PHP new vulnarabilities
Joerg Pernfuss
elessar at bsdforen.de
Sun Oct 15 06:12:55 PDT 2006
On Sun, 15 Oct 2006 14:31:25 +0200
"Khaled J. Hussein" <khaled at hadara.ps> wrote:
> hi all
>
> last time i found this when i run portaudit -Fda
>
> Affected package: php5-5.1.6
> Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a62df.html>
>
> how can i fix this
update ypur portstree. you'll get php5-5.1.6_1 which fixes the _ecalloc
overflow, but not yet the open_basedir race condition.
Joerg
--
| /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a |
| \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
| X HTML in email | .the next sentence is true. |
| / \ and news | .the previous sentence was a lie. |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061015/e6d57848/signature.pgp
More information about the freebsd-questions
mailing list