Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 22 Nov 2009 05:27:54 +0000 (UTC)
From: security curmudgeon <jericho@...rition.org>
To: OSS-Security Mailinglist <oss-security@...ts.openwall.com>
Subject: Re: CVE request: php 5.3.1 update


On Fri, 20 Nov 2009, Thomas Biege wrote:

: PHP was updated to version 5.3.1 and did also address security
: issues: http://www.php.net/releases/5_3_1.php
: 
: Security Enhancements and Fixes in PHP 5.3.1:
: 
:     * Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
:     * Added missing sanity checks around exif processing.

This was previously disclosed and fixed in the 5.2.x tree. I believe this 
is the same as CVE-2009-3292.

:     * Fixed a safe_mode bypass in tempnam().
:     * Fixed a open_basedir bypass in posix_mkfifo().
:     * Fixed bug #50063 (safe_mode_include_dir fails).
:     * Fixed bug #44683 (popen crashes when an invalid mode is passed).

Also not flagged as 'security' up top, but from the changelog:

Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars 
restrictions). (Ilia)

Brian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ