Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Nov 2009 15:03:28 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: php 5.3.1 update

On Fri, 20 Nov 2009 10:47:35 +0000 Joe Orton <jorton@...hat.com> wrote:

> > PHP was updated to version 5.3.1 and did also address security
> > issues: http://www.php.net/releases/5_3_1.php
> 
> We assigned some CVE names for the new issues here; two correspond to 
> existing issues fixed earlier in 5.2.11.  The CVE names have not made
> it to the web site but were used in the e-mail announcement text:

Link to announcement mail with CVEs:

  http://news.php.net/php.announce/79

> - Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559,
>   Johannes, christian at elmerot dot se)

Reading the upstream bug http://bugs.php.net/bug.php?id=50063 , this is
not a security flaw, rather a safe_mode regression causing uid check to
happen where it should not resulting in over-restrictive safe_mode.

Some links for the other two issues:

> - Fixed a safe_mode bypass in tempnam() identified by Grzegorz
> Stachowiak. (CVE-2009-3557, Rasmus)

  http://securityreason.com/securityalert/6601
  http://svn.php.net/viewvc?view=revision&revision=288945

> - Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz
>   Stachowiak. (CVE-2009-3558, Rasmus)

  http://securityreason.com/securityalert/6600
  http://svn.php.net/viewvc?view=revision&revision=288943

Looks like CVE-2009-3546 got fixed too.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ