Jump to content


Photo

PHP v5.2.3 (just released) vuln


  • Please log in to reply
1 reply to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,562 posts

Posted 05 June 2007 - 09:08 PM

FYI...

- http://www.us-cert.g...ow_vulnerabilty
June 5, 2007 ~ "US-CERT is aware of a publicly reported vulnerability in PHP. PHP version 5.2.3 may be vulnerable to an integer overflow within the chunk_split() function. More information can be found in the following PHP Security Blog. US-CERT will provide additional information as it becomes available."
* http://blog.php-security.org/

> http://www.spywarein...howtopic=100060



:eek:

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 10,562 posts

Posted 08 June 2007 - 09:29 PM

FYI...

http://blog.php-security.org/
"Corrected fix for CVE-2007-2872* ..."
* http://cvs.php.net/v...1.445.2.14.2.59

This fixes the chunk_split() overflow (found by SEC-CONSULT) that was according to the PHP 5.2.3 release notes already fixed..."



.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button