[OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [OpenPKG-SA-2006.028] OpenPKG Security Advisory (php)
From: OpenPKG <openpkg@xxxxxxxxxxx>
Date: Fri, 3 Nov 2006 23:58:54 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: The OpenPKG Project, http://www.openpkg.org/
Reply-to: openpkg@xxxxxxxxxxx
User-agent: Mutt/1.5.11 OpenPKG/2-STABLE

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                                   OpenPKG GmbH
http://openpkg.org/security/                          http://openpkg.com
OpenPKG-SA-2006.028                                           2006-11-03
________________________________________________________________________

Package:          php
Vulnerability:    remote code execution
OpenPKG Specific: no

Affected Series:  Affected Packages:          Corrected Packages:
E1.0-SOLID        <= php-5.1.6-E1.0.0         >= php-5.1.6-E1.0.1
                  <= apache-1.3.37-E1.0.0     >= apache-1.3.37-E1.0.1
2-STABLE-20061018 <= php-5.1.6-2.20061018     >= php-5.2.0-2.20061103
                  <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
2-STABLE          <= php-5.1.6-2.20061018     >= php-5.2.0-2.20061103
                  <= apache-1.3.37-2.20061016 >= apache-1.3.37-2.20061103
CURRENT           <= php-5.1.6-20061017       >= php-5.2.0-20061103
                  <= apache-1.3.37-20061016   >= apache-1.3.37-20061103

Description:
  According to a security advisory [0] from Stefan Esser of the
  Hardened-PHP project, buffer overflows exist in the programming
  language PHP [1], version 5.1.6 and below. The buffer overflows are
  in the functions htmlentities() and htmlspecialchars() and may result
  in arbitrary remote code execution. The Common Vulnerabilities and
  Exposures (CVE) project assigned the id CVE-2006-5465 [2] to the
  problem.
________________________________________________________________________

References:
  [0] http://www.hardened-php.net/advisory_132006.138.html 
  [1] http://www.php.net/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5465
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@xxxxxxxxxxx>" (ID 63C4CB9F) which
you can retrieve from http://openpkg.org/openpkg.org.pgp. Follow the
instructions on http://openpkg.org/security/signatures/ for details on
how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@xxxxxxxxxxx>

iD8DBQFFS8mZgHWT4GPEy58RAno/AJ9af8lxNEmC7v3h3bIzP2g9/285IACaAmzV
Q9TZ4+jxEBCKH6mp09mZ3M0=
=eziU
-----END PGP SIGNATURE-----

Prev by Date: Re: how to trick most of cms avatar upload filter [exemple for : RunCms (PoC)]
Next by Date: Web Directory Pro bypass Vulnerabilities
Previous by thread: Re: MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues
Next by thread: Web Directory Pro bypass Vulnerabilities
Index(es):
- Date
- Thread