Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: PHP 5.1 update with several security fixes - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
PHP 5.1 update with several security fixes
Summary of security fixes:

Fixed a Cross Site Scripting (XSS) vulnerability in phpinfo().
Fixed multiple safe_mode/open_basedir bypass vulnerabilities in ext/curl and ext/gd .
Fixed a possible $GLOBALS overwrite problem in file upload handling.
Fixed a problem when a request was terminated due to memory_limit constraints during certain parse_str() calls.
Fixed an issue with trailing slashes in allowed basedirs.
Fixed an issue with calling virtual() on Apache 2.
Updated to the latest pcrelib to fix a possible integer overflow vulnerability announced in CAN-2005-2491.
Possible header injection in mb_send_mail() function via the To address, the first parameter of the function.

Announcement here

Thanks to Juha-matti!

Cheers,
Adrien



Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!