php5 was updated to version 5.2.5 to fix several security vulnerabilities. For php4 on SLES9 the patches were backported.

You can find out more about the issues corrected as well as links to the packages that have been updated in the advisory message.

Issues have been reported in the following:

• integer overflow vulnerabilities in the PHP gd extension
• integer overflow vulnerability in the PHP chunk_split function
• a security update has introduced a bug into PHP session cookie handling
• vulnerability in the PHP money_format function
• vulnerability in the PHP wordwrap function
• vulnerability in PHP session cookie handling
• vulnerability in the PHP gc extension

The advisory contains links to more information from RedHat on these issues and includes a list of systems effected as well as recommended actions to take.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

You can get more information about this moderate level advisory from the Red Hat advisory including the affected products and the list of packages that should be updated to bring your installation up to date.

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory post has more details on what the update fixes as well as the link to download the RPM packages to update your system. You can either manually download them or use the "yum" system to handle things a bit more automatically.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory has more details on what the patch fixes and the checksum information for the update packages for all OSes.

Fedora has issued an update for php. This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users and malicious, local users to bypass certain security restrictions.

You can find the complete list of packages that were updated in their advisory posting and a brief mention of the easiest way for you to update your distribution (yum).

rPath has issued an update for multiple php packages. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users and malicious users to bypass certain security restrictions.

The original advisory has links to the updated versions and to references as to what has changed.

In its default configuration, rPath Linux 1 does not install php5 and is thus not vulnerable to these attacks; however, systems to which php5 has been added may be vulnerable to one or more of these attacks.

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.

The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:

• Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
• Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
• An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.

Ubuntu has issued an update for php. This fixes a vulnerability and a weakness, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system.

The post has links to all of the packages for every type of the distribution, including the architecture independent packages. Click on over and grab your update to bring your system up to date and safe.

Avaya has acknowledged some vulnerabilities in various Avaya products, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system.

The following products are affected:

• Avaya Communication Manager (CM 4.0 and CM 2.x prior to load 127.0)
• Avaya CCS/SES (CCS/SES 3.1.1)
• Avaya AES (AES 4.0)

Currently, according to the original announcement from Avaya, there are two issues that have been found and are able to be exploited - an issue with the xmlrpc extension and a problem with the ftp extension. Currently, there is no patch to correct these issues, but you can keep track of their current status via their entries]]> Thu, 14 Jun 2007 08:02:00 -0500