News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Security News:
Open SUSE Update for PHP4/PHP5 Packages
January 29, 2008 @ 13:58:00

The Open SUSE group has released an update for a list of their software to bring their PHP4 and PHP5 packages up to date.

php5 was updated to version 5.2.5 to fix several security vulnerabilities. For php4 on SLES9 the patches were backported.

You can find out more about the issues corrected as well as links to the packages that have been updated in the advisory message.

0 comments voice your opinion now!
php4 php5 package update secunia opensuse linux


Community News:
Avaya Products PHP Multiple Vulnerabilities
November 06, 2007 @ 07:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

0 comments voice your opinion now!
secunia advisory avaya security messaging secunia advisory avaya security messaging


Community News:
Red Hat Security Package Update
September 26, 2007 @ 12:02:00

The Red Hat linux group has issued an update for their PHP packages today:

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

You can get more information about this moderate level advisory from the Red Hat advisory including the affected products and the list of packages that should be updated to bring your installation up to date.

0 comments voice your opinion now!
secunia package update redhat security secunia package update redhat security


Secunia.com:
Fedora update for PHP
September 25, 2007 @ 07:52:00

Via this Secunia advisory posted today, there's information about the update the Fedora Linux group has made to the PHP package included in their distribution. According to the release:

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory post has more details on what the update fixes as well as the link to download the RPM packages to update your system. You can either manually download them or use the "yum" system to handle things a bit more automatically.

0 comments voice your opinion now!
fedora linux update package security vulnerability secunia fedora linux update package security vulnerability secunia


Secunia.com:
Red Hat Update for PHP
September 21, 2007 @ 07:54:00

On the Secunia site today, there's a new advisory posted for users of Red Hat linux - an update to the system's PHP packages.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory has more details on what the patch fixes and the checksum information for the update packages for all OSes.

0 comments voice your opinion now!
redhat update secunia package security vulnerability redhat update secunia package security vulnerability


Secunia.com:
Fedora update for PHP
September 19, 2007 @ 07:58:00

As mentioned in this advisory on the Secunia website (reposted from the original advisory) the Fedora Linux group has posted an update for their PHP package to bring it up to date with the recent PHP 5.2.4 release.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

0 comments voice your opinion now!
fedora advisory secunia package yum update fedora advisory secunia package yum update


Secunia.com:
rPath Update for Multiple php Packages
September 18, 2007 @ 07:51:00

According to this new advisory on the Secunia website, rPath has updated more of their PHP packages and has marked the update as "moderately critical" to keeping your systems safe.

rPath has issued an update for multiple php packages. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users and malicious users to bypass certain security restrictions.

The original advisory has links to the updated versions and to references as to what has changed.

In its default configuration, rPath Linux 1 does not install php5 and is thus not vulnerable to these attacks; however, systems to which php5 has been added may be vulnerable to one or more of these attacks.
0 comments voice your opinion now!
secunia rpath update package php5 critical secunia rpath update package php5 critical


Secunia.com:
Joomla! Multiple Vulnerabilities
July 30, 2007 @ 10:26:00

Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.

The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:

  • Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
  • Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
  • An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.

0 comments voice your opinion now!
joomla content management cms vulnerability secunia joomla content management cms vulnerability secunia


Secunia.com:
Ubuntu update for PHP
July 18, 2007 @ 09:36:00

Secunia.com has posted about the latest PHP package update for the Ubuntu linux distribution in a "highly critical" level update for relases 6.06, 6.10 and 7.04.

Ubuntu has issued an update for php. This fixes a vulnerability and a weakness, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system.

The post has links to all of the packages for every type of the distribution, including the architecture independent packages. Click on over and grab your update to bring your system up to date and safe.

0 comments voice your opinion now!
secunia ubuntu package update security bypass secunia ubuntu package update security bypass


Secunia.com:
Avaya Products PHP Multiple Vulnerabilities
June 14, 2007 @ 08:02:00

Secunia has posted a vulnerability marked as "highly critical" for users of any of the Avaya products that use PHP:

Avaya has acknowledged some vulnerabilities in various Avaya products, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

The following products are affected:

  • Avaya Communication Manager (CM 4.0 and CM 2.x prior to load 127.0)
  • Avaya CCS/SES (CCS/SES 3.1.1)
  • Avaya AES (AES 4.0)

Currently, according to the original announcement from Avaya, there are two issues that have been found and are able to be exploited - an issue with the xmlrpc extension and a problem with the ftp extension. Currently, there is no patch to correct these issues, but you can keep track of their current status via their entries

0 comments voice your opinion now!
secunia avaya xmlrpc ftp extenstion vulnerability secunia avaya xmlrpc ftp extenstion vulnerability



Community Events





Don't see your event here?
Let us know!


language framework interview security install laravel voicesoftheelephpant series podcast update introduction version package symfony community composer release opinion tool library

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework