CSWS_PHP V1.3 for HP Secure Web Server on OpenVMS Integrity

      Update 03

      Release Notes

      March 2010

      Based on PHP V4.3.10
      --------------------

      For more information about PHP, see http://www.php.net.

      For information about installing and configuring PHP with CSWS, see the
      CSWS_PHP Installation Guide and Release Notes at

      http://www.hp.com/products/openvms/php


      Problems Corrected
      ------------------

      This update contains software fixes for the security vulnerabilities
      detailed below as well as software fixes for general problems.

      1. CVE-2005-3388: Cross-site scripting (XSS) vulnerability in the phpinfo
         function in PHP 4.3.10.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3388

      2. CVE-2005-3353: The exif_read_data function in the Exif module in PHP
         4.3.10 allows remote attackers to cause a denial of service (infinite
         loop) via a malformed JPEG image.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3353

      3. CVE-2005-3390: The RFC1867 file upload feature in PHP 4.3.10, when
         register_globals is enabled, allows remote attackers to modify the GLOBALS
         array and bypass security protections of PHP applications via a multipart/
         form-data POST request with a "GLOBALS" fileupload field.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3390

      4. CVE-2007-0905: PHP 4.3.10 allows attackers to bypass safe_mode and open_basedir
         restrictions via unspecified vectors in the session extension.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0905

      5. CVE-2007-0906: PHP 4.3.10 allows attackers to bypass safe_mode and open_basedir
         restrictions via unspecified vectors in the session extension.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906

      6. CVE-2007-0907: Buffer underflow in PHP 4.3.10 allows attackers to cause a
         denial of service via unspecified vectors involving the sapi_header_op function.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907

      7. CVE-2007-0909: Multiple format string vulnerabilities in PHP 4.3.10 might allow
         attackers to execute arbitrary code via format string specifiers.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909

      8. CVE-2007-0910: Unspecified vulnerability in PHP 4.3.10 allows attackers to
         make certain super-global variables unusable via unspecified vectors.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910

      9. CVE-2007-0988: The zend_hash_init function in PHP 4.3.10 allows context-dependent
         attackers to cause a denial of service (infinite loop) by unserializing certain integer
         expressions, which only cause 32-bit arguments to be used after the check for a negative
         value.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988

      10.CVE-2007-1286: Integer overflow in PHP 4.3.10 allows remote context-dependent attackers to
         execute arbitrary code via a long string to the unserialize function, which triggers the
         overflow in the ZVAL reference counter.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1286

      11.CVE-2007-1383: Integer overflow in the 16-bit variable reference counter in PHP 4.3.10 allows
         context-dependent attackers to execute arbitrary code by overflowing this counter, which
         causes the same variable to be destroyed twice.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1383

      12.CVE-2007-1884: Multiple integer signedness errors in the printf function family in PHP 4.3.10
         on 64-bit machines allow context-dependent attackers to execute arbitrary code.

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1884

      13.CVE-2007-1885: Integer overflow in the str_replace function in PHP 4.3.10 allows context-dependent
         attackers to execute arbitrary code via a single character search string in conjunction with a long
         replacement string

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1885

      14.CVE-2007-1886: Integer overflow in the str_replace function in PHP 4.3.10 allows context-dependent
         attackers to have an unknown impact via a single character search string in conjunction with a single
         character replacement string, which causes an "off by one overflow."

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1886

      15.CVE-2007-3378: Vulnerabilities in the session_save_path, ini_set,
         and error_log functions in PHP 4.3.10

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3378


      16.CVE-2007-2872: Multiple integer overflows in the chunk_split function
         in PHP 4.3.10

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2872


      17.CVE-2007-2756: Vulnerability in the gdPngReadData function in the GD
         library (libgd).

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756


      18.CVE-2007-1001: Multiple integer overflows in the createwbmp and
         readwbmp functions in the GD library (libgd).

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001


      19.CVE-2007-0455: Buffer overflow in the gdImageStringFTEx function in
         the GD library (libgd).

         For additional information, see:

         http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0455


      20.Channel leak problem in CSWS_PHP when the "DocumentRoot" directive in
         Apache's "httpd.conf" pointed to multiple locations. Each PHP request
         was leaking channels and the apache server reported  a "403 Forbidden"
         error after the limit was reached on the "CHANNELCNT" system parameter.


      21.Https link redirection was failing in PHP scripts with the following
         messages.

         Warning: file_get_contents():php_stream_sock_ssl_activate_with_method:
         failed to create an SSL context

         Warning: file_get_contents: failed to open stream: Unable to activate
         SSL mode


      22.Enhance the PHP_GD extension

         In V1.3 of CSWS_PHP the PHP_GD extension was added, however,
         several graphics libraries were not included for use by that extension.

         This patch kit adds a much more complete PHP_GD extension for PHP
         with support for:

          GIF  - Graphics Interchange Format
          JPEG - Joint Photographic Experts Group
          PNG  - Portable Network Graphics
          WBMP - Wireless BitMap
          XBM  - X BitMap
          XPM  - X PixMap



      23.High performance arithmetic trap,-SYSTEM-F-HPARITH in PHP when using
         the is_numeric() function with a large number as the argument on
         OpenVMS Alpha.






      Installation instructions
      -------------------------

      To install the kit, perform the following:

        $ @SYS$STARTUP:APACHE$SHUTDOWN
        $ PRODUCT INSTALL CSWS_PHP13_UPDATE
        $ @SYS$STARTUP:APACHE$STARTUP