[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OpenPKG-SA-2006.028@openpkg.org>
Date: Fri, 3 Nov 2006 23:58:54 +0100
From: OpenPKG <openpkg@...npkg.org>
To: bugtraq@...urityfocus.com
Subject: [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH
http://openpkg.org/security/ http://openpkg.com
OpenPKG-SA-2006.028 2006-11-03
________________________________________________________________________
Package: php
Vulnerability: remote code execution
OpenPKG Specific: no
Affected Series: Affected Packages: Corrected Packages:
E1.0-SOLID <= php-5.1.6-E1.0.0 >= php-5.1.6-E1.0.1
<= apache-1.3.37-E1.0.0 >= apache-1.3.37-E1.0.1
2-STABLE-20061018 <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103
<= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
2-STABLE <= php-5.1.6-2.20061018 >= php-5.2.0-2.20061103
<= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
CURRENT <= php-5.1.6-20061017 >= php-5.2.0-20061103
<= apache-1.3.37-20061016 >= apache-1.3.37-20061103
Description:
According to a security advisory [0] from Stefan Esser of the
Hardened-PHP project, buffer overflows exist in the programming
language PHP [1], version 5.1.6 and below. The buffer overflows are
in the functions htmlentities() and htmlspecialchars() and may result
in arbitrary remote code execution. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CVE-2006-5465 [2] to the
problem.
________________________________________________________________________
References:
[0] http://www.hardened-php.net/advisory_132006.138.html
[1] http://www.php.net/
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@...npkg.org>" (ID 63C4CB9F) which
you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the
instructions on http://openpkg.org/security/signatures/ for details on
how to verify the integrity of this advisory.
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@...npkg.org>
iD8DBQFFS8mZgHWT4GPEy58RAno/AJ9af8lxNEmC7v3h3bIzP2g9/285IACaAmzV
Q9TZ4+jxEBCKH6mp09mZ3M0=
=eziU
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists