Jump to content

Advisories (MDKSA-2006:063 ): php


Recommended Posts

Mandriva Advisories MDKSA-2006:063 : php


Updated php packages fix information disclosure vulnerability

April 2nd, 2006


A vulnerability was discovered where the html_entity_decode() function would return a chunk of memory with length equal to the string supplied, which could include php code, php ini data, other user data, etc.Note that by default, Corporate 3.0 and Mandriva Linux LE2005 ship with magic_quotes_gpc on which seems to protect against this vulnerability "out of the box" but users are encourages to upgrade regardless. Once the upgraded packages have been installed, users will need to issue a "service httpd restart" in order for the fixed packages to be properly loaded. Updated packages have been patched to correct this issue.



The released versions of Mandriva GNU/Linux affected are:

  • CS3.0
  • MNF2.0
  • 10.2
  • 2006.0

Full information about this advisory, including the updated packages, is available at:



Other references:



Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)

Link to comment
Share on other sites


  • Create New...