Date: Sun, 15 Oct 2006 15:12:15 +0200 From: Joerg Pernfuss <elessar@bsdforen.de> To: freebsd-questions@freebsd.org Subject: Re: PHP new vulnarabilities Message-ID: <20061015151215.15a4062e@loki.starkstrom.lan> In-Reply-To: <45322A1D.8070204@hadara.ps> References: <45322A1D.8070204@hadara.ps>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_xb3ifI11KSy21F1WTaAJH.F Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 15 Oct 2006 14:31:25 +0200 "Khaled J. Hussein" <khaled@hadara.ps> wrote: > hi all >=20 > last time i found this when i run portaudit -Fda >=20 > Affected package: php5-5.1.6 > Type of problem: php -- _ecalloc Integer Overflow Vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a6= 2df.html> >=20 > how can i fix this update ypur portstree. you'll get php5-5.1.6_1 which fixes the _ecalloc overflow, but not yet the open_basedir race condition. Joerg --=20 | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | | X HTML in email | .the next sentence is true. | | / \ and news | .the previous sentence was a lie. | --Sig_xb3ifI11KSy21F1WTaAJH.F Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (FreeBSD) iD8DBQFFMjOwH31s/bvKrSQRAl+cAJ9MR1Bm1nrcB2dzSlexJiinyqZCBwCfffiq qEFio0+FWeHxKCA0rM5rTSA= =l65e -----END PGP SIGNATURE----- --Sig_xb3ifI11KSy21F1WTaAJH.F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061015151215.15a4062e>