[ubuntu-tn] Fwd: Critical vulnerability identified in PHP; hotfix available
Bchini Med Karim
mohkarb at gmail.com
Mer 5 Jan 23:31:11 UTC 2011
---------- Forwarded message ----------
From: Zend Server Update <newsletter at zend.com>
Date: Thu, Jan 6, 2011 at 12:02 AM
Subject: Critical vulnerability identified in PHP; hotfix available
* A critical vulnerability in the PHP engine has just been identified.
This exploit is significant because most PHP applications on impacted
systems are remotely exploitable to a very simple denial of service attack.
Zend has released a security hotfix to address this vulnerability (see
below).*
Due to the way the PHP runtime handles internal conversion of floating point
numbers, it is possible for a remote attacker to bring down a web
application simply by adding a specific parameter to a query string in their
web browser (click here for more
information)<http://app.news.zend.com/e/er.aspx?s=714&lid=2622&elq=c7286533af2f4ca4b939ef10c7901fac>
.
This vulnerability is present on all versions of PHP including PHP 4.x and
5.x, on all Intel-based 32-bit PHP builds.
*Platform* *Vulnerability* Windows YES Linux (using 32-bit PHP
build) YES Linux
(using 64-bit PHP build) NO Mac OS NO IBM i NO
* Zend Server and Zend Server CE users should immediately apply the security
hotfix.*
- *Linux users:* run your package manager's update command (see the Zend
Server Installation
Guide<http://app.news.zend.com/e/er.aspx?s=714&lid=2473&elq=c7286533af2f4ca4b939ef10c7901fac>for
more details).
- *Windows users:* download the
hotfix<http://app.news.zend.com/e/er.aspx?s=714&lid=1000&elq=c7286533af2f4ca4b939ef10c7901fac>
.
Hotfixes for Zend Core and Zend Server CE tarball installer are currently
being finalized and will be made available soon.
Happy PHP'ing,
Zend - The PHP Company
You are currently subscribed to this newsletter as medkarim.tn at gmail.com .
Unsubscribe from Zend Server
Updates<http://app.news.zend.com/e/cu.aspx?s=714&elqc=59&elq=c7286533af2f4ca4b939ef10c7901fac>|
Manage
your subscriptions<http://subscriptions.zend.com/forms/submanagement_en?elq=c7286533af2f4ca4b939ef10c7901fac>
Zend Technologies Inc.
19200 Stevens Creek Blvd.
Cupertino, CA 95014
USA
privacy policy<http://app.news.zend.com/e/er.aspx?s=714&lid=15&elq=c7286533af2f4ca4b939ef10c7901fac>
--
Cordialement
Bchini Med Karim
Ingénieur développeur Android
Fondateur du club Esprit Libre
Ubuntu-tn Management Committee
Animateur informatique à Jeune Sciences
Mobile : +216 22976075
Em at il: mohkarb at gmail.com
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <https://lists.ubuntu.com/archives/ubuntu-tn/attachments/20110106/4e47dda1/attachment.html>
Plus d'informations sur la liste de diffusion Ubuntu-tn