2010.0/x86_64/php-doc-5.3.1-0.1mdv2010.0.x86_64.rpm
 a76e37662c725fcd1475b3b6293a441b  2010.0/x86_64/php-dom-5.3.1-0.1mdv2010.0.x86_64.rpm
 f86368b4cd862df230afb47b6df1ae00  2010.0/x86_64/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.x86_64.rpm
 b94cd3ffa30d53a794b25e12c4ffe3b1  2010.0/x86_64/php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0.x86_64.rpm
 d11edbd96f5e8984bba1e8339ef422f7  2010.0/x86_64/php-enchant-5.3.1-0.1mdv2010.0.x86_64.rpm
 06a408cb9f8c4a9569d6efec868c8eb2  2010.0/x86_64/php-exif-5.3.1-0.1mdv2010.0.x86_64.rpm
 30549a612bff805c15d22be5697dd3ab  2010.0/x86_64/php-fileinfo-5.3.1-0.1mdv2010.0.x86_64.rpm
 afe80d46554c144992302056ede4f28c  2010.0/x86_64/php-filter-5.3.1-0.1mdv2010.0.x86_64.rpm
 009673fa236a6885b0cb31d172a68620  2010.0/x86_64/php-ftp-5.3.1-0.1mdv2010.0.x86_64.rpm
 0a0a27041055a1b055f5a27209bedb68  2010.0/x86_64/php-gd-5.3.1-0.1mdv2010.0.x86_64.rpm
 ed74522fb67a00ee0eac9df8b493be1d  2010.0/x86_64/php-gettext-5.3.1-0.1mdv2010.0.x86_64.rpm
 de68c986892957a12b762ec597fe5975  2010.0/x86_64/php-gmp-5.3.1-0.1mdv2010.0.x86_64.rpm
 34ce250e5d6fd2bfb35d4acd37639c2d  2010.0/x86_64/php-hash-5.3.1-0.1mdv2010.0.x86_64.rpm
 83a528a69b3b055225a0c3bed150f702  2010.0/x86_64/php-iconv-5.3.1-0.1mdv2010.0.x86_64.rpm
 8d11ce1e7fa15b18f9fd4d0518aa9673  2010.0/x86_64/php-imap-5.3.1-0.1mdv2010.0.x86_64.rpm
 8cf57fb95779336667b79a7e3697bb2f  2010.0/x86_64/php-intl-5.3.1-0.1mdv2010.0.x86_64.rpm
 263b05eee6a78e696ba3dfa92cef50b6  2010.0/x86_64/php-json-5.3.1-0.1mdv2010.0.x86_64.rpm
 8deebb001ba55d6af19339bc92abf576  2010.0/x86_64/php-ldap-5.3.1-0.1mdv2010.0.x86_64.rpm
 2df04edfd1e54f32c62c0ceb3375b1ab  2010.0/x86_64/php-mbstring-5.3.1-0.1mdv2010.0.x86_64.rpm
 ed124d26062f605743fe43751adf856d  2010.0/x86_64/php-mcrypt-5.3.1-0.1mdv2010.0.x86_64.rpm
 8d68f8ba93263971667c49908289f274  2010.0/x86_64/php-mssql-5.3.1-0.1mdv2010.0.x86_64.rpm
 701d98d81dc30b68f04f6a07a4d93ef7  2010.0/x86_64/php-mysql-5.3.1-0.1mdv2010.0.x86_64.rpm
 e41b38ff84c70017bbac0f321e8a5dfe  2010.0/x86_64/php-mysqli-5.3.1-0.1mdv2010.0.x86_64.rpm
 c2d92924b46631c19a6eabf359701dce  2010.0/x86_64/php-odbc-5.3.1-0.1mdv2010.0.x86_64.rpm
 929dcd802035a8bcbcc59aed3e07fa7b  2010.0/x86_64/php-openssl-5.3.1-0.1mdv2010.0.x86_64.rpm
 82e690723f064dda45556bb900d5d2e1  2010.0/x86_64/php-pcntl-5.3.1-0.1mdv2010.0.x86_64.rpm
 20281f6c6b622a04e4db95bfd596fe0f  2010.0/x86_64/php-pdo-5.3.1-0.1mdv2010.0.x86_64.rpm
 515478a8ad2d59619c176f1d49db99f7  2010.0/x86_64/php-pdo_dblib-5.3.1-0.1mdv2010.0.x86_64.rpm
 59c7a285e8ff867f6a299fc41c3c6c88  2010.0/x86_64/php-pdo_mysql-5.3.1-0.1mdv2010.0.x86_64.rpm
 e405f7b1f383dd682d9d3e83e0b55581  2010.0/x86_64/php-pdo_odbc-5.3.1-0.1mdv2010.0.x86_64.rpm
 c8cc52013ae004bae95efec6534b2295  2010.0/x86_64/php-pdo_pgsql-5.3.1-0.1mdv2010.0.x86_64.rpm
 3c5c649fba9a045226c1801babba4bb1  2010.0/x86_64/php-pdo_sqlite-5.3.1-0.1mdv2010.0.x86_64.rpm
 665598932c2a6289bb69e87a13829562  2010.0/x86_64/php-pgsql-5.3.1-0.1mdv2010.0.x86_64.rpm
 45f6212a1cc997d09439c54f2fb5421a  2010.0/x86_64/php-posix-5.3.1-0.1mdv2010.0.x86_64.rpm
 3330706bb8b4796f04300771049ec978  2010.0/x86_64/php-pspell-5.3.1-0.1mdv2010.0.x86_64.rpm
 cc393effb6953959dd0d56b98c2a9689  2010.0/x86_64/php-readline-5.3.1-0.1mdv2010.0.x86_64.rpm
 0ca164675f3dce8b3bbc3a04c96cbcd5  2010.0/x86_64/php-recode-5.3.1-0.1mdv2010.0.x86_64.rpm
 327c05423ac298c4f7a21b0ec7b5e952  2010.0/x86_64/php-session-5.3.1-0.1mdv2010.0.x86_64.rpm
 4db6fb4509bc6330494ab2b9aa0fefd2  2010.0/x86_64/php-shmop-5.3.1-0.1mdv2010.0.x86_64.rpm
 d035ea04132d7f0f2baa4c9ab47f4c01  2010.0/x86_64/php-snmp-5.3.1-0.1mdv2010.0.x86_64.rpm
 df35b761c968dff54bf28d498a803c3b  2010.0/x86_64/php-soap-5.3.1-0.1mdv2010.0.x86_64.rpm
 3426af3c4981a9263769be82924b2ee1  2010.0/x86_64/php-sockets-5.3.1-0.1mdv2010.0.x86_64.rpm
 e399f5c4c6835a37443ca8aceb3440e9  2010.0/x86_64/php-sqlite3-5.3.1-0.1mdv2010.0.x86_64.rpm
 eedb75005ef614970bd8e7d695439923  2010.0/x86_64/php-suhosin-0.9.29-2.2mdv2010.0.x86_64.rpm
 c00cd1045da69b8643f895731b03da44  2010.0/x86_64/php-sybase_ct-5.3.1-0.1mdv2010.0.x86_64.rpm
 4f2ca5b417a159ce50f0a35433a25f75  2010.0/x86_64/php-sysvmsg-5.3.1-0.1mdv2010.0.x86_64.rpm
 9caf6a8c009101816511e2e3f0e5b9eb  2010.0/x86_64/php-sysvsem-5.3.1-0.1mdv2010.0.x86_64.rpm
 f69f49f052a3bd75e4ab4d745cd2aa9a  2010.0/x86_64/php-sysvshm-5.3.1-0.1mdv2010.0.x86_64.rpm
 c9cad62df6b345a3907de1588e33da5d  2010.0/x86_64/php-tidy-5.3.1-0.1mdv2010.0.x86_64.rpm
 0dc8d1ec81f0d6dccc9e289ca36d1d3a  2010.0/x86_64/php-tokenizer-5.3.1-0.1mdv2010.0.x86_64.rpm
 008f86960b6a1089b0412cb21894c81a  2010.0/x86_64/php-wddx-5.3.1-0.1mdv2010.0.x86_64.rpm
 11930be12823f993c95cc17fdf5e25ec  2010.0/x86_64/php-xml-5.3.1-0.1mdv2010.0.x86_64.rpm
 9b19697ff48883eb8fa1c7700cc85611  2010.0/x86_64/php-xmlreader-5.3.1-0.1mdv2010.0.x86_64.rpm
 290dfa94f56b47c4d498e20135a2c4d3  2010.0/x86_64/php-xmlrpc-5.3.1-0.1mdv2010.0.x86_64.rpm
 78ac457660ffd4f2d80db2b69cb4ec09  2010.0/x86_64/php-xmlwriter-5.3.1-0.1mdv2010.0.x86_64.rpm
 56b5529784960b6bbf1e2b49475161aa  2010.0/x86_64/php-xsl-5.3.1-0.1mdv2010.0.x86_64.rpm
 88e4e45b58fd2fe7a2757ddeb01e0f2a  2010.0/x86_64/php-zip-5.3.1-0.1mdv2010.0.x86_64.rpm
 d25dccd760295679cf8787b5107c3246  2010.0/x86_64/php-zlib-5.3.1-0.1mdv2010.0.x86_64.rpm 
 a202eb53819509b7395cb0b4ba4ae6cf  2010.0/SRPMS/apache-mod_php-5.3.1-0.1mdv2010.0.src.rpm
 52e2ab547cf80d5feec71ea867c7e8dd  2010.0/SRPMS/php-5.3.1-0.1mdv2010.0.src.rpm
 dd09b21ab4d24b9e3b0a64e7da5d8a7a  2010.0/SRPMS/php-apc-3.1.3p1-2.2mdv2010.0.src.rpm
 69578a9daaa312128cbec0dcba61d923  2010.0/SRPMS/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.src.rpm
 6711727b246c38a02d8404e0d9e151f6  2010.0/SRPMS/php-suhosin-0.9.29-2.2mdv2010.0.src.rpm

2010.0 i586

 9a9a6d3592442a9cc6156053a7e10240  2010.0/i586/apache-mod_php-5.3.1-0.1mdv2010.0.i586.rpm
 c2929f3d9e4f6f9ffbdcf0298f49e9d5  2010.0/i586/libphp5_common5-5.3.1-0.1mdv2010.0.i586.rpm
 10a871efe5372d767e695015e6162a35  2010.0/i586/php-apc-3.1.3p1-2.2mdv2010.0.i586.rpm
 aeefd555c02ba93d7a0673261d09cefa  2010.0/i586/php-apc-admin-3.1.3p1-2.2mdv2010.0.i586.rpm
 dd36730ceca7bcbd75d1cc265e57796c  2010.0/i586/php-bcmath-5.3.1-0.1mdv2010.0.i586.rpm
 842085f294b53fea237c7fd4b4a4a731  2010.0/i586/php-bz2-5.3.1-0.1mdv2010.0.i586.rpm
 210b51fb4fc1bc7382270b5dfe4c1292  2010.0/i586/php-calendar-5.3.1-0.1mdv2010.0.i586.rpm
 e3af3bc4e93128e2a0c61134d92f2e4d  2010.0/i586/php-cgi-5.3.1-0.1mdv2010.0.i586.rpm
 3bf827beaf5e9f94413422921a54593b  2010.0/i586/php-cli-5.3.1-0.1mdv2010.0.i586.rpm
 caca8d01571db25e63934d87fd402bd4  2010.0/i586/php-ctype-5.3.1-0.1mdv2010.0.i586.rpm
 a6d80cf64701a05e16585fc501b5b540  2010.0/i586/php-curl-5.3.1-0.1mdv2010.0.i586.rpm
 1ea55c039c6aa701ce7bdab8f23a4809  2010.0/i586/php-dba-5.3.1-0.1mdv2010.0.i586.rpm
 b5a25648e7de6a4ae46c5987732ae5c2  2010.0/i586/php-devel-5.3.1-0.1mdv2010.0.i586.rpm
 18244fe0bc0d2c974bffbde442139d4d  2010.0/i586/php-doc-5.3.1-0.1mdv2010.0.i586.rpm
 86da36240233930dd45944fc5751aea2  2010.0/i586/php-dom-5.3.1-0.1mdv2010.0.i586.rpm
 4809b8e1dccb376b29e63d2d9e0553c8  2010.0/i586/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.i586.rpm
 888f1faf4e03f8b131ae3fa6d1b6df00  2010.0/i586/php-eaccelerator-admin-0.9.6-0.358.4.2mdv2010.0.i586.rpm
 98e2c5ff3b2b0bd5a3a324d75943bc68  2010.0/i586/php-enchant-5.3.1-0.1mdv2010.0.i586.rpm
 ebeba3403d3cfb154fd3519d1ba1f87b  2010.0/i586/php-exif-5.3.1-0.1mdv2010.0.i586.rpm
 b8032a3c9bab1ee6d92766a9d91a94b3  2010.0/i586/php-fileinfo-5.3.1-0.1mdv2010.0.i586.rpm
 5e065f9caafb239e95d0599b05d8b583  2010.0/i586/php-filter-5.3.1-0.1mdv2010.0.i586.rpm
 a684ffbdca2ab3e97a042c64893ee031  2010.0/i586/php-ftp-5.3.1-0.1mdv2010.0.i586.rpm
 77218195ea8f4c21ae5d09355f8a5ee6  2010.0/i586/php-gd-5.3.1-0.1mdv2010.0.i586.rpm
 a6b68a36aec61fe1eae6133cd3ccbc90  2010.0/i586/php-gettext-5.3.1-0.1mdv2010.0.i586.rpm
 3a1baea2efe7dc9150f5225183623ade  2010.0/i586/php-gmp-5.3.1-0.1mdv2010.0.i586.rpm
 cc54a9975fef390fc2334dba517c74d7  2010.0/i586/php-hash-5.3.1-0.1mdv2010.0.i586.rpm
 fbf023013b020e021484b791e7d2f37e  2010.0/i586/php-iconv-5.3.1-0.1mdv2010.0.i586.rpm
 9f21c625c471d60f4f7548337af57e8f  2010.0/i586/php-imap-5.3.1-0.1mdv2010.0.i586.rpm
 a0580ae15ead9e22722bbbc0bfecdab4  2010.0/i586/php-intl-5.3.1-0.1mdv2010.0.i586.rpm
 414f2c8a216355151a53c9e65b61672b  2010.0/i586/php-json-5.3.1-0.1mdv2010.0.i586.rpm
 753a519f72a54da833b92fceec144ed1  2010.0/i586/php-ldap-5.3.1-0.1mdv2010.0.i586.rpm
 548fe770100cdaee430d9b623a55d096  2010.0/i586/php-mbstring-5.3.1-0.1mdv2010.0.i586.rpm
 14aeafa4c3dc9328f7d3c86da329ee83  2010.0/i586/php-mcrypt-5.3.1-0.1mdv2010.0.i586.rpm
 ad13d62a841d3826186016c76f23b56f  2010.0/i586/php-mssql-5.3.1-0.1mdv2010.0.i586.rpm
 7fb2e63494ecab50f5f9759cf6949f31  2010.0/i586/php-mysql-5.3.1-0.1mdv2010.0.i586.rpm
 549bb95290499a6fcbebfe6abe05105a  2010.0/i586/php-mysqli-5.3.1-0.1mdv2010.0.i586.rpm
 7c8323fd8a56653d81061e196e8e518f  2010.0/i586/php-odbc-5.3.1-0.1mdv2010.0.i586.rpm
 a740f8c87363db809cd909dee0f4fb4b  2010.0/i586/php-openssl-5.3.1-0.1mdv2010.0.i586.rpm
 39cc4f6182e0995c59c6ed98a394fbeb  2010.0/i586/php-pcntl-5.3.1-0.1mdv2010.0.i586.rpm
 f56d6cb5f45698abc99f115fdaf7e216  2010.0/i586/php-pdo-5.3.1-0.1mdv2010.0.i586.rpm
 988b631048bb37c53b87296ba3a2917d  2010.0/i586/php-pdo_dblib-5.3.1-0.1mdv2010.0.i586.rpm
 3a563b0fab748c8e3879ed7f8cdb490f  2010.0/i586/php-pdo_mysql-5.3.1-0.1mdv2010.0.i586.rpm
 ff615466f3280e4ad692a7ae3475c6e0  2010.0/i586/php-pdo_odbc-5.3.1-0.1mdv2010.0.i586.rpm
 62676823cc4c8e1f1544c3783204f4bb  2010.0/i586/php-pdo_pgsql-5.3.1-0.1mdv2010.0.i586.rpm
 bedcc77f60e6074f2060718cba3e8dc9  2010.0/i586/php-pdo_sqlite-5.3.1-0.1mdv2010.0.i586.rpm
 64c1fccd42dd05002f5184c40cfbc659  2010.0/i586/php-pgsql-5.3.1-0.1mdv2010.0.i586.rpm
 9142be318f94284d2ded384cea6f597e  2010.0/i586/php-posix-5.3.1-0.1mdv2010.0.i586.rpm
 cb7fe22c4e97b94f0172b179e8fd0df5  2010.0/i586/php-pspell-5.3.1-0.1mdv2010.0.i586.rpm
 d420e68ab571e279d99cefc4645a91d2  2010.0/i586/php-readline-5.3.1-0.1mdv2010.0.i586.rpm
 c671f7ac343e230001d4a1dfb5f5ad08  2010.0/i586/php-recode-5.3.1-0.1mdv2010.0.i586.rpm
 fdf9c2c26dea59b7eeca43bfd8d9d6db  2010.0/i586/php-session-5.3.1-0.1mdv2010.0.i586.rpm
 e36e8637bf25f9b830755913aecf4eea  2010.0/i586/php-shmop-5.3.1-0.1mdv2010.0.i586.rpm
 4efdedb19a9367607d06f02a7b4761db  2010.0/i586/php-snmp-5.3.1-0.1mdv2010.0.i586.rpm
 5d3c726aea80f53dbc15dba5da4bbc3f  2010.0/i586/php-soap-5.3.1-0.1mdv2010.0.i586.rpm
 f08ec4a63bc858d5e9031787ce9cf1a5  2010.0/i586/php-sockets-5.3.1-0.1mdv2010.0.i586.rpm
 06390314b932f7855308a62ddcb38eba  2010.0/i586/php-sqlite3-5.3.1-0.1mdv2010.0.i586.rpm
 5f21547931e8f4082eac75d08e07a6f2  2010.0/i586/php-suhosin-0.9.29-2.2mdv2010.0.i586.rpm
 969522b615e5a933f9ce1e9173b6c13f  2010.0/i586/php-sybase_ct-5.3.1-0.1mdv2010.0.i586.rpm
 4d6c459c97c96e13de0b0879c5b4865d  2010.0/i586/php-sysvmsg-5.3.1-0.1mdv2010.0.i586.rpm
 1c295571ef8c01cd15253f9165f1f556  2010.0/i586/php-sysvsem-5.3.1-0.1mdv2010.0.i586.rpm
 d4a8fda07853535cdc5007c910404a45  2010.0/i586/php-sysvshm-5.3.1-0.1mdv2010.0.i586.rpm
 96a62ab7315a59938d157948bacd2780  2010.0/i586/php-tidy-5.3.1-0.1mdv2010.0.i586.rpm
 fbeea89fc593fd94ad6b5cb7f78c1b58  2010.0/i586/php-tokenizer-5.3.1-0.1mdv2010.0.i586.rpm
 2caf4287b11b13453bea74225f530bb8  2010.0/i586/php-wddx-5.3.1-0.1mdv2010.0.i586.rpm
 f29d6af1eafbccc4e9dd2359d793eb3b  2010.0/i586/php-xml-5.3.1-0.1mdv2010.0.i586.rpm
 6d3464dae2068065da7ff321f2d58f1a  2010.0/i586/php-xmlreader-5.3.1-0.1mdv2010.0.i586.rpm
 a52ffeebba0f8e946a714dd891b92fa6  2010.0/i586/php-xmlrpc-5.3.1-0.1mdv2010.0.i586.rpm
 6dd12846bf833846e5b74e92088eb293  2010.0/i586/php-xmlwriter-5.3.1-0.1mdv2010.0.i586.rpm
 cb2c46c2a56738036035f82dcc3a58d8  2010.0/i586/php-xsl-5.3.1-0.1mdv2010.0.i586.rpm
 c6cc598aa8e67bd86978485c0b50ccdd  2010.0/i586/php-zip-5.3.1-0.1mdv2010.0.i586.rpm
 6bebd32c74931303b4c0c035389e8855  2010.0/i586/php-zlib-5.3.1-0.1mdv2010.0.i586.rpm 
 a202eb53819509b7395cb0b4ba4ae6cf  2010.0/SRPMS/apache-mod_php-5.3.1-0.1mdv2010.0.src.rpm
 52e2ab547cf80d5feec71ea867c7e8dd  2010.0/SRPMS/php-5.3.1-0.1mdv2010.0.src.rpm
 dd09b21ab4d24b9e3b0a64e7da5d8a7a  2010.0/SRPMS/php-apc-3.1.3p1-2.2mdv2010.0.src.rpm
 69578a9daaa312128cbec0dcba61d923  2010.0/SRPMS/php-eaccelerator-0.9.6-0.358.4.2mdv2010.0.src.rpm
 6711727b246c38a02d8404e0d9e151f6  2010.0/SRPMS/php-suhosin-0.9.29-2.2mdv2010.0.src.rpm

References