Security

Mandriva Linux Security Advisory 2009:247: php

Article Source Mandriva Linux Security Advisories

Multiple vulnerabilities was discovered and corrected in php:

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent
attackers to cause a denial of service (file truncation) via a key with
the NULL byte. NOTE: this might only be a vulnerability in limited
circumstances in which the attacker can modify or add database entries
but does not have permissions to truncate the file (CVE-2008-7068).

The php_openssl_apply_verification_policy function in PHP before
5.2.11 does not properly perform certificate validation, which has
unknown impact and attack vectors, probably related to an ability to
spoof certificates (CVE-2009-3291).

Unspecified vulnerability in PHP before 5.2.11 has unknown impact
and attack vectors related to missing sanity checks around exif
processing. (CVE-2009-3292)

Unspecified vulnerability in the imagecolortransparent function in
PHP before 5.2.11 has unknown impact and attack vectors related to an
incorrect sanity check for the color index. (CVE-2009-3293). However
in Mandriva we don’t use the bundled libgd source in php per default,
there is a unsupported package in contrib named php-gd-bundled that
eventually will get updated to pickup these fixes.

This update provides a solution to these vulnerabilities.

Article Source Mandriva Linux Security Advisories Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependentattackers to cause a denial of service (file truncation) via a key withthe NULL byte. NOTE: this might only be a vulnerability in limitedcircumstances in which the attacker…

Article Source Mandriva Linux Security Advisories Multiple vulnerabilities was discovered and corrected in php: The dba_replace function in PHP 5.2.6 and 4.x allows context-dependentattackers to cause a denial of service (file truncation) via a key withthe NULL byte. NOTE: this might only be a vulnerability in limitedcircumstances in which the attacker…

Leave a Reply

Your email address will not be published. Required fields are marked *