Debian Linux Security Advisory 2649-1 - Stefan Buhler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version.
43a6eda3742a2b84b15de50f0fa67bd3d40893152a3275c7fef8725adffc538e
Debian Linux Security Advisory 2646-1 - Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities.
25386ed07b570613bfe9ccecc762bde905a66c53d57b8f496c3f58d09ee79951