- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-09
- - ---------------------------------------------------------------------
PACKAGE : mod_php php
SUMMARY : arbitrary code execution
DATE : 2003-02-19 13:28 UTC
EXPLOIT : local
- - ---------------------------------------------------------------------
- From release notes:
"PHP contains code for preventing direct access to the CGI binary with
configure option "--enable-force-cgi-redirect" and php.ini option
"cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these
options useless."
Read the full release notes at:
http://www.php.net/release_4_3_1.php
SOLUTION
It is recommended that all Gentoo Linux users who are running
dev-php/mod_php and/or dev-php/php upgrade to php-4.3.1
and/or mod_php-4.3.1 as follows:
emerge sync
emerge -u mod_php and/or emerge -u php
emerge clean
- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
rphillips@gentoo.org
- - ---------------------------------------------------------------------
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts
Articles
View All Hover to load posts