Debian: DSA-1789-1 Critical: PHP5 Multiple Remote Threats
debian
May 4, 2009
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor
Topics Covered
Summary
The following four vulnerabilities have already been fixed in the stable
(lenny) version of php5 prior to the release of lenny. This update now
addresses them for etch (oldstable) aswell:
CVE-2008-2107 / CVE-2008-2108
The GENERATE_SEED macro has several problems that make predicting
generated random numbers easier, facilitating attacks against measures
that use rand() or mt_rand() as part of a protection.
CVE-2008-5557
A buffer overflow in the mbstring extension allows attackers to execute
arbitrary code via a crafted string containing an HTML entity.
CVE-2008-5624
The page_uid and page_gid variables are not correctly set, allowing
use of some functionality intended to be restricted to root.
CVE-2008-5658
Directory traversal vulnerability in the ZipArchive::extractTo function
allows attackers to write arbitrary files via a ZIP file with a file
whose name contains .. (dot dot) sequences.
This update also addresses the following three vulnerabilities for both
old...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!