User: Password:
Subscribe / Log in / New account

OpenPKG alert OpenPKG-SA-2007.020 (php)

From:  OpenPKG GmbH <>
Subject:  [OpenPKG-SA-2007.020] OpenPKG Security Advisory (php)
Date:  Fri, 1 Jun 2007 14:11:30 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________ Publisher Name: OpenPKG GmbH Publisher Home: Advisory Id (public): OpenPKG-SA-2007.020 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: Advisory Document: Advisory Published: 2007-06-01 14:10 UTC Issue Id (internal): OpenPKG-SI-20070601.01 Issue First Created: 2007-06-01 Issue Last Modified: 2007-06-01 Issue Revision: 02 ____________________________________________________________________________ Subject Name: php Security fixes Subject Summary: Security Fixes Subject Home: - Subject Versions: php5.* <= 5.2.3 Vulnerability Id: CVE-2007-2872, CVE-2007-2756 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: remote network Attack Impact: denial of service, exposure of sensitive information, arbitrary code execution Description: According to a vendor release announcement [0] multiple security Enhancements and Fixes were fixed in version 5.2.3 of the programming language PHP [1]. Fixes that apply to the OpenPKG Enterprise 1 packages were extraced and backported. The readfile() funciton allows checking the existence of files anywhere in the filesystem. circumventing the open_basedir restriction. ( Fixed possible infinite loop in imagecreatefrompng. (Xavier Roche) (CVE-2007-2756) Fixed an integer overflow inside chunk_split() (Gerhard Wagner) (CVE-2007-2872) References: [0] [1] ____________________________________________________________________________ Primary Package Name: php Primary Package Home: Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID apache-1.3.37-E1.0.6 OpenPKG Enterprise E1.0-SOLID php-5.1.6-E1.0.4 OpenPKG Community CURRENT apache-1.3.37-20070601 OpenPKG Community CURRENT apache2-php-5.2.3-20070601 OpenPKG Community CURRENT php-5.2.3-20070601 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from or retrieve from the OpenPGP keyserver at hkp:// Follow the instructions at for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <> iD8DBQFGYAy3ZwQuyWG3rjQRAiYNAJ45r0YfBhnsIdTfGGKOwWT6XDi0/wCfUY+8 QnXdFKPBu0unwvT8LByR2eM= =4f0n -----END PGP SIGNATURE----- ______________________________________________________________________ OpenPKG Announcement List

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds