aru Posted March 10, 2006 Report Share Posted March 10, 2006 Mandriva Advisories MDKSA-2006:035-1 : php Updated php packages fix vulnerability March 9th, 2006 A flaw in the PHP gd extension in versions prior to 4.4.1 could allow a remote attacker to bypass safe_mode and open_basedir restrictions via unknown attack vectors. Update: A regression was introduced with the backported patch from PHP 4.4.1 that would prevent PHP from creating a new file with imagepng(), imagejpeg(), etc.Thanks to Tibor Pittich for bringing this to our attention. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:035-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3391 http://bugs.php.net/bug.php?id=35071 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts