Full Disclosure mailing list archives
rPSA-2007-0043-1 php php-mysql php-pgsql
From: rPath Update Announcements <announce-noreply () rpath com>
Date: Tue, 27 Feb 2007 14:16:11 -0500
rPath Security Advisory: 2007-0043-1 Published: 2007-02-27 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 https://issues.rpath.com/browse/RPL-1088 Description: Previous versions of the php package are vulnerable to multiple vulnerabilities of varying severity. The most severe of these vulnerabilities are expected to enable remote code execution as the "apache" user via php applications that call certain functions such as str_replace(), imap_mail_compose(), or odbc_result_all() functions. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2007-0043-1 php php-mysql php-pgsql rPath Update Announcements (Feb 27)