Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Security News:
Open SUSE Update for PHP4/PHP5 Packages
Jan 29, 2008 @ 13:58:00

The Open SUSE group has released an update for a list of their software to bring their PHP4 and PHP5 packages up to date.

php5 was updated to version 5.2.5 to fix several security vulnerabilities. For php4 on SLES9 the patches were backported.

You can find out more about the issues corrected as well as links to the packages that have been updated in the advisory message.

tagged: php4 php5 package update secunia opensuse linux

Link:

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 07:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Community News:
Avaya Products PHP Multiple Vulnerabilities
Nov 06, 2007 @ 07:56:00

As mentioned in this new security advisory from Avaya, there's a risk that the PHP version included with their Messaging systems could provide a hole for a would-be attacker to gain access.

Issues have been reported in the following:

  • integer overflow vulnerabilities in the PHP gd extension
  • integer overflow vulnerability in the PHP chunk_split function
  • a security update has introduced a bug into PHP session cookie handling
  • vulnerability in the PHP money_format function
  • vulnerability in the PHP wordwrap function
  • vulnerability in PHP session cookie handling
  • vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

tagged: secunia advisory avaya security messaging secunia advisory avaya security messaging

Link:

Community News:
Red Hat Security Package Update
Sep 26, 2007 @ 12:02:00

The Red Hat linux group has issued an update for their PHP packages today:

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

You can get more information about this moderate level advisory from the Red Hat advisory including the affected products and the list of packages that should be updated to bring your installation up to date.

tagged: secunia package update redhat security secunia package update redhat security

Link:

Community News:
Red Hat Security Package Update
Sep 26, 2007 @ 12:02:00

The Red Hat linux group has issued an update for their PHP packages today:

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

You can get more information about this moderate level advisory from the Red Hat advisory including the affected products and the list of packages that should be updated to bring your installation up to date.

tagged: secunia package update redhat security secunia package update redhat security

Link:

Secunia.com:
Fedora update for PHP
Sep 25, 2007 @ 07:52:00

Via this Secunia advisory posted today, there's information about the update the Fedora Linux group has made to the PHP package included in their distribution. According to the release:

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory post has more details on what the update fixes as well as the link to download the RPM packages to update your system. You can either manually download them or use the "yum" system to handle things a bit more automatically.

tagged: fedora linux update package security vulnerability secunia fedora linux update package security vulnerability secunia

Link:

Secunia.com:
Fedora update for PHP
Sep 25, 2007 @ 07:52:00

Via this Secunia advisory posted today, there's information about the update the Fedora Linux group has made to the PHP package included in their distribution. According to the release:

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory post has more details on what the update fixes as well as the link to download the RPM packages to update your system. You can either manually download them or use the "yum" system to handle things a bit more automatically.

tagged: fedora linux update package security vulnerability secunia fedora linux update package security vulnerability secunia

Link:

Secunia.com:
Red Hat Update for PHP
Sep 21, 2007 @ 07:54:00

On the Secunia site today, there's a new advisory posted for users of Red Hat linux - an update to the system's PHP packages.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory has more details on what the patch fixes and the checksum information for the update packages for all OSes.

tagged: redhat update secunia package security vulnerability redhat update secunia package security vulnerability

Link:

Secunia.com:
Red Hat Update for PHP
Sep 21, 2007 @ 07:54:00

On the Secunia site today, there's a new advisory posted for users of Red Hat linux - an update to the system's PHP packages.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory has more details on what the patch fixes and the checksum information for the update packages for all OSes.

tagged: redhat update secunia package security vulnerability redhat update secunia package security vulnerability

Link:

Secunia.com:
Fedora update for PHP
Sep 19, 2007 @ 07:58:00

As mentioned in this advisory on the Secunia website (reposted from the original advisory) the Fedora Linux group has posted an update for their PHP package to bring it up to date with the recent PHP 5.2.4 release.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

tagged: fedora advisory secunia package yum update fedora advisory secunia package yum update

Link: