Ravens PHP Scripts

PHP Multiple Vulnerabilities
Date: Tuesday, August 12, 2008 @ 19:55:28 PDT
Topic: Security


SECUNIA ADVISORY ID: SA31409

VERIFY ADVISORY: http://secunia.com/advisories/31409/

CRITICAL: Moderately critical

IMPACT: Unknown, Exposure of sensitive information, DoS, System access

SOFTWARE: PHP 4.4.x - http://secunia.com/product/5768/

DESCRIPTION: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.




1) Some vulnerabilities in PCRE can potentially be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise an application using the library. For more information: SA27543 SA28923

2) An unspecified error in "imageloadfont" can cause a crash via an invalid font.

3) An unspecified error related to the "open_basedir" handling exists in the "curl" extension.

SOLUTION: Update to version 4.4.9 or higher.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: PHP: http://www.php.net/ChangeLog-4.php#4.4.9

OTHER REFERENCES:
SA27543: http://secunia.com/advisories/27543/
SA28923: http://secunia.com/advisories/28923/






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3412