_______________________________________________________________________
Package : php
Date : November 21, 2009
Affected: 2010.0
_______________________________________________________________________
Problem Description:
Some vulnerabilities were discovered and corrected in php-5.3.1:
- Added max_file_uploads INI directive, which can be set to limit
the number of file uploads per-request to 20 by default, to prevent
possible DOS via temporary file exhaustion. (Ilia)
- Added missing sanity checks around exif processing. (CVE-2009-3292,
Ilia)
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz
Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
Johannes, christian at elmerot dot se)
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3292
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3557
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3558
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3559
http://news.php.net/php.announce/79
_______________________________________________________________________
[ MDVSA-2009:302 ] php
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:302 ] php
Kirjoittaja dude67 » 22 Marras 2009, 09:47
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 49 vierailijaa