PHPDeveloper.org

Secunia.com: SUSE update for php4 and php5

Fri, 13 Jul 2007 11:23:00 -0500

As posted on Secunia.com today, the SuSE linux distribution has release updates to both their PHP4 and PHP5 packages today:

SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

They have the update marked as highly critical so it it suggested that users of SuSE upgrade immediately. The Secunia posting has links to all of the package downloads for each of the platform types and for multiple SuSE versions.

Secunia.com: SUSE update for PHP4

Mon, 25 Jun 2007 09:17:00 -0500

According to this new advisory from Secunia today, the SuSE linux group has released a new package update for the PHP4 distribution on their operating system:

SUSE has issued an update for php4. This fixes some vulnerabilities and a weakness, where one has an unknown impact and the others can be exploited by malicious, local users to gain escalated privileges, and by malicious, local users and malicious people to bypass certain security restrictions.

The issue is marked as "Less critical" but it's still a good idea to update, especially when it relates to security issues. You can find more information at the original advisory on the Novell site.

Secunia.com: SUSE update for PHP

Wed, 23 May 2007 16:29:00 -0500

Secunia has release a new advisory for SUSE linux users to point them to the update of the PHP packages on their system to correct a highly critical issue.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

Net-Security.org: SUSE Security Announcement - php4,php5 problems

Fri, 16 Jun 2006 06:14:29 -0500

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

Invalid characters in session names were not blocked.
CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

PHP Magazine: SuSE - New PHP Packages Fix XSS and Information Leak

Tue, 09 May 2006 06:30:34 -0500

The SuSE linux group has released new packages, according to this post on the PHP Magazine site, to deal with the XSS and information leak issues found recently in PHP4 and PHP5.

A new update fixes security issues in the scripting languages PHP4 and PHP5 including a vulnerability in copy() and tempnam() functions that could bypass open_basedir restrictions, a cross-site-scripting (XSS) bug in phpinfo(), a vulnerability in mb_send_mail() that lacked safe_mode checks, and a bug in html_entity_decode() that could expose memory content. Fixed packages are available from ftp.suse.com.

It is strongly suggested that you upgrade your installation to prevent any issues/problems from arrising.