Pardus Linux Security Advisory - Two overflow issues were discovered in Php which might possibly allow for arbitrary code execution.
4417694c5b2a2faf02c87e054d34967fb5e89e6106a90ce2194f6858d079b678------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-22 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-08-12
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
Two overflow issues were discovered in Php which might possibly allow
for arbitrary code execution.
Description
===========
Two overflow issues were discovered in Php:
- Overflow in ext/gd's imageloadfont() function
- Overflow in php's internal memnstr() function which is exposed to
userspace as "explode()
Affected packages:
Pardus 2008:
php-common, all before 5.2.6-65-3
php-cli, all before 5.2.6-65-3
mod_php, all before 5.2.6-65-3
Pardus 2007:
php-common, all before 5.2.6-58-27
php-cli, all before 5.2.6-58-36
mod_php, all before 5.2.6-58-59
Resolution
==========
There are update(s) for php-common, php-cli, mod_php. You can update
them via Package Manager or with a single command from console:
Pardus 2008:
pisi up php-common php-cli mod_php
Pardus 2007:
pisi up php-common php-cli mod_php
References
==========
* http://www.php.net/archive/2008.php#id2008-08-07-1
* http://news.php.net/php.cvs/51219
* http://news.php.net/php.cvs/52039
* http://news.php.net/php.cvs/52002
------------------------------------------------------------------------
--
Pınar Yanardağ
http://pinguar.org
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed