PHPDeveloper.org

Community News: rPath Linux Updates PHP5 Packages

Tue, 20 Nov 2007 12:03:00 -0600

The rPath linux group has released another update for the PHP5 packages in their distribution:

Previous versions of the php5 package contain multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.

You can get the specifics of what's being fixed as well as download the latest packages from the rpath.com website.

Community News: rPath Updates PHP, PHP-MySQL and PHP-PGSQL Packages

Thu, 25 Oct 2007 10:31:00 -0500

rPath linux has issued an update to their packages for PHP, PHP-MySQL and PHP-PGSql to correct issues that could make it possible for a remote user to gain unauthorized access.

his fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions or by malicious people to potentially compromise a vulnerable system.

References and links to the update information can be found in their original advisory.

Secunia.com: rPath Update for Multiple php Packages

Tue, 18 Sep 2007 07:51:00 -0500

According to this new advisory on the Secunia website, rPath has updated more of their PHP packages and has marked the update as "moderately critical" to keeping your systems safe.

rPath has issued an update for multiple php packages. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users and malicious users to bypass certain security restrictions.

The original advisory has links to the updated versions and to references as to what has changed.

In its default configuration, rPath Linux 1 does not install php5 and is thus not vulnerable to these attacks; however, systems to which php5 has been added may be vulnerable to one or more of these attacks.

Secunia: rPath Update for gd and Multiple php Packages

Thu, 06 Sep 2007 09:43:00 -0500

As mentioned in this Secunia advisory today, rPath has release updates to several packages today including a few PHP ones and GD library updates.

rPath has issued an update for gd and multiple php packages. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited to cause a DoS (Denial of Service).

The update is marked as "moderately critical" so it's recommended that users update their installations as soon as possible. You can find out more information and get the links to download the packages from the original advisory post.

Secunia.com: rPath update for gd, php, php-mysql, and php-pgsql

Fri, 08 Jun 2007 08:49:00 -0500

Secunia has posted this advisory for rPath users to point out an update to several packages including gd, php, php-mysql, and php-pgsql.

rPath has issued an update for gd, php, php-mysql, and php-pgsql. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Users can grab the updated packages as linked to from the original advisory notice on the rPath mailing list:

Previous versions of the gd and php packages are vulnerable to a Denial of Service attack in which an attacker can use a truncated PNG image to cause unbounded CPU consumption. The libgd library is not exposed via any privileged or remote interfaces within rPath Linux per se, but it is exposed by some web applications, such as php (which provides its own internal version of libgd).