Full Disclosure mailing list archives
rPSA-2007-0043-1 php php-mysql php-pgsql ISSUE=4168 PROJ=30
From: supportdb () perimeterusa com <supportdb () perimeterusa com>
Date: Tue, 27 Feb 2007 15:29 -0500
When replying, type your text above this line. ---------------------------------------------- Notification of Issue Registration Project: ThreatManagement Issue: rPSA-2007-0043-1 php php-mysql php-pgsql Issue Number: 4168 Priority: 1 Status: Request Date: 02/27/2007 Time: 15:29:05 Created By: announce-noreply () rpath com Description: Entered on 02/27/2007 at 15:29:05 by announce-noreply () rpath com: rPath Security Advisory: 2007-0043-1 Published: 2007-02-27 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote System User Deterministic Unauthorized Access Updated Versions: php=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 php-mysql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 php-pgsql=/conary.rpath.com@rpl:devel//1/4.3.11-15.9-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 https://issues.rpath.com/browse/RPL-1088 Description: Previous versions of the php package are vulnerable to multiple vulnerabilities of varying severity. The most severe of these vulnerabilities are expected to enable remote code execution as the "apache" user via php applications that call certain functions such as str_replace(), imap_mail_compose(), or odbc_result_all() functions. Current Assignees: -- The sender of this email subscribes to Perimeter Internetworking's email anti-virus service. This email has been scanned for malicious code and is believed to be virus free. For more information on email security please visit: http://www.perimeterusa.com/email-defense-content.html This communication is confidential, intended only for the named recipient(s) above and may contain trade secrets or other information that is exempt from disclosure under applicable law. Any use, dissemination, distribution or copying of this communication by anyone other than the named recipient(s) is strictly prohibited. If you have received this communication in error, please delete the email and immediately notify our Command Center at 203-541-3444.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- rPSA-2007-0043-1 php php-mysql php-pgsql ISSUE=4168 PROJ=30 supportdb (Feb 27)