Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Nov 2009 11:41:50 +0100
From: Thomas Biege <>
To: OSS-Security Mailinglist <>
Subject: CVE request: php 5.3.1 update


PHP was updated to version 5.3.1 and did also address security

Security Enhancements and Fixes in PHP 5.3.1:

    * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
    * Added missing sanity checks around exif processing.
    * Fixed a safe_mode bypass in tempnam().
    * Fixed a open_basedir bypass in posix_mkfifo().
    * Fixed bug #50063 (safe_mode_include_dir fails).
    * Fixed bug #44683 (popen crashes when an invalid mode is passed).

 Thomas Biege <>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ