PHPDeveloper.org: Net-Security.org: SUSE Security Announcement - php4,php5 problems

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

PHPMaster.com: Zend Job Queue

Rob Diana's Blog: Web And Scripting Programming Language Job Trends - August 2011

Job Posting: Options Consulting Solutions Seeks PHP Developer Team Lead (Toronto, Canada)

Job Posting: FireScope Seeks Experienced Web Application Developer/Manager (Dallas, TX)

Kevin Schroeder's Blog: Added (PHP 5.3) job queuing to my WordPress instance

Job Posting: Jacob Group (Recruiter) Seeks Director of Software Development (Lacrosse, WI)

Job Posting: Skillshare Seeks Senior Frontend Engineer (New York, NY)

Job Posting: SoftLayer Seeks Software Engineer - Interface Development (Dallas, Tx)

Job Posting: Company Confidential Seeks Senior PHP Developer (Montreal, Quebec, Canada)

Job Posting: SoftLayer Seeks Software Engineer - Systems Development (Dallas, Tx)

News Archive

Cloud Out Loud Podcast: Interview with Ed Finkler

Reddit.com: What non-PHP stuff should a PHP developer know?

Community News: The Changelog Podcast

Site News: Popular Posts for the Week of 02.10.2012

Leaseweb Labs Blog: Migration to Symfony2 continued

SitePoint.com: How to Create Your Own Random Number Generator in PHP

Refulz.com: The __toString() Method - Objects as Strings

PHPMaster.com: Using Traits in PHP 5.4

Site News: Blast from the Past - One Year Ago in PHP

Ibuildings techPortal: DPC Radio: Implementing OAuth

Net-Security.org:
SUSE Security Announcement - php4,php5 problems

by Chris Cornutt June 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

Invalid characters in session names were not blocked.
CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

0 comments voice your opinion now!
suse security issue remote execution php4 php5 suse security issue remote execution php4 php5

Community Events

Don't see your event here?
Let us know!

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework