[Pardus-security] [PLSA 2010-44] Php: Multiple Vulnerabilities
Eren Turkay
eren at pardus.org.tr
Mon Mar 29 22:10:46 EEST 2010
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-44 security at pardus.org.tr
------------------------------------------------------------------------
Date: 2010-03-29
Severity: 3
Type: Remote
------------------------------------------------------------------------
Summary
=======
Multiple vulnerabilities have been fixed in PHP, which can be exploited
by malicious users to bypass certain security restrictions.
Description
===========
Fixed safe_mode validation inside tempnam() when the directory path does
not end with a /). (Martin Jansen)
Fixed a possible open_basedir/safe_mode bypass in session extension
identified by Grzegorz Stachowiak. (Ilia)
Improved LCG entropy. (Rasmus, Samy Kamkar)
Affected packages:
mod_php-5.2.13-76-11, all before 2009
php-cli-5.2.13-76-11, all before 2009
mod_php-5.2.13-75-15, all before 2008
php-cli-5.2.13-75-15, all before 2008
Resolution
==========
There are update(s) for mod_php-5.2.13-76-11, php-cli-5.2.13-76-11,
mod_php-5.2.13-75-15, php-cli-5.2.13-75-15. You can update them via
Package Manager or with a single command from console:
pisi up mod_php-5.2.13-76-11 php-cli-5.2.13-76-11 mod_php-5.2.13-75-15 php-cli-5.2.13-75-15
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=12363
* http://www.php.net/
------------------------------------------------------------------------
More information about the Pardus-security
mailing list