News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
SUSE update for php4 and php5
July 13, 2007 @ 11:23:00

As posted on Secunia.com today, the SuSE linux distribution has release updates to both their PHP4 and PHP5 packages today:

SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

They have the update marked as highly critical so it it suggested that users of SuSE upgrade immediately. The Secunia posting has links to all of the package downloads for each of the platform types and for multiple SuSE versions.

0 comments voice your opinion now!
suse linux update package php4 php5 suse linux update package php4 php5


Secunia.com:
SUSE update for PHP4
June 25, 2007 @ 09:17:00

According to this new advisory from Secunia today, the SuSE linux group has released a new package update for the PHP4 distribution on their operating system:

SUSE has issued an update for php4. This fixes some vulnerabilities and a weakness, where one has an unknown impact and the others can be exploited by malicious, local users to gain escalated privileges, and by malicious, local users and malicious people to bypass certain security restrictions.

The issue is marked as "Less critical" but it's still a good idea to update, especially when it relates to security issues. You can find more information at the original advisory on the Novell site.

0 comments voice your opinion now!
php4 update suse linux package security vulnerability php4 update suse linux package security vulnerability


Secunia.com:
SUSE update for PHP
May 23, 2007 @ 16:29:00

Secunia has release a new advisory for SUSE linux users to point them to the update of the PHP packages on their system to correct a highly critical issue.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

0 comments voice your opinion now!
suse update secunia advisory package suse update secunia advisory package


Net-Security.org:
SUSE Security Announcement - php4,php5 problems
June 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

  • Invalid characters in session names were not blocked.
  • CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
  • CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
  • CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

0 comments voice your opinion now!
suse security issue remote execution php4 php5 suse security issue remote execution php4 php5


PHP Magazine:
SuSE - New PHP Packages Fix XSS and Information Leak
May 09, 2006 @ 06:30:34

The SuSE linux group has released new packages, according to this post on the PHP Magazine site, to deal with the XSS and information leak issues found recently in PHP4 and PHP5.

A new update fixes security issues in the scripting languages PHP4 and PHP5 including a vulnerability in copy() and tempnam() functions that could bypass open_basedir restrictions, a cross-site-scripting (XSS) bug in phpinfo(), a vulnerability in mb_send_mail() that lacked safe_mode checks, and a bug in html_entity_decode() that could expose memory content. Fixed packages are available from ftp.suse.com.

It is strongly suggested that you upgrade your installation to prevent any issues/problems from arrising.

0 comments voice your opinion now!
suse linux packages fix xss information leak suse linux packages fix xss information leak



Community Events





Don't see your event here?
Let us know!


library introduction code list series laravel framework bugfix interview application community language api developer project podcast threedevsandamaybe wordpress configure release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework