paul Posted November 21, 2009 Report Share Posted November 21, 2009 Some vulnerabilities were discovered and corrected in php-5.3.1: - Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia) - Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia) - Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus) - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus) - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se) Additionally, some packages which require so, have been rebuilt and are being provided as updates. Link to comment Share on other sites More sharing options...
Recommended Posts