From owner-freebsd-security  Thu Feb 28  6:47:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from post.webmailer.de (natwar.webmailer.de [192.67.198.70])
	by hub.freebsd.org (Postfix) with ESMTP id 2FF2E37B405
	for <freebsd-security@FreeBSD.ORG>; Thu, 28 Feb 2002 06:47:42 -0800 (PST)
Received: from pinguin.rompcik (dial-195-14-254-71.netcologne.de [195.14.254.71])
	by post.webmailer.de (8.9.3/8.8.7) with SMTP id PAA22250
	for <freebsd-security@FreeBSD.ORG>; Thu, 28 Feb 2002 15:47:38 +0100 (MET)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Oliver Rompcik <rompcik@informatik.uni-bonn.de>
To: freebsd-security@FreeBSD.ORG
Subject: Multiple Vulnerabilities in PHP fileupload
Date: Thu, 28 Feb 2002 15:55:49 +0100
X-Mailer: KMail [version 1.2]
MIME-Version: 1.0
Message-Id: <02022815554902.01017@pinguin.rompcik>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

CERT reported several vulnerabilities in all PHP Versions <= 4.1.1.
See advisory at http://www.cert.org/advisories/CA-2002-05.html

Fixed version of PHP 4.1.2 is available at http://www.php.net.
Until fixed FreeBSD binary package is available, users should build 4.1.2 
from source.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message