bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

rPSA-2007-0043-1 php php-mysql php-pgsql

from [rPath Update Announcements] [Permanent Link][Original]
To: security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject: rPSA-2007-0043-1 php php-mysql php-pgsql
From: rPath Update Announcements <announce-noreply@rpath.com>
Date: Tue, 27 Feb 2007 14:16:11 -0500
Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm
User-agent: nail 11.22 3/20/05 
rPath Security Advisory: 2007-0043-1
Published: 2007-02-27
Products: rPath Linux 1
Rating: Severe
Exposure Level Classification:
    Remote System User Deterministic Unauthorized Access
Updated Versions:
    php=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1
    php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1
    php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988
    https://issues.rpath.com/browse/RPL-1088

Description:
    Previous versions of the php package are vulnerable to multiple
    vulnerabilities of varying severity.  The most severe of these
    vulnerabilities are expected to enable remote code execution as the
    "apache" user via php applications that call certain functions such as
    str_replace(), imap_mail_compose(), or odbc_result_all() functions.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • rPSA-2007-0043-1 php php-mysql php-pgsql, rPath Update Announcements <=
Previous by Date:  RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
Next by Date:  WordPress Search Function SQL-Injection, SaMuschie
Previous by Thread:  [ GLSA 200702-12 ] CHMlib: User-assisted remote execution of arbitrary code, Raphael Marichez
Next by Thread:  WordPress Search Function SQL-Injection, SaMuschie
Indexes:  [Date] [Thread] [Top] [All Lists]