rhsa-2007_0089
Vulnerability from csaf_redhat
Published
2007-02-26 09:49
Modified
2024-11-14 10:05
Summary
Red Hat Security Advisory: php security update for Stronghold

Notes

Topic
Updated PHP packages that fix multiple security issues are now available for Stronghold 4.0 for Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team.
Details
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) When unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988) If the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908) If the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909) A one byte memory read always occurs before the beginning of a buffer. This could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allow attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) Users of Stronghold should upgrade to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Stefan Esser for his help diagnosing these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated PHP packages that fix multiple security issues are now available for\nStronghold 4.0 for Enterprise Linux.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "PHP is an HTML-embedded scripting language commonly used with the Apache\nHTTP Web server. \n\nA number of buffer overflow flaws were found in the PHP session extension;\nthe str_replace() function; and the imap_mail_compose() function. If very\nlong strings were passed to the str_replace() function, an integer overflow\ncould occur in memory allocation. If a script used the imap_mail_compose()\nfunction to create a new MIME message based on an input body from an\nuntrusted source, it could result in a heap overflow. An attacker with\naccess to a PHP application affected by any these issues could trigger the\nflaws and possibly execute arbitrary code as the \u0027apache\u0027 user.\n(CVE-2007-0906)\n\nWhen unserializing untrusted data on 64-bit platforms, the zend_hash_init()\nfunction could be forced into an infinite loop, consuming CPU resources for\na limited time, until the script timeout alarm aborted execution of the\nscript. (CVE-2007-0988)\n\nIf the wddx extension was used to import WDDX data from an untrusted\nsource, certain WDDX input packets could expose a random portion of heap\nmemory. (CVE-2007-0908)\n\nIf the odbc_result_all() function was used to display data from a database,\nand the database table contents were under an attacker\u0027s control, a format\nstring vulnerability was possible which could allow arbitrary code\nexecution. (CVE-2007-0909)\n\nA one byte memory read always occurs before the beginning of a buffer. This\ncould be triggered, for example, by any use of the header() function in a\nscript. However it is unlikely that this would have any effect.\n(CVE-2007-0907)\n\nSeveral flaws in PHP could allow attackers to \"clobber\" certain\nsuper-global variables via unspecified vectors. (CVE-2007-0910)\n\nUsers of Stronghold should upgrade to these updated packages which contain\nbackported patches to correct these issues.\n\nRed Hat would like to thank Stefan Esser for his help diagnosing these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0089",
        "url": "https://access.redhat.com/errata/RHSA-2007:0089"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "229762",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229762"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0089.json"
      }
    ],
    "title": "Red Hat Security Advisory: php security update for Stronghold",
    "tracking": {
      "current_release_date": "2024-11-14T10:05:12+00:00",
      "generator": {
        "date": "2024-11-14T10:05:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.0"
        }
      },
      "id": "RHSA-2007:0089",
      "initial_release_date": "2007-02-26T09:49:00+00:00",
      "revision_history": [
        {
          "date": "2007-02-26T09:49:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-02-26T04:49:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-14T10:05:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
                "product": {
                  "name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
                  "product_id": "SH4-2.1AS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_stronghold:4.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Stronghold 4.0 for Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stronghold-php-odbc-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-odbc-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-odbc-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-odbc@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-pgsql-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-pgsql-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-pgsql-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-pgsql@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-mysql-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-mysql-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-mysql-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-mysql@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-manual-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-manual-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-manual-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-manual@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-snmp-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-snmp-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-snmp-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-snmp@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-imap-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-imap-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-imap-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-imap@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-ldap-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-ldap-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-ldap-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-ldap@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-devel-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-devel-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-devel-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php-devel@4.1.2-12?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "stronghold-php-0:4.1.2-12.i386",
                "product": {
                  "name": "stronghold-php-0:4.1.2-12.i386",
                  "product_id": "stronghold-php-0:4.1.2-12.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php@4.1.2-12?arch=i386"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "stronghold-php-0:4.1.2-12.src",
                "product": {
                  "name": "stronghold-php-0:4.1.2-12.src",
                  "product_id": "stronghold-php-0:4.1.2-12.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/stronghold-php@4.1.2-12?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-0:4.1.2-12.src as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-0:4.1.2-12.src"
        },
        "product_reference": "stronghold-php-0:4.1.2-12.src",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-devel-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-devel-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-imap-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-imap-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-ldap-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-ldap-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-manual-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-manual-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-mysql-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-mysql-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-odbc-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-odbc-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-pgsql-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-pgsql-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "stronghold-php-snmp-0:4.1.2-12.i386 as a component of Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)",
          "product_id": "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        },
        "product_reference": "stronghold-php-snmp-0:4.1.2-12.i386",
        "relates_to_product_reference": "SH4-2.1AS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-0906",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618280"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions.  NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885).  NOTE: as of 20070411, vector (3) might involve the imap_mail_compose function (CVE-2007-1825).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0906"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618280",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618280"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0906",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0906"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0906",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0906"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0907",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618281"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0907"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618281",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618281"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0907"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0907",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0907"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0908",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618282"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0908"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618282",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618282"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0908",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0908"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0908",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0908"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0909",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618283"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0909"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618283",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618283"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0909"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0909",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0909"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0910",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618284"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Unspecified vulnerability in PHP before 5.2.1 allows attackers to \"clobber\" certain super-global variables via unspecified vectors.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0910"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618284",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618284"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0910",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0910"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0910",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0910"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-0988",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618285"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an \"a:2147483649:{\" argument.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-0988"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618285",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618285"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-0988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-0988"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0988",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0988"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2007-1380",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240157"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php session extension information leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1380"
        },
        {
          "category": "external",
          "summary": "RHBZ#240157",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240157"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1380",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1380",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1380"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "php session extension information leak"
    },
    {
      "cve": "CVE-2007-1701",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240431"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling session_decode on a string beginning with \"_SESSION|s:39:\".",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php session extension global variable clobber",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1701"
        },
        {
          "category": "external",
          "summary": "RHBZ#240431",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240431"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1701",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1701"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1701",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1701"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "php session extension global variable clobber"
    },
    {
      "cve": "CVE-2007-1825",
      "discovery_date": "2007-02-14T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "240426"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "php imap_mail_compose() buffer overflow via type.parameters",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906.",
          "title": "Statement"
        }
      ],
      "product_status": {
        "fixed": [
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
          "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
          "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1825"
        },
        {
          "category": "external",
          "summary": "RHBZ#240426",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=240426"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1825",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1825"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1825",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1825"
        }
      ],
      "release_date": "2007-02-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-02-26T09:49:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-0:4.1.2-12.src",
            "SH4-2.1AS:stronghold-php-devel-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-imap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-ldap-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-manual-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-mysql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-odbc-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-pgsql-0:4.1.2-12.i386",
            "SH4-2.1AS:stronghold-php-snmp-0:4.1.2-12.i386"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0089"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "php imap_mail_compose() buffer overflow via type.parameters"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.