Mandriva Linux Security Advisory 2009-065 - A vulnerability in the cURL library in PHP allowed context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files using a special URL request. Improved mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within.htaccess, which causes this setting to be applied to other virtual hosts on the same server. The updated packages have been patched to correct these issues.
81600b7210442d8910e0548f3b3b74df0d0b40a044f36901a7a75ad77feb28fcMandriva Linux Security Advisory 2009-023 - Denial of service, bypass, and various buffer overflows have been addressed in the php package.
92466f410be73bf8a3cbb21d9967b91cb688bf798202ffc8693fb04ad04223e3Mandriva Linux Security Advisory 2009-022 - Denial of service, bypass, integer overflow, and stack overflow vulnerabilities have been addressed in php.
4ea99f4240ecfa30f2ade91fa5134f537e90a95ae74fc87ce3b6a0bdc94aad8fUbuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.
3f4762bf322681e8f3484947ebc156f14c168b070b0d2ba92a048e740c8ac08fPHP versions 5.2.5 and 5.2.4 suffer from a cURL related safe_mode bypass vulnerability.
b7cc5ffd01f2b7dfd6146eb89b796d340c095a734fb88911e8dfd9cd3e66e284
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed