Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Mon, 11 Nov 2002 12:23 -0500
From: bugzilla@redhat.com
To: redhat-watch-list@redhat.com, redhat-announce-list@redhat.com
Subject: [RHSA-2002:213-06] New PHP packages fix vulnerability in mail function

---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          New PHP packages fix vulnerability in mail function
Advisory ID:       RHSA-2002:213-06
Issue date:        2002-11-11
Updated on:        2002-11-11
Product:           Red Hat Linux
Ключевые слова: , , , , , , , , , mail, PHP, safemode,  (найти похожие документы)

Cross references:=20=20
Obsoletes:         RHSA-2002:102
CVE Names:         CAN-2002-0985 CAN-2002-0986
---------------------------------------------------------------------

1. Topic:

PHP versions up to and including 4.2.2 contain vulnerabilities in the mail()
function allowing local script authors to bypass safe mode restrictions
and possibly allowing remote attackers to insert arbitrary mail headers and
content into the message.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386
Red Hat Linux 7.1 - alpha, i386, ia64
Red Hat Linux 7.2 - i386, ia64
Red Hat Linux 7.3 - i386

3. Problem description:

PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP server.=20

The mail function in PHP 4.x to 4.2.2 may allow local script authors to
bypass safe mode restrictions and modify command line arguments to the
MTA (such as Sendmail) in the fifth argument to mail(), altering MTA
behavior and possibly executing arbitrary local commands.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control
characters from its arguments, which could allow remote attackers to
modify mail message content, including mail headers, and possibly use
PHP as a "spam proxy."

Script authors should note that all input data should be checked for
unsafe data by any PHP scripts which call functions such as mail().

Note that this PHP errata, as did RHSA-2002:102, enforces memory limits on
the size of the PHP process to prevent a badly generated script from
becoming a possible source for a denial of service attack. The default
process size is 8MB, though you can adjust this as you deem necessary
through the php.ini directive memory_limit. For example, to change the
process memory limit to 4MB, add the following:

memory_limit 4194304

Important Note:

There are special instructions you should follow regarding your
/etc/php.ini configuration file in the "Solution" section below.

4. Solution:

Note that the /etc/php.ini configuration file is not replaced or
overwritten. You should carefully review your configuration file and adapt
it to your server or service functions.

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/php-4.1.2-7.0.6.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/php-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-manual-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-odbc-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-imap-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-mysql-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-devel-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-snmp-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-ldap-4.1.2-7.0.6.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/php-pgsql-4.1.2-7.0.6.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/php-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-manual-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-odbc-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-imap-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-mysql-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-devel-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-snmp-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-ldap-4.1.2-7.0.6.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/php-pgsql-4.1.2-7.0.6.i386.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/php-4.1.2-7.1.6.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/php-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-manual-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-odbc-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-imap-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-mysql-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-devel-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-snmp-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-ldap-4.1.2-7.1.6.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/php-pgsql-4.1.2-7.1.6.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/php-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-manual-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-odbc-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-imap-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-mysql-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-devel-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-snmp-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-ldap-4.1.2-7.1.6.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/php-pgsql-4.1.2-7.1.6.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/php-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-manual-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-odbc-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-imap-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-mysql-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-devel-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-snmp-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-ldap-4.1.2-7.1.6.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/php-pgsql-4.1.2-7.1.6.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/php-4.1.2-7.2.6.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/php-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-manual-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-odbc-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-imap-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-mysql-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-devel-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-snmp-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-ldap-4.1.2-7.2.6.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/php-pgsql-4.1.2-7.2.6.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/php-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-manual-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-odbc-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-imap-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-mysql-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-devel-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-snmp-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-ldap-4.1.2-7.2.6.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/php-pgsql-4.1.2-7.2.6.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/php-4.1.2-7.3.6.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/php-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-manual-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-odbc-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-imap-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-mysql-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-devel-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-snmp-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-ldap-4.1.2-7.3.6.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/php-pgsql-4.1.2-7.3.6.i386.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
90485525497c469a4ebad9f4cdb12df8 7.0/en/os/SRPMS/php-4.1.2-7.0.6.src.rpm
084a7d46f430c3bbebb166e4e7dafccc 7.0/en/os/alpha/php-4.1.2-7.0.6.alpha.rpm
94633a4880759a222f2bf80e8e819279 7.0/en/os/alpha/php-devel-4.1.2-7.0.6.alph=
a.rpm
95bb88ac38275e294c1050ac8997ca78 7.0/en/os/alpha/php-imap-4.1.2-7.0.6.alpha=
.rpm
06478932240a2aae3c248393c206ac18 7.0/en/os/alpha/php-ldap-4.1.2-7.0.6.alpha=
.rpm
8ffee623bf1079478a2f8e0b3bc51e08 7.0/en/os/alpha/php-manual-4.1.2-7.0.6.alp=
ha.rpm
9794474d1998299e5cbf87f43fad84f4 7.0/en/os/alpha/php-mysql-4.1.2-7.0.6.alph=
a.rpm
3c9b5bd9d7018979f5e6922ac4c8b281 7.0/en/os/alpha/php-odbc-4.1.2-7.0.6.alpha=
.rpm
dd9307df88f26af9ca98ccd8eb9cb4a1 7.0/en/os/alpha/php-pgsql-4.1.2-7.0.6.alph=
a.rpm
e88fc66b1bc54caa9e11c95b81fac09c 7.0/en/os/alpha/php-snmp-4.1.2-7.0.6.alpha=
.rpm
2087ee40822db5d1e15ad45d0a6927a0 7.0/en/os/i386/php-4.1.2-7.0.6.i386.rpm
1f890ae3e3811b0937d5d0fd75d80008 7.0/en/os/i386/php-devel-4.1.2-7.0.6.i386.=
rpm
a198cd678bc2769ff4c90c85132a8377 7.0/en/os/i386/php-imap-4.1.2-7.0.6.i386.r=
pm
19a42e427909ae7e70d48df284916c8a 7.0/en/os/i386/php-ldap-4.1.2-7.0.6.i386.r=
pm
886ce44baff31734f86fb6edb8b48f84 7.0/en/os/i386/php-manual-4.1.2-7.0.6.i386=
.rpm
dedcbf8e54013deb1acb32fed15d54ee 7.0/en/os/i386/php-mysql-4.1.2-7.0.6.i386.=
rpm
71dde819dad0e0f64b38eba29da5d886 7.0/en/os/i386/php-odbc-4.1.2-7.0.6.i386.r=
pm
a8c53e2406a1030570f56ea638929c1b 7.0/en/os/i386/php-pgsql-4.1.2-7.0.6.i386.=
rpm
1beb7c51989d53d7c69f9789cc66f9f4 7.0/en/os/i386/php-snmp-4.1.2-7.0.6.i386.r=
pm
6aa08613e86ec4b0751ecef7c59dd776 7.1/en/os/SRPMS/php-4.1.2-7.1.6.src.rpm
c998281ee18aa0eca71f2016389303df 7.1/en/os/alpha/php-4.1.2-7.1.6.alpha.rpm
9d84c486e9a3ba7cc06ded6266fec4cd 7.1/en/os/alpha/php-devel-4.1.2-7.1.6.alph=
a.rpm
535159e4058e4071da35b7aca17480d9 7.1/en/os/alpha/php-imap-4.1.2-7.1.6.alpha=
.rpm
4da8201f746aef01814a65ab91de11cb 7.1/en/os/alpha/php-ldap-4.1.2-7.1.6.alpha=
.rpm
b1ee6cd91a2bc9419360fb8e19db3799 7.1/en/os/alpha/php-manual-4.1.2-7.1.6.alp=
ha.rpm
6915c0b726d8e940aa9ea1186e7fac01 7.1/en/os/alpha/php-mysql-4.1.2-7.1.6.alph=
a.rpm
2ad85a017151c67500274b705eb63068 7.1/en/os/alpha/php-odbc-4.1.2-7.1.6.alpha=
.rpm
55e772bb4fa8a0c4f374fa765bc4dd50 7.1/en/os/alpha/php-pgsql-4.1.2-7.1.6.alph=
a.rpm
473568869164589f88e3ab6b5ccfd740 7.1/en/os/alpha/php-snmp-4.1.2-7.1.6.alpha=
.rpm
5dc6df9aea830c63e53de060f09eab35 7.1/en/os/i386/php-4.1.2-7.1.6.i386.rpm
50e5e688c8b96b39aabc60fb21c31117 7.1/en/os/i386/php-devel-4.1.2-7.1.6.i386.=
rpm
453ae087a6c61ebf2243438721f38f76 7.1/en/os/i386/php-imap-4.1.2-7.1.6.i386.r=
pm
a3e13d3311c0e42f8afdc8bcc5d6febb 7.1/en/os/i386/php-ldap-4.1.2-7.1.6.i386.r=
pm
439133a1fbc04fbf416c0969192f8863 7.1/en/os/i386/php-manual-4.1.2-7.1.6.i386=
.rpm
585169e96d346ef0b40f31a3e8a10acf 7.1/en/os/i386/php-mysql-4.1.2-7.1.6.i386.=
rpm
3a10578944aa7f8b3644161f80cc508b 7.1/en/os/i386/php-odbc-4.1.2-7.1.6.i386.r=
pm
86289d09f17a996bb2ba10195f19e4db 7.1/en/os/i386/php-pgsql-4.1.2-7.1.6.i386.=
rpm
f1d0a3e7b156cfc1456e530bed0f24d9 7.1/en/os/i386/php-snmp-4.1.2-7.1.6.i386.r=
pm
756fb7a0f1cf9e553336985b457ca031 7.1/en/os/ia64/php-4.1.2-7.1.6.ia64.rpm
adf1441f6531bcbf4c28099ea6b2b043 7.1/en/os/ia64/php-devel-4.1.2-7.1.6.ia64.=
rpm
1ffbe521674b69e4dd803f83ff93fd11 7.1/en/os/ia64/php-imap-4.1.2-7.1.6.ia64.r=
pm
a73a8d1442eb3ddfe4d04ab1f5fa5537 7.1/en/os/ia64/php-ldap-4.1.2-7.1.6.ia64.r=
pm
e223b0684b29a924517f805d8058c51f 7.1/en/os/ia64/php-manual-4.1.2-7.1.6.ia64=
.rpm
854ee2456eaa097a5d1a982ab700fb52 7.1/en/os/ia64/php-mysql-4.1.2-7.1.6.ia64.=
rpm
b403ad7a65003754915a2d69d227bfba 7.1/en/os/ia64/php-odbc-4.1.2-7.1.6.ia64.r=
pm
de9880f7bb9be4b2d762d3a1f0a904c5 7.1/en/os/ia64/php-pgsql-4.1.2-7.1.6.ia64.=
rpm
2daf7b792b1c7e31d9e67738a1f25ddc 7.1/en/os/ia64/php-snmp-4.1.2-7.1.6.ia64.r=
pm
d1200bf5bb11f41a2d7cfccb7e81a546 7.2/en/os/SRPMS/php-4.1.2-7.2.6.src.rpm
6878faca22f015da9f3f68ac568b13d9 7.2/en/os/i386/php-4.1.2-7.2.6.i386.rpm
cee00c2d2a4cee6e8b6c3c8f37ea89fe 7.2/en/os/i386/php-devel-4.1.2-7.2.6.i386.=
rpm
557c9f75d8fbdf6e06154cd4fa97002e 7.2/en/os/i386/php-imap-4.1.2-7.2.6.i386.r=
pm
e4814351b9db60cb7d7b8801eb543e1d 7.2/en/os/i386/php-ldap-4.1.2-7.2.6.i386.r=
pm
a74aca25eef4838c4aa56722e7c59213 7.2/en/os/i386/php-manual-4.1.2-7.2.6.i386=
.rpm
f393631c119c73e78ea1a441229f6a34 7.2/en/os/i386/php-mysql-4.1.2-7.2.6.i386.=
rpm
a59dc41370ce0a1867ec603567e75c91 7.2/en/os/i386/php-odbc-4.1.2-7.2.6.i386.r=
pm
9db516d929d817375e5df1e65cec8874 7.2/en/os/i386/php-pgsql-4.1.2-7.2.6.i386.=
rpm
57a7738197dec4bdc49ddf164b1f8ee7 7.2/en/os/i386/php-snmp-4.1.2-7.2.6.i386.r=
pm
f57ed9a83fe2205b500c3c604bc4b50e 7.2/en/os/ia64/php-4.1.2-7.2.6.ia64.rpm
c21dbae091815b81de1b2cb88e5b2088 7.2/en/os/ia64/php-devel-4.1.2-7.2.6.ia64.=
rpm
578792bfed2b1cacae39ab44072cac2a 7.2/en/os/ia64/php-imap-4.1.2-7.2.6.ia64.r=
pm
cd49f2ac0192b8da16ee98386641dc99 7.2/en/os/ia64/php-ldap-4.1.2-7.2.6.ia64.r=
pm
684f534069f2c533e08d83c54c7a7946 7.2/en/os/ia64/php-manual-4.1.2-7.2.6.ia64=
.rpm
0c270888c9c049335e3e4d907b97841c 7.2/en/os/ia64/php-mysql-4.1.2-7.2.6.ia64.=
rpm
90a15b51bf3f14bb19a53b7efd90c239 7.2/en/os/ia64/php-odbc-4.1.2-7.2.6.ia64.r=
pm
95835a51257fb5b337e335f635654bdd 7.2/en/os/ia64/php-pgsql-4.1.2-7.2.6.ia64.=
rpm
2d7b408823c692d8b347a4a280dc1b9e 7.2/en/os/ia64/php-snmp-4.1.2-7.2.6.ia64.r=
pm
49856911f9172d859529190d65358953 7.3/en/os/SRPMS/php-4.1.2-7.3.6.src.rpm
d541da613f5eae7b3f153b0622099b5f 7.3/en/os/i386/php-4.1.2-7.3.6.i386.rpm
8d08d1daae515fd1516bee5fef782fa9 7.3/en/os/i386/php-devel-4.1.2-7.3.6.i386.=
rpm
d2a49ba3a04906a01a9e3ea01ebe7013 7.3/en/os/i386/php-imap-4.1.2-7.3.6.i386.r=
pm
ec745cc76cd4f01f095d3dd8b1fb8683 7.3/en/os/i386/php-ldap-4.1.2-7.3.6.i386.r=
pm
2cb508396bd1d00e831f996644166df2 7.3/en/os/i386/php-manual-4.1.2-7.3.6.i386=
.rpm
8b6d67c4984cd5331e20e40813ecf9dd 7.3/en/os/i386/php-mysql-4.1.2-7.3.6.i386.=
rpm
3915f34de79134e5c471893516462b75 7.3/en/os/i386/php-odbc-4.1.2-7.3.6.i386.r=
pm
e95d036edde0c536ef70bd9d43d29ef0 7.3/en/os/i386/php-pgsql-4.1.2-7.3.6.i386.=
rpm
ed7d6075641acb74f3c3a59f929bcc63 7.3/en/os/i386/php-snmp-4.1.2-7.3.6.i386.r=
pm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
=20=20=20=20
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
=20=20=20=20
    md5sum <filename>


7. References:

http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D103011916928204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2002-0986

8. Contact:

The Red Hat security contact is <security@redhat.com>.  More contact
details at http://www.redhat.com/solutions/security/news/contact.html

Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Партнёры:

Хостинг: