[Full-disclosure] [PLSA 2008-22] Php: Multiple Overflows

From: PÄ±nar YanardaÄŸ <pinar_at_nospam>
Date: Tue Aug 12 2008 - 00:18:39 GMT
To: pardus-security@pardus.org.tr

Pardus Linux Security Advisory 2008-22 security@pardus.org.tr

Date: 2008-08-12 Severity: 2 Type: Remote ------------------------------------------------------------------------

Summary

Two overflow issues were discovered in Php which might possibly allow for arbitrary code execution.

Description

Two overflow issues were discovered in Php:

Overflow in ext/gd's imageloadfont() function
Overflow in php's internal memnstr() function which is exposed to userspace as "explode()

Affected packages:

Pardus 2008: php-common, all before 5.2.6-65-3 php-cli, all before 5.2.6-65-3 mod_php, all before 5.2.6-65-3 Pardus 2007: php-common, all before 5.2.6-58-27 php-cli, all before 5.2.6-58-36 mod_php, all before 5.2.6-58-59

Resolution

There are update(s) for php-common, php-cli, mod_php. You can update them via Package Manager or with a single command from console:

Pardus 2008:
pisi up php-common php-cli mod_php

Pardus 2007:
pisi up php-common php-cli mod_php

References

-- PÄ±nar YanardaÄŸ http://pinguar.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Drop Drop: "[Full-disclosure] Ukraine?"
Previous message: PÄ±nar YanardaÄŸ: "[Full-disclosure] [PLSA 2008-21] Ruby: Multiple Vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]