User: Password:
|
|
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2006.028 (php)

From:  OpenPKG <openpkg@openpkg.org>
To:  openpkg-announce@openpkg.org
Subject:  [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
Date:  Fri, 3 Nov 2006 23:58:53 +0100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory OpenPKG GmbH http://openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.028 2006-11-03 ________________________________________________________________________ Package: php Vulnerability: remote code execution OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLID <= php-5.1.6-E1.0.0 >= php-5.1.6-E1.0.1 <= apache-1.3.37-E1.0.0 >= apache-1.3.37-E1.0.1 2-STABLE-20061018 <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103 <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103 2-STABLE <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103 <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103 CURRENT <= php-5.1.6-20061017 >= php-5.2.0-20061103 <= apache-1.3.37-20061016 >= apache-1.3.37-20061103 Description: According to a security advisory [0] from Stefan Esser of the Hardened-PHP project, buffer overflows exist in the programming language PHP [1], version 5.1.6 and below. The buffer overflows are in the functions htmlentities() and htmlspecialchars() and may result in arbitrary remote code execution. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-5465 [2] to the problem. ________________________________________________________________________ References: [0] http://www.hardened-php.net/advisory_132006.138.html [1] http://www.php.net/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) which you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the instructions on http://openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <openpkg@openpkg.org> iD8DBQFFS8mZgHWT4GPEy58RAno/AJ9af8lxNEmC7v3h3bIzP2g9/285IACaAmzV Q9TZ4+jxEBCKH6mp09mZ3M0= =eziU -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project www.openpkg.org Project Announcement List openpkg-announce@openpkg.org


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds