CVE-2007-1380
Stefan Esser discovered that the session handler performs
insufficient validation of variable name length values, which allows
information disclosure through a heap information leak.
CVE-2007-1521
Stefan Esser discovered a double free vulnerability in the
session_regenerate_id() function, which allows the execution of
arbitrary code.
CVE-2007-1711
Stefan Esser discovered a double free vulnerability in the session
management code, which allows the execution of arbitrary code.
CVE-2007-1718
Stefan Esser discovered that the mail() function performs
insufficient validation of folded mail headers, which allows mail
header injection.
CVE-2007-1777
Stefan Esser discovered that the extension to handle ZIP archives
performs insufficient length checks, which allows the execution of
arbitrary code.
For the oldstable distribution (sarge) these problems have been fixed in
version 4.3.10-20.
For the stable distribution...
Get the latest Linux and open source security news straight to your inbox.