[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] PHP updates

To: linux-security
Subject: [linux-security] PHP updates
From: Martin Siegert <siegert@sfu.ca>
Date: Tue, 30 Jan 2001 18:47:14 -0800
User-Agent: Mutt/1.2i

Topic
=====
remote denial-of-Service (DOS) and remote information leak in PHP

Problem Description
===================
Clients uploading "multipart/form-data" information with form requests
could cause PHP 3.0.17 to crash.  The php-mysql package was obsoleted by the
previous MySQL errata.  Security holes in versions 4.0.0 through 4.0.4 of the
PHP Apache module have been found. 

Also due to the changes in MySQL the php-mysql module had to be updated.

RedHat 6.x
rpm -Fvh php-3.0.18-1.6.x.i386.rpm \
         php-imap-3.0.18-1.6.x.i386.rpm \
         php-ldap-3.0.18-1.6.x.i386.rpm \
         php-manual-3.0.18-1.6.x.i386.rpm \
         php-pgsql-3.0.18-1.6.x.i386.rpm

RedHat 7.0
rpm -Fvh php-4.0.4pl1-3.i386.rpm \
         php-imap-4.0.4pl1-3.i386.rpm \
         php-ldap-4.0.4pl1-3.i386.rpm \
         php-manual-4.0.4pl1-3.i386.rpm \
         php-mysql-4.0.4pl1-3.i386.rpm \
         php-pgsql-4.0.4pl1-3.i386.rpm

Debian 2.2 (potato)
upgrade to the following packages:
   php4_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-gd_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-imap_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-ldap_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-mhash_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-mysql_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-pgsql_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-snmp_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi-xml_4.0.3pl1-0potato1.1_i386.deb
   php4-cgi_4.0.3pl1-0potato1.1_i386.deb
   php4-gd_4.0.3pl1-0potato1.1_i386.deb
   php4-imap_4.0.3pl1-0potato1.1_i386.deb
   php4-ldap_4.0.3pl1-0potato1.1_i386.deb
   php4-mhash_4.0.3pl1-0potato1.1_i386.deb
   php4-mysql_4.0.3pl1-0potato1.1_i386.deb
   php4-pgsql_4.0.3pl1-0potato1.1_i386.deb
   php4-snmp_4.0.3pl1-0potato1.1_i386.deb
   php4-xml_4.0.3pl1-0potato1.1_i386.deb

Mandrake 7.2
rpm -Fvh mod_php-4.0.4pl1-1.2mdk.i586.rpm \
         php-4.0.4pl1-1.2mdk.i586.rpm \
         php-dba_gdbm_db2-4.0.4pl1-1.2mdk.i586.rpm \
         php-devel-4.0.4pl1-1.2mdk.i586.rpm \
         php-gd-4.0.4pl1-1.2mdk.i586.rpm \
         php-imap-4.0.4pl1-1.2mdk.i586.rpm \
         php-ldap-4.0.4pl1-1.2mdk.i586.rpm \
         php-manual-4.0.4pl1-1.2mdk.i586.rpm \
         php-mysql-4.0.4pl1-1.2mdk.i586.rpm \
         php-pgsql-4.0.4pl1-1.2mdk.i586.rpm \
         php-readline-4.0.4pl1-1.2mdk.i586.rpm

Prev by Date: [linux-security] MySQL exploit
Next by Date: [linux-security] bind remote root exploit
Prev by thread: [linux-security] bind remote root exploit
Next by thread: [linux-security] MySQL exploit
Index(es):
- Date
- Thread