[php-maint] Bug#559787: php4: CVE-2008-5624

Michael Gilbert michael.s.gilbert at gmail.com
Mon Dec 7 03:17:57 UTC 2009

Package: php4
Version: 6:4.4.4-8
Severity: serious
Tags: security

the following CVE (Common Vulnerabilities & Exposures) id was
published for php4.

| PHP 5 before 5.2.7 does not properly initialize the page_uid and
| page_gid global variables for use by the SAPI php_getuid function,
| which allows context-dependent attackers to bypass safe_mode
| restrictions via variable settings that are intended to be restricted
| to root, as demonstrated by a setting of /etc for the error_log
| variable.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5624

More information about the pkg-php-maint mailing list