oss-sec mailing list archives
Re: CVE request: php 5.3.1 update
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 20 Nov 2009 15:03:28 +0100
On Fri, 20 Nov 2009 10:47:35 +0000 Joe Orton <jorton () redhat com> wrote:
PHP was updated to version 5.3.1 and did also address security issues: http://www.php.net/releases/5_3_1.phpWe assigned some CVE names for the new issues here; two correspond to existing issues fixed earlier in 5.2.11. The CVE names have not made it to the web site but were used in the e-mail announcement text:
Link to announcement mail with CVEs: http://news.php.net/php.announce/79
- Fixed bug #50063 (safe_mode_include_dir fails). (CVE-2009-3559, Johannes, christian at elmerot dot se)
Reading the upstream bug http://bugs.php.net/bug.php?id=50063 , this is not a security flaw, rather a safe_mode regression causing uid check to happen where it should not resulting in over-restrictive safe_mode. Some links for the other two issues:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
http://securityreason.com/securityalert/6601 http://svn.php.net/viewvc?view=revision&revision=288945
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
http://securityreason.com/securityalert/6600 http://svn.php.net/viewvc?view=revision&revision=288943 Looks like CVE-2009-3546 got fixed too. -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE request: php 5.3.1 update Thomas Biege (Nov 20)
- Re: CVE request: php 5.3.1 update Joe Orton (Nov 20)
- Re: CVE request: php 5.3.1 update Tomas Hoger (Nov 20)
- Re: CVE request: php 5.3.1 update Eren Türkay (Nov 20)
- Re: CVE request: php 5.3.1 update security curmudgeon (Nov 21)
- Re: CVE request: php 5.3.1 update Joe Orton (Nov 20)