Debian Security Advisory 1331-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge). Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.
1fce4b0b46bc0da44b8af40e54073c49f088b0f0cecd1ec997ffa0a91147d009
Ubuntu Security Notice USN-261-1 - Stefan Esser discovered that the 'session' module did not sufficiently verify the validity of the user-supplied session ID. A remote attacker could exploit this to insert arbitrary HTTP headers into the response sent by the PHP application, which could lead to HTTP response splitting and cross site scripting attacks. PHP applications were also vulnerable to several cross site scripting flaws if the options 'display_errors' and 'html_errors' were enabled. Please note that enabling 'html_errors' is not recommended for production systems.
016844a2172c42aa6db55405377b83f5dbaca538a695f0629958e21295374915
Mandriva Linux Security Advisory - Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the session extension (aka ext/session) and the header function. Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in certain error conditions.
c98385883dccd198b6d3864905ce4577e8f33952b37da51c5c40bcbe9a83eb70