MDVSA-2010:140 -- Mandriva phpID: oval:org.secpod.oval:def:301184 | Date: (C)2012-01-07 (M)2024-02-19 |
Class: PATCH | Family: unix |
This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Security Enhancements and Fixes in PHP 5.3.3: * Rewrote var_export to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs . * Fixed a possible resource destruction issues in shm_put_var. * Fixed a possible information leak because of interruption of XOR operator. * Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks. * Fixed a possible memory corruption in ArrayObject::uasort. * Fixed a possible memory corruption in parse_str. * Fixed a possible memory corruption in pack. * Fixed a possible memory corruption in substr_replace. * Fixed a possible memory corruption in addcslashes. * Fixed a possible stack exhaustion inside fnmatch. * Fixed a possible dechunking filter buffer overflow. * Fixed a possible arbitrary memory access inside sqlite extension. * Fixed string format validation inside phar extension. * Fixed handling of session variable serialization on certain prefix characters. * Fixed a NULL pointer dereference when processing invalid XML-RPC requests . * Fixed SplObjectStorage unserialization problems . * Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. * Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |