Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
SUSE update for php4 and php5
Jul 13, 2007 @ 11:23:00

As posted on Secunia.com today, the SuSE linux distribution has release updates to both their PHP4 and PHP5 packages today:

SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

They have the update marked as highly critical so it it suggested that users of SuSE upgrade immediately. The Secunia posting has links to all of the package downloads for each of the platform types and for multiple SuSE versions.

tagged: suse linux update package php4 php5 suse linux update package php4 php5

Link:

Secunia.com:
SUSE update for php4 and php5
Jul 13, 2007 @ 11:23:00

As posted on Secunia.com today, the SuSE linux distribution has release updates to both their PHP4 and PHP5 packages today:

SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.

They have the update marked as highly critical so it it suggested that users of SuSE upgrade immediately. The Secunia posting has links to all of the package downloads for each of the platform types and for multiple SuSE versions.

tagged: suse linux update package php4 php5 suse linux update package php4 php5

Link:

Secunia.com:
SUSE update for PHP4
Jun 25, 2007 @ 09:17:00

According to this new advisory from Secunia today, the SuSE linux group has released a new package update for the PHP4 distribution on their operating system:

SUSE has issued an update for php4. This fixes some vulnerabilities and a weakness, where one has an unknown impact and the others can be exploited by malicious, local users to gain escalated privileges, and by malicious, local users and malicious people to bypass certain security restrictions.

The issue is marked as "Less critical" but it's still a good idea to update, especially when it relates to security issues. You can find more information at the original advisory on the Novell site.

tagged: php4 update suse linux package security vulnerability php4 update suse linux package security vulnerability

Link:

Secunia.com:
SUSE update for PHP4
Jun 25, 2007 @ 09:17:00

According to this new advisory from Secunia today, the SuSE linux group has released a new package update for the PHP4 distribution on their operating system:

SUSE has issued an update for php4. This fixes some vulnerabilities and a weakness, where one has an unknown impact and the others can be exploited by malicious, local users to gain escalated privileges, and by malicious, local users and malicious people to bypass certain security restrictions.

The issue is marked as "Less critical" but it's still a good idea to update, especially when it relates to security issues. You can find more information at the original advisory on the Novell site.

tagged: php4 update suse linux package security vulnerability php4 update suse linux package security vulnerability

Link:

Secunia.com:
SUSE update for PHP
May 23, 2007 @ 16:29:00

Secunia has release a new advisory for SUSE linux users to point them to the update of the PHP packages on their system to correct a highly critical issue.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

tagged: suse update secunia advisory package suse update secunia advisory package

Link:

Secunia.com:
SUSE update for PHP
May 23, 2007 @ 16:29:00

Secunia has release a new advisory for SUSE linux users to point them to the update of the PHP packages on their system to correct a highly critical issue.

SUSE has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, to bypass certain security restrictions, to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

Operating systems included in the advisory are systems running SUSE Linux, UnitesLinux, and openSUSE linux. Package updates are linked from the advisory so you can quickly and easily update your packages.

tagged: suse update secunia advisory package suse update secunia advisory package

Link:

Net-Security.org:
SUSE Security Announcement - php4,php5 problems
Jun 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

  • Invalid characters in session names were not blocked.
  • CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
  • CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
  • CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

tagged: suse security issue remote execution php4 php5 suse security issue remote execution php4 php5

Link:

Net-Security.org:
SUSE Security Announcement - php4,php5 problems
Jun 16, 2006 @ 06:14:29

In a new SUSE security announcement today, issues have been found with PHP4 and PHP5 bundled with serveral versions of their Linux operating system.

The four issues found are as follows:

  • Invalid characters in session names were not blocked.
  • CVE-2006-2657: A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables.
  • CVE-2006-1991, CVE-2006-1990: Bugs in the substr_compare() and wordwrap function could crash the php interpreter.
  • CVE-2006-2906: A CPU consumption denial of service attack in php-gd was fixed.

These issues affect the foloowing versions of SUSE: 10.1, 10.0, 9.3, 9.2, 9.1, Enterprise Server 8, SLES 9, and UnitedLinux 1.0. They can all be used to execute any arbitrary code the user chooses to inject. The severity level is higher on this one, but not at a critical level. It's still recommended, however, that you upgrade as soon as possible. Links to the various upgrade packages can be found here

tagged: suse security issue remote execution php4 php5 suse security issue remote execution php4 php5

Link:

PHP Magazine:
SuSE - New PHP Packages Fix XSS and Information Leak
May 09, 2006 @ 06:30:34

The SuSE linux group has released new packages, according to this post on the PHP Magazine site, to deal with the XSS and information leak issues found recently in PHP4 and PHP5.

A new update fixes security issues in the scripting languages PHP4 and PHP5 including a vulnerability in copy() and tempnam() functions that could bypass open_basedir restrictions, a cross-site-scripting (XSS) bug in phpinfo(), a vulnerability in mb_send_mail() that lacked safe_mode checks, and a bug in html_entity_decode() that could expose memory content. Fixed packages are available from ftp.suse.com.

It is strongly suggested that you upgrade your installation to prevent any issues/problems from arrising.

tagged: suse linux packages fix xss information leak suse linux packages fix xss information leak

Link:

PHP Magazine:
SuSE - New PHP Packages Fix XSS and Information Leak
May 09, 2006 @ 06:30:34

The SuSE linux group has released new packages, according to this post on the PHP Magazine site, to deal with the XSS and information leak issues found recently in PHP4 and PHP5.

A new update fixes security issues in the scripting languages PHP4 and PHP5 including a vulnerability in copy() and tempnam() functions that could bypass open_basedir restrictions, a cross-site-scripting (XSS) bug in phpinfo(), a vulnerability in mb_send_mail() that lacked safe_mode checks, and a bug in html_entity_decode() that could expose memory content. Fixed packages are available from ftp.suse.com.

It is strongly suggested that you upgrade your installation to prevent any issues/problems from arrising.

tagged: suse linux packages fix xss information leak suse linux packages fix xss information leak

Link: