Full Disclosure mailing list archives
rPSA-2006-0182-1 php php-mysql php-pgsql
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Thu, 05 Oct 2006 17:45:48 -0400
rPath Security Advisory: 2006-0182-1 Published: 2006-10-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1 php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1 php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.7-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1494 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3016 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3017 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4482 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4484 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4486 https://issues.rpath.com/browse/RPL-683 Description: Previous versions of the php package contain multiple vulnerabilities, or weaknesses that may enable vulnerabilities in applications written in php. The most severe of these vulnerabilities may enable remote unauthorized access vulnerabilities, depending on the application or applications involved. Other vulnerabilities or weaknesses involve SQL injection attacks, cross-site scripting (XSS), information exposure, and denial of service vulnerabilities. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2006-0182-1 php php-mysql php-pgsql rPath Update Announcements (Oct 05)