User: Password:
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2006.028 (php)

From:  OpenPKG <>
Subject:  [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
Date:  Fri, 3 Nov 2006 23:58:53 +0100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory OpenPKG GmbH OpenPKG-SA-2006.028 2006-11-03 ________________________________________________________________________ Package: php Vulnerability: remote code execution OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: E1.0-SOLID <= php-5.1.6-E1.0.0 >= php-5.1.6-E1.0.1 <= apache-1.3.37-E1.0.0 >= apache-1.3.37-E1.0.1 2-STABLE-20061018 <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103 <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103 2-STABLE <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103 <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103 CURRENT <= php-5.1.6-20061017 >= php-5.2.0-20061103 <= apache-1.3.37-20061016 >= apache-1.3.37-20061103 Description: According to a security advisory [0] from Stefan Esser of the Hardened-PHP project, buffer overflows exist in the programming language PHP [1], version 5.1.6 and below. The buffer overflows are in the functions htmlentities() and htmlspecialchars() and may result in arbitrary remote code execution. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-5465 [2] to the problem. ________________________________________________________________________ References: [0] [1] [2] ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <>" (ID 63C4CB9F) which you can retrieve from Follow the instructions on for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <> iD8DBQFFS8mZgHWT4GPEy58RAno/AJ9af8lxNEmC7v3h3bIzP2g9/285IACaAmzV Q9TZ4+jxEBCKH6mp09mZ3M0= =eziU -----END PGP SIGNATURE----- ______________________________________________________________________ The OpenPKG Project Project Announcement List

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds