MDVSA-2009:303 -- Mandriva phpID: oval:org.secpod.oval:def:301213 | Date: (C)2012-01-07 (M)2024-04-17 |
Class: PATCH | Family: unix |
Some vulnerabilities were discovered and corrected in php-5.2.11: The tempnam function in ext/standard/file.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments . The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and earlier, and 5.3.x before 5.3.1, allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file . PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service , and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive . The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the safe_mode_allowed_env_vars and safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable . Intermittent segfaults occured on x86_64 with the latest phpmyadmin and with apache . Additionally, some packages which require so, have been rebuilt and are being provided as updates.
Platform: |
Mandriva Linux 2009.1 |