MDVSA-2009:302 -- Mandriva phpID: oval:org.secpod.oval:def:301223 | Date: (C)2012-01-07 (M)2024-04-17 |
Class: PATCH | Family: unix |
Some vulnerabilities were discovered and corrected in php-5.3.1: - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. - Added missing sanity checks around exif processing. - Fixed a safe_mode bypass in tempnam identified by Grzegorz Stachowiak. - Fixed a open_basedir bypass in posix_mkfifo identified by Grzegorz Stachowiak. - Fixed bug #50063 . Additionally, some packages which require so, have been rebuilt and are being provided as updates.
Platform: |
Mandriva Linux 2010.0 |