PHPDeveloper.org: Net-Security.org: SUSE Security Announcement - php4,php5 problems

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Quinstreet, Inc. Seeks Sr. PHP Developer (Foster City, CA)

Job Posting: WideEye Interactive/Moroch Advertising Seeks Web Developer (Dallas, TX)

Job Posting: Project People Ltd (Recruiter) Seeks PHP Developer (Paris, France)

Job Posting: Snelling (Recruiter) Seeks Web Programmer (Boston, MA)

Job Posting: Veedow Seeks Senior PHP Developer/Architect (London, UK)

Job Posting: Apex Systems (Recruiter) Seeks PHP Web Developers (Tampa, FL)

Job Posting: WordStream Seeks Web Application Developer (Needham, MA)

Job Posting: JS Creative Seeks Web Developer (Atlanta, GA)

Job Posting: Kodak Graphic Communications Group Seeks PHP Application Developer (Stamford, CT)

Job Posting: RJ Byrd (Recruiter) Seeks PHP Application Developer (Dallas, TX)

News Archive

Zend Developer Zone: Dynamically Generating PDF Files with PHP and Haru

Jani Hartikainen's Blog: Base classes in OOP programming languages

Community News: PHP Quebec 2009 Schedule Announced

Community News: Latest Releases from PHPClasses.org

Brandon Savage's Blog: Hosting Made for PHP Developers

David Otton's Blog: php://memory, Unit Tests

Sameer's Blog: Creating a Figlet text in php

Eran Galperin's Blog: OO PHP Templating

Johannes Schluter's Blog: SQL completion in PHP strings

Smashing Magazine: 10 Advanced PHP Tips to Improve Your Programming

Net-Security.org:
SUSE Security Announcement - php4,php5 problems

by Chris Cornutt June 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

Invalid characters in session names were not blocked.
CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

0 comments voice your opinion now!
suse security issue remote code execution php4 php5 suse security issue remote code execution php4 php5

Similar Posts

Community News: GoPHP5 Official Site

PHPit.net: Creating a chat script with PHP and Ajax, Part 1

Marco Tabini's Blog: The violin-playing software designer

Devshed: The Basics of Using the Prototype Pattern with PHP 5

DynamicWebPages.de: PHP 4.4.4C1 Released for Testing

Community Events

Don't see your event here?
Let us know!

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework