Debian Linux Security Advisory 2408-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
82bc112c3ae5a1c3e880ae7ee49fd18cbe0bcac498163642bc3c0450ca859d5dMandriva Linux Security Advisory 2011-187 - The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, related to the tmp_dir, and pear-build-download directories, a different vulnerability than CVE-2007-2519. This advisory provides PEAR 1.9.4 which is not vulnerable to this issue. Additionally for Mandriva Enterprise Server 5 many new or updated PEAR packages is being provided with the latest versions of respective packages as well as mitigating various dependency issues.
cb1ec81377338e4d042683fd5e314efe8b576da3950d28b5b1cd9f721948c5c9Red Hat Security Advisory 2011-1741-03 - The php-pear package contains the PHP Extension and Application Repository, a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command.
dbfac6f4435ff85bfd6210a7625899b4a31e607ba5721367e2bb450b57f0e40eUbuntu Security Notice 1126-2 - USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubuntu 8.04 LTS.
d3109ede1f1b610fb18480ae30cb346b0d85aac84aedfeadd43a5eb1ad6fe0a2Ubuntu Security Notice 1126-1 - Stephane Chazelas discovered that the /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under /var/lib/php5/. Raphael Geisert and Dan Rosenberg discovered that the PEAR installer allows local users to overwrite arbitrary files via a symlink attack on the package.xml file. Martin Barbella discovered a buffer overflow in the PHP GD extension that allows an attacker to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function. It was discovered that PHP accepts the \0 character in a pathname, which might allow an attacker to bypass intended access restrictions by placing a safe file extension after this character. Various other issues with PHP 5 were also identified and resolved.
0d1f20dac678d851bff44d385515866f5fb9db107a028a3a3bb2ee850d32fc53
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed