| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 05 Oct 2006 17:45:48 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2006-0182-1 php php-mysql php-pgsql
rPath Security Advisory: 2006-0182-1
Published: 2006-10-05
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Remote System User Deterministic Unauthorized Access
Updated Versions:
php=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486
https://issues.rpath.com/browse/RPL-683
Description:
Previous versions of the php package contain multiple vulnerabilities,
or weaknesses that may enable vulnerabilities in applications written
in php. The most severe of these vulnerabilities may enable remote
unauthorized access vulnerabilities, depending on the application or
applications involved. Other vulnerabilities or weaknesses involve
SQL injection attacks, cross-site scripting (XSS), information
exposure, and denial of service vulnerabilities.
Powered by blists - more mailing lists