New Search

RHSA-2008:0544 -- php security update (Moderate)

oval:org.mitre.oval:def:29150

Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmdfunction did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmdand execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051)

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 3
Class:
patch
Reference(s):
  • RHSA-2008:0544
  • CESA-2008:0544-CentOS 3
  • CESA-2008:0544-CentOS 5
  • CVE-2007-4782
  • CVE-2007-5898
  • CVE-2007-5899
  • CVE-2008-2051
  • CVE-2008-2107
  • CVE-2008-2108
Product(s):
  • php