Ubuntu Security Notice 1042-1 - Various issues have been addressed with php5. It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that the XML UTF-8 decoding code did not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which could allow an attacker to bypass cross-site scripting (XSS) protections. It was discovered that attackers might be able to bypass open_basedir() restrictions by passing a specially crafted filename. Other issues Maksymilian Arciemowicz discovered that a NULL pointer derefence in the ZIP archive handling code could allow an attacker to cause a denial of service through a specially crafted ZIP archive.
913a13e39a2c89b9d6470dae0fbd06dbbb46dd11bfc6b11630757c337688701fMandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php). The updated packages have been patched to correct these issues. The MDVSA-2010:225 advisory used the wrong patch to address the problem, however it did fix the issue. This advisory provides the correct upstream patch.
2203cef88168e2a77c3c7b7ba0c8963ffdbbd9e4cd234e5ebd370f2a7b74d1adMandriva Linux Security Advisory 2010-225 - A vulnerability was discovered and corrected in libmbfl (php).
32b339f2edf2d5d6437052db1f3fcb7ed319e504a9a6c345ec473fab9fbd2ce2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed