Debian: New php3 packages fix several vulnerabilities

Date 07 Feb 2005

Category Debian Linux Distribution - Security Advisories

7496

Posted By LinuxSecurity Advisories

Updated packages.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 669-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                             Martin Schulze
February 7th, 2005                      https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : php3
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE IDs        : CAN-2004-0594 CAN-2004-0595

Two vulnerabilities have been discovered in php4 which also apply to
the version of php3 in the stable Debian distribution.  The Common
Vulnerabilities and Exposures project identifies the following
problems:

CAN-2004-0594

    The memory_limit functionality allows remote attackers to execute
    arbitrary code under certain circumstances.

CAN-2004-0595

    The strip_tags function does not filter null (