Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Nov 2009 10:47:35 +0000
From: Joe Orton <jorton@...hat.com>
To: Thomas Biege <thomas@...e.de>
Cc: OSS-Security Mailinglist <oss-security@...ts.openwall.com>
Subject: Re: CVE request: php 5.3.1 update

On Fri, Nov 20, 2009 at 11:41:50AM +0100, Thomas Biege wrote:
> Hello,
> 
> PHP was updated to version 5.3.1 and did also address security
> issues: http://www.php.net/releases/5_3_1.php

We assigned some CVE names for the new issues here; two correspond to 
existing issues fixed earlier in 5.2.11.  The CVE names have not made it 
to the web site but were used in the e-mail announcement text:

- Added missing sanity checks around exif processing. (CVE-2009-3292, Ilia)
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak.
  (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
  Stachowiak. (CVE-2009-3558, Rasmus)
- Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
  Johannes, christian at elmerot dot se)
- Fixed bug #44683 (popen crashes when an invalid mode is passed).
  (CVE-2009-3294, Pierre)

Regards, Joe

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ