Issues have been reported in the following:

• integer overflow vulnerabilities in the PHP gd extension
• integer overflow vulnerability in the PHP chunk_split function
• a security update has introduced a bug into PHP session cookie handling
• vulnerability in the PHP money_format function
• vulnerability in the PHP wordwrap function
• vulnerability in PHP session cookie handling
• vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

• PHP 5.2.4 <= dl() open_basedir_bypass&code exec&dos - input for the dl() function is not handled correctly and can lead to arbitrary code being loaded and executed
• PHP <=5.2.4 iconv_substr() denial of service - memory limit issue can be used in a DoS attack
• PHP < 5.2.4 setlocale() denial of service - memory limit issue can be used for a DoS attack

The dl() overflow is marked as a medium threat (largely because it allows for arbitrary code execution) but the other two are shown as low threat. A patch is also given for the dl() issue to help correct the problem.

Just before the July 4th holiday, Jim Dillard, the IBM alliance manager at Zend, and Ron Newman, who is chairman of COMMON's Advocacy Team and president of technology consulting firm Newmark Technologies, sent out a joint appeal via email for people to join the Zend Advisory Group.

The idea behind the group is to get together a bunch of COMMON members and have them provide direct input to Zend so the unique capabilities of the System i platform can be addressed more fully by Zend's products and to help Zend better understand how to interface with and deliver products to midrange customers.

Wondering if you (or your company) are in the group they're looking for? Here's some of the requirements:

• Are you currently a programmer using the System i?
• Have you installed Zend Core for i5/OS?
• Do you have a PHP application running now?
• Do understand the process of creating a call to the DB2 database?
• Can you invoke RPG commands via the PHP toolkit?

If this is you and you'd like ot get in on the group, send an email along to Ron Newman for more information.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

GolD_M has discovered some vulnerabilities in phpChess Community Edition, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

The issue surrounds the "root_path" parameter not being properly verified before the include happens. If register_globals is on, this could be overridden and malicious code could be injected. The recommended fix for the issue is to go in and correct the source code, making it validate the location of the file (and that it exists) before it is included.

Debian has issued an update for php4/php5. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information or compromise a vulnerable system, and by malicious people to compromise a vulnerable system.

Links to the advisory posts (that include the links to download the updated packages):

• For PHP4 Users
• For PHP5 Users

The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application.

Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.

Products affected include the Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router/Branch Routers and the CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution (among others, check out the advisory for a more complete list).

There are some patches that have been released to correct this issue (like the one for the Cisco Unified Application Environment) but others are still yet to come. They recommend limiting access to only trusted IPs and devices only to reduce the risk of the problem being exploited.

The first advisory notes that:

While testing WordPress it was discovered that WordPress supports trackbacks in different charsets when PHP's mbstring extension is installed. This feature can be abused to bypass WordPress's SQL parameter escaping which leads to an SQL injection vulnerability that can result in a compromise of the admin account and end in a server compromise.

The second advisory talks about a problem with the WordPress admin interface that leaves it open to cross-site scripting issues.

The WordPress group has already released an updated version to resolve both of these issues. It is highly recommended that you update your installation immediately to prevent the exploits of either of these vulnerabilities.