News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Joe Devon's Blog:
How to get your talk accepted, experiences on the advisory board of Semtech & Zend
September 08, 2011 @ 08:56:58

As a result of the ZendCon advisory board for this year's event, Joe Devon has posted a guide that wants to help you get your talks accepted to conferences in the future (both PHP-related and not).

For those who don't know what an advisory board is, conference organizers get loads of proposals and need help deciding who should speak. So they ask others in the industry to provide some feedback. It was quite a learning experience.

He talks some about the "speaker backlash" that comes from being rejected, a lack of professionalism in some submittors and some basic (common sense) recommendations like:

  • fill out the form completely, even if you don't think it's all useful
  • start locally and then move up. A major conference isn't the place to try out your speaking first-shot
  • whet the board's appetite - make them want to hear more about the topic or come up with something new
  • share your unique experience with the technology
  • use sites like Joind.in, Meetup and SlideShare to your advantage
0 comments voice your opinion now!
zencon11 advisory board talk session selection experience accepted


Community News:
Avaya Products PHP Multiple Vulnerabilities
November 06, 2007 @ 07:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

0 comments voice your opinion now!
secunia advisory avaya security messaging secunia advisory avaya security messaging


Advisory:
Gentoo Linux PHP Package Upgrade
October 08, 2007 @ 08:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

0 comments voice your opinion now!
gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability


Secunia.com:
Fedora update for PHP
September 19, 2007 @ 07:58:00

As mentioned in this advisory on the Secunia website (reposted from the original advisory) the Fedora Linux group has posted an update for their PHP package to bring it up to date with the recent PHP 5.2.4 release.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

0 comments voice your opinion now!
fedora advisory secunia package yum update fedora advisory secunia package yum update


SecurityReason:
Three Advisories for PHP 5.2.4 (dl, iconv_substr & setlocale)
September 13, 2007 @ 09:33:00

The SecurityReason website has three new advisories posted concerning the latest release in the PHP 5 series:

The dl() overflow is marked as a medium threat (largely because it allows for arbitrary code execution) but the other two are shown as low threat. A patch is also given for the dl() issue to help correct the problem.

0 comments voice your opinion now!
php5 advisory dl iconv_substr setlocale medium low php5 advisory dl iconv_substr setlocale medium low


Zend:
Zend Technologies and COMMON Create PHP Advisory Group
July 18, 2007 @ 12:56:00

In a new press release (as posted on the ITJungle.com website), Zend has announced a collaboration between it and the COMMON Group to create a PHP advisory group:

Just before the July 4th holiday, Jim Dillard, the IBM alliance manager at Zend, and Ron Newman, who is chairman of COMMON's Advocacy Team and president of technology consulting firm Newmark Technologies, sent out a joint appeal via email for people to join the Zend Advisory Group.

The idea behind the group is to get together a bunch of COMMON members and have them provide direct input to Zend so the unique capabilities of the System i platform can be addressed more fully by Zend's products and to help Zend better understand how to interface with and deliver products to midrange customers.

Wondering if you (or your company) are in the group they're looking for? Here's some of the requirements:

  • Are you currently a programmer using the System i?
  • Have you installed Zend Core for i5/OS?
  • Do you have a PHP application running now?
  • Do understand the process of creating a call to the DB2 database?
  • Can you invoke RPG commands via the PHP toolkit?

If this is you and you'd like ot get in on the group, send an email along to Ron Newman for more information.

0 comments voice your opinion now!
zend common advisory group i5os os400 platform ibm zend common advisory group i5os os400 platform ibm


Secunia.com:
SUSE update for PHP
May 23, 2007 @ 16:29:00

Secunia has release a new advisory for SUSE linux users to point them to the update of the PHP packages on their system to correct a highly critical issue.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

0 comments voice your opinion now!
suse update secunia advisory package suse update secunia advisory package


Secunia.com:
phpChess Community Edition Multiple File Inclusion
May 07, 2007 @ 11:24:00

Users of the phpChess application for their website should take note of this new advisory posted on the Secunia website. It's related to a vulnerability that allows for multiple file inclusion, allowing for malicious code to be included. This issue is for Community Edition versions 2.x.

GolD_M has discovered some vulnerabilities in phpChess Community Edition, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

The issue surrounds the "root_path" parameter not being properly verified before the include happens. If register_globals is on, this could be overridden and malicious code could be injected. The recommended fix for the issue is to go in and correct the source code, making it validate the location of the file (and that it exists) before it is included.

0 comments voice your opinion now!
secunia phpchess advisory multiple file include secunia phpchess advisory multiple file include


Secunia.com:
Debian Updates for PHP4 and PHP5 Users
April 30, 2007 @ 12:14:00

As noted on the security update website, Secunia.com, Debian users can now update this distributions with the latest patches for both versions, PHP4 and PHP5.

Debian has issued an update for php4/php5. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to disclose potentially sensitive information or compromise a vulnerable system, and by malicious people to compromise a vulnerable system.

Links to the advisory posts (that include the links to download the updated packages):

It is recommended that Debian users update their installations immediately so as to avoid any kind of security issue that might result from the vulnerability.

0 comments voice your opinion now!
secunia security advisory debian update php4 php5 secunia security advisory debian update php4 php5


Secunia:
Cisco Products PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows
April 26, 2007 @ 07:55:00

Cicso product users should check out this latest issue Secunia has released today - a problem with the htmlentities and htmlspecialchars functions that can lead to buffer overflows.

The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application.

Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected.

Products affected include the Network Analysis Modules (NAM) for Cisco 6500 switch, Cisco 7600 router/Branch Routers and the CiscoWorks Wireless LAN Solution Engine (WLSE) and CiscoWorks Wireless LAN Solution (among others, check out the advisory for a more complete list).

There are some patches that have been released to correct this issue (like the one for the Cisco Unified Application Environment) but others are still yet to come. They recommend limiting access to only trusted IPs and devices only to reduce the risk of the problem being exploited.

1 comment voice your opinion now!
cisco buffer overflow htmlspecialchars htmlentities advisory cisco buffer overflow htmlspecialchars htmlentities advisory



Community Events





Don't see your event here?
Let us know!


threedevsandamaybe library application interview series bugfix wordpress community api laravel configure project podcast release introduction code framework list language developer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework