[ubuntu-tn] Fwd: Critical vulnerability identified in PHP; hotfix available

Bchini Med Karim mohkarb at gmail.com
Mer 5 Jan 23:31:11 UTC 2011 

---------- Forwarded message ----------
From: Zend Server Update <newsletter at zend.com>
Date: Thu, Jan 6, 2011 at 12:02 AM
Subject: Critical vulnerability identified in PHP; hotfix available


     * A critical vulnerability in the PHP engine has just been identified.
This exploit is significant because most PHP applications on impacted
systems are remotely exploitable to a very simple denial of service attack.
Zend has released a security hotfix to address this vulnerability (see
below).*

Due to the way the PHP runtime handles internal conversion of floating point
numbers, it is possible for a remote attacker to bring down a web
application simply by adding a specific parameter to a query string in their
web browser (click here for more
information)<http://app.news.zend.com/e/er.aspx?s=714&lid=2622&elq=c7286533af2f4ca4b939ef10c7901fac>
.

This vulnerability is present on all versions of PHP including PHP 4.x and
5.x, on all Intel-based 32-bit PHP builds.
 *Platform* *Vulnerability*  Windows YES  Linux (using 32-bit PHP
build) YES  Linux
(using 64-bit PHP build) NO  Mac OS NO  IBM i NO

* Zend Server and Zend Server CE users should immediately apply the security
hotfix.*

   - *Linux users:* run your package manager's update command (see the Zend
   Server Installation
Guide<http://app.news.zend.com/e/er.aspx?s=714&lid=2473&elq=c7286533af2f4ca4b939ef10c7901fac>for
more details).
   - *Windows users:* download the
hotfix<http://app.news.zend.com/e/er.aspx?s=714&lid=1000&elq=c7286533af2f4ca4b939ef10c7901fac>
   .

 Hotfixes for Zend Core and Zend Server CE tarball installer are currently
being finalized and will be made available soon.

Happy PHP'ing,
Zend - The PHP Company

You are currently subscribed to this newsletter as medkarim.tn at gmail.com .

Unsubscribe from Zend Server
Updates<http://app.news.zend.com/e/cu.aspx?s=714&elqc=59&elq=c7286533af2f4ca4b939ef10c7901fac>|
Manage
your subscriptions<http://subscriptions.zend.com/forms/submanagement_en?elq=c7286533af2f4ca4b939ef10c7901fac>

Zend Technologies Inc.
19200 Stevens Creek Blvd.
Cupertino, CA 95014
USA

privacy policy<http://app.news.zend.com/e/er.aspx?s=714&lid=15&elq=c7286533af2f4ca4b939ef10c7901fac>




-- 
Cordialement

Bchini Med Karim
Ingénieur développeur Android
Fondateur du club Esprit Libre
Ubuntu-tn Management Committee
Animateur informatique à Jeune Sciences
Mobile : +216 22976075
Em at il: mohkarb at gmail.com
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <https://lists.ubuntu.com/archives/ubuntu-tn/attachments/20110106/4e47dda1/attachment.html>

Plus d'informations sur la liste de diffusion Ubuntu-tn