[php-maint] Bug#523028: php5: multiple vulnerabilities
Michael S. Gilbert
michael.s.gilbert at gmail.com
Tue Apr 7 23:00:41 UTC 2009
the following CVE (Common Vulnerabilities & Exposures) ids were
published for php5.
| Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and
| earlier, when display_errors is enabled, allows remote attackers to
| inject arbitrary web script or HTML via unspecified vectors. NOTE:
| because of the lack of details, it is unclear whether this is related
| to CVE-2006-0208.
| PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows
| local users to modify behavior of other sites hosted on the same web
| server by modifying the mbstring.func_overload setting within
| .htaccess, which causes this setting to be applied to other virtual
| hosts on the same server.
Please coordinate with the security team to prepare updated packages
for the stable releases.
There is more info in the redhat security alert .
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
More information about the pkg-php-maint