Gentoo Linux PHP Security Advisory

Posted by popstarviolet on May 27, 2007 6:32 PM EDT
DaniWeb; By Bill Andad
Mail this story
Print this story

Gentoo has issued a security advisory with a high impact rating affecting users of PHP <5.2.2.

Several vulnerabilities have been found in PHP, not least a huge number discovered by Stefan Esser during the infamous Month Of PHP Bugs (MOPB) including integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function.

There have also been reports of a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions as well as a buffer overflow in the bundled XMLRPC library. If that weren’t enough, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Oh, and let’s not forget the implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements.

Full Story

» Read more about: Story Type: Security; Groups: Gentoo, Linux, LXer, PHP

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.