DSA-2639-1 php5 -- severalID: oval:org.secpod.oval:def:600983 | Date: (C)2013-03-08 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-1635 If a PHP application accepted untrusted SOAP object input remotely from clients, an attacker could read system files readable for the webserver. CVE-2013-1643 The soap.wsdl_cache_dir function did not take PHP open_basedir restrictions into account. Note that Debian advises against relying on open_basedir restrictions for security.