Debian: DSA-1940-2 Important: Remote Issues in PHP5 - Denial of Service
debian
November 25, 2009
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor
Topics Covered
Summary
The following issues have been fixed in both the stable (lenny)
and the oldstable (etch) distributions:
CVE-2009-2687 CVE-2009-3292
The exif module did not properly handle malformed jpeg files,
allowing an attacker to cause a segfault, resulting in a denial
of service.
CVE-2009-3291
The php_openssl_apply_verification_policy() function did not
properly perform certificate validation.
No CVE id yet
Bogdan Calin discovered that a remote attacker could cause a denial
of service by uploading a large number of files in using multipart/
form-data requests, causing the creation of a large number of
temporary files.
To address this issue, the max_file_uploads option introduced in PHP
5.3.1 has been backported. This option limits the maximum number of
files uploaded per request. The default value for this new option is
50. See NEWS.Debian for more information.
The following issue has been fixed in the stable (lenny) distribution:
CVE-2009-2626
A f...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!