Gentoo Linux PHP Security Advisory
|
|
Gentoo has issued a security advisory with a high impact rating affecting users of PHP <5.2.2.
|
|
Several vulnerabilities have been found in PHP, not least a huge number discovered by Stefan Esser during the infamous Month Of PHP Bugs (MOPB) including integer overflows in wbmp.c from the GD library and in the substr_compare() PHP 5 function.
There have also been reports of a buffer overflow in the make_http_soap_request() and in the user_filter_factory_create() functions as well as a buffer overflow in the bundled XMLRPC library. If that weren’t enough, the session_regenerate_id() and the array_user_key_compare() functions contain a double-free vulnerability. Oh, and let’s not forget the implementation errors in the Zend engine, in the mb_parse_str(), the unserialize() and the mail() functions and other elements. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
