Mandriva Linux Security Advisory 2009-324 - Multiple vulnerabilities was discovered and corrected in php. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.
e3afdb1902dc3655ca41902b102924f73c6a2af7992eeefb617e4d6c17506ffaMandriva Linux Security Advisory 2009-303 - Some vulnerabilities were discovered and corrected in php-5.2.11.
844464288de02b7df255dd47353061c269f2ec0291cd09a19dade3c22d33c267Ubuntu Security Notice 862-1 - Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this flaw and cause the PHP server to crash, resulting in a denial of service. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the tempnam function. An attacker could exploit this issue to bypass safe_mode restrictions. Grzegorz Stachowiak discovered that PHP did not properly enforce restrictions in the posix_mkfifo function. An attacker could exploit this issue to bypass open_basedir restrictions. Bogdan Calin discovered that PHP did not limit the number of temporary files created when handling multipart/form-data POST requests. A remote attacker could exploit this flaw and cause the PHP server to consume all available resources, resulting in a denial of service.
4f878a13f8d4ca2752e08bf4d244d21c1e5497b18bc52847b8aad57c52a0fa41Mandriva Linux Security Advisory 2009-302 - Some vulnerabilities were discovered and corrected in php-5.3.1.
a0ce7da0ac8e1b13fe4bfd3054d144216d266c1034944be910714f24fb8b1173
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed