News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Net-Security.org:
SUSE Security Announcement - php4,php5 problems
June 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

  • Invalid characters in session names were not blocked.
  • CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
  • CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
  • CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

0 comments voice your opinion now!
suse security issue remote execution php4 php5 suse security issue remote execution php4 php5


blog comments powered by Disqus

Similar Posts

WorkingSoftware.com.au: Configuring PHP4 and PHP5 to run concurrently on FreeBSD

PHP Security Blog: Goodbye HTTP Response Splitting, and thanks for all the fish

PHP Security Consortium: SecurityFocus Summaries Posted

PHPClasses.org: Lately in PHP Podcast #48 - To TDD or Not TDD?

Sean Coates\' Blog: Security and...Driving? (and Hiring)


Community Events





Don't see your event here?
Let us know!


community configure threedevsandamaybe voicesoftheelephpant api laravel series conference list interview introduction opinion symfony version release podcast unittest composer framework language

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework