[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6
spinkham
steve.pinkham at gmail.com
Thu Jul 10 19:00:22 BST 2008
Impact:
Fixed possible stack buffer overflow in FastCGI SAPI
Impact:Potential DOS and remote code execution if using FastCGI
Updated PCRE to deal with issues fixed in USN-581-1
Impact:potential DOS and code execution
Fixes CVE-2008-0599
Impact:Potential DOS and remote code execution
Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
Impact: Potential overwriting of system files if cURL is in use
POC code in the advisory: http://securityreason.com/achievement_securityalert/51
Properly address incomplete multibyte chars inside escapeshellcmd()
Impact: If I understand correctly, useful for bypassing character based filtering, leading to remotely running arbitrary commands on the shell
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list